View Full Version : Incredimail
Incrdibar
rule i.e. 43928ed57
hijackers-000
everytime i download inc i get this malware
:snwelcome:
I removed your email address from your post, these posts can be read from all over the world, not a good idea to post personal info.
Lets run a few scans and see where we stand
http://i.imgur.com/1QYkxTZ.jpg Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Right click the aswMBR icon and select Run as Administrator
XP users just Double Click it to run
If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
Click the Scan button to start scan.
Select Quickscan on the dropdown list
If you are asked to update the Avast Virus database please allow it to do so.
The scan could take 20 minutes or more , please be patient and let it finish
It will say Scan Finished when its done.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
I just want to see the report....Please Do Not Fix Anything
============================================================================
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your DESKTOP
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
http://i24.photobucket.com/albums/c30/ken545/FRST_zps5d956a1a.jpg (http://s24.photobucket.com/user/ken545/media/FRST_zps5d956a1a.jpg.html)
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Just keep the defaults as in the picture checkmarked
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Incrdibar
rule i.e. 43928ed57
hijackers-000
everytime i download inc i get this malware
HI! I AM 82 YEARS OLD AND NOT A GEEK. LOL I HOPE I DID THIS RIGHT.
Philip (S-1-5-21-1898691579-3776423045-1794422828-1002 - Administrator - Enabled) => C:\Users\Philip
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Advanced SystemCare Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Advanced SystemCare Packages) (Version: - ) <==== ATTENTION
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F196C498-5681-BCA2-8029-5BF070368F35}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Player Location Check (HKLM-x32\...\{0B67634E-7C91-4675-9FB3-28DC0B6E23CC}) (Version: 3.0.2.8 - GeoComply)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
ShopAtHome.com Helper (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\ShopAtHome.com Helper) (Version: 7.10.6.8 - ShopAtHome.com) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Smart Defrag Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Smart Defrag Packages) (Version: - ) <==== ATTENTION
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Companion (HKLM-x32\...\{f21e78e3-009e-4e1e-a3f7-828e86862958}) (Version: 2.1.1133.2333 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
ZoneAlarm Antivirus (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.522.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FBB995E-9468-D082-0809-CAEE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5F5E75D4-9468-D082-82E5-2FAE85889A47} => No File
==================== Restore Points =========================
16-09-2015 01:29:12 Driver Booster : Micro size USB to Bluetooth Dongle
17-09-2015 12:35:40 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
20-09-2015 21:42:56 Restore Operation
22-09-2015 14:37:26 Removed IncrediMail.
27-09-2015 11:01:29 Installed IncrediMail.
28-09-2015 20:28:52 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-10-30 14:36 - 2015-09-28 18:55 - 00451915 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F37D24E-1DE8-48A3-9530-F6EA134E6B85} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {2DEC4852-24AE-48E6-9CA8-946445A9D2F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {31BC57CA-CBED-4803-A6F0-4BE1DAD45437} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3A8620D7-591F-4481-8987-84D712AFC951} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49578BBC-6B38-4073-9E72-AE551D5CE605} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4D703AD2-D610-4DEF-904C-4FE366F5B6CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {54D35ACC-EF70-4A93-B417-21107FC18291} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {72584B4A-5E13-49E6-BBF6-C54419A92C44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {765130B8-9BFB-4D07-B987-232692272939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {88BC7D31-6250-4807-AEB1-1DA9755EE47E} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMJMCNOMPMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMOMFMEKMICNJJCKFMMMPMNMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJ"
Task: {8FD37428-63F6-4684-B193-F68C894767FE} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {929915BF-0B6C-40A2-BDD3-641A3BEE1241} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {A3F379CD-737D-4CB5-8456-09A53FBDB484} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A568B93A-7297-4049-893D-9468B7E0FC40} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMOMPMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {AA0D1CC5-7046-47BA-85D3-BDDF7CF4E263} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-03] (AVAST Software)
Task: {AE8AEA27-7A9C-4091-A267-2A2E29824C8B} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {AED1223B-56ED-4AD9-8095-E3287D938838} - System32\Tasks\Uninstaller_SkipUac_Philip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {B7BACF8F-5840-40D6-A626-8DFB0648CA8F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB203185-F1F8-4BC6-9142-52ABF9E3FE6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {BE4AC729-7ED4-4F83-873D-505BA2023250} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BEC28112-41C5-4281-A748-819F20670D59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C038BF3F-D228-49BA-9EC2-92B462383CE0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {C74D2463-F3B7-48BC-AC8A-688052DB3941} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {CBB50E3E-1129-4FD5-9403-F6A05743E4BE} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {D010AF73-B422-400E-BCC0-C1AA54AEDA51} - System32\Tasks\{88541932-405A-4949-BDA5-8DFECA0C8CBA} => pcalua.exe -a "C:\PROGRA~2\WSE Rocket\\uninstall.exe"
Task: {D52AD5A8-91A4-48B8-A608-3C93AF824267} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D66A8C53-655C-49C6-B7A5-B03DC3CFD996} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-03] (Siber Systems)
Task: {DA136833-CF94-4A2E-A3DC-43612A52A605} - System32\Tasks\07ARYVuxbrMzE => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: {DBE144C6-9F46-45AE-B401-04BA7CF1C321} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF621E36-60C2-431D-B113-D29B47C1CF71} - System32\Tasks\ASC8_SkipUac_Philip => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {EC4C545B-D15A-422D-8FA8-B7AD517DC30D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\07ARYVuxbrMzE.job => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Philip.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Philip.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-23 23:14 - 2015-08-23 23:14 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-05-19 21:10 - 2009-09-08 17:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-08-27 15:54 - 2015-08-27 15:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-07-24 20:56 - 2015-07-24 20:56 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-28 17:31 - 2015-09-28 17:31 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092801\algo.dll
2015-09-29 13:49 - 2015-09-29 13:49 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092901\algo.dll
2014-01-05 12:58 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-09-04 15:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 15:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 15:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-25 08:32 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:10894A2E
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_0favicon274298539
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_1favicon-1484237488
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_2favicon233515818
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_3favicon-1519011051
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_4favicon860087195
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12721 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "fst_us_7"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch_14 Browser Plugin Loader 64"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeUpdater"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeWatcher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{645D6542-F9B1-44EA-92DF-3EA94E5445BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2DBD7AD1-0D7B-4930-9B64-A61F0B64FC8C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{69D3E23A-34F4-48FD-9008-F227883F6BC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{68BCEBC8-09F2-43CA-B34A-50B73B96C0D5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5CA3D49D-2B81-41EC-9433-B9C192A91FC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{06675675-C168-45B1-92DA-8DD6F1BE1C20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{0E7FFAEB-70F1-42E9-82BB-31F5CB46E23E}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [TCP Query User{A44DB701-F662-4295-B61B-12CF8E4131B4}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{1D4E0CD5-3CDC-4A30-9C5A-7B1EB10445CE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3A571D-D266-4EBA-963E-5D747DFF44D3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{24762852-79A2-4563-A8A0-B7C922604402}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B09515B5-4A55-4FE8-9C47-C61F8F7B0B4E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{27C9ABF2-FB25-46A5-B606-415F323BC749}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{295ACD62-FBC5-4BA2-AF45-721264A39D2A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{85B78AA2-A815-433F-B6EF-E1766F4B2F6F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{832E3684-8965-4783-9937-5051ABECBB82}] => (Allow) LPort=1900
FirewallRules: [{5B9062BF-0BE8-4D99-B9D6-3CD09DB77AC6}] => (Allow) LPort=2869
FirewallRules: [{A667AC35-013C-4D16-BEC9-636D1C55A495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F8641670-088F-464E-8BFC-52189CEB95AE}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{B0E484E7-503F-4876-9837-2442CA6A9D32}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{91FD07FB-C1EE-4E50-AC27-08CEA22F1178}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5151B207-3011-42F2-A099-DD30350E8113}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{36E5A7C0-29FD-4C3E-9B7F-CE7E3271A484}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{73A64CD0-D537-481B-9F7F-2E4762E811FA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E586B140-6690-4D3B-9F75-EA265F58CC66}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8C5B4AED-DD62-4C77-8912-C349D992EF15}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2015 02:56:12 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 02:55:59 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 02:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x55d2cdf8
Exception code: 0xc0000005
Fault offset: 0x0000000000061f8e
Faulting process id: 0xb3c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
Error: (09/29/2015 01:53:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1a70
Start Time: 01d0fadee358d540
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: eca3e295-66d2-11e5-8526-98588a045ff2
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (09/29/2015 01:52:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Philip-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (09/29/2015 01:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarminService.exe, version: 4.2.0.167, time stamp: 0x55f2dbae
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0xafc
Faulting application start time: 0xGarminService.exe0
Faulting application path: GarminService.exe1
Faulting module path: GarminService.exe2
Report Id: GarminService.exe3
Faulting package full name: GarminService.exe4
Faulting package-relative application ID: GarminService.exe5
Error: (09/29/2015 01:47:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GarminService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Garmin.Omt.Service.Program.Run()
at Garmin.Omt.Service.Program.Main(System.String[])
Error: (09/29/2015 01:46:31 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/28/2015 10:19:14 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (09/28/2015 10:19:14 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
System errors:
=============
Error: (09/29/2015 02:56:38 PM) (Source: DCOM) (EventID: 10010) (User: Philip-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 01:54:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
CodeIntegrity:
===================================
Date: 2015-09-05 17:35:50.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.697
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.940
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 3554.07 MB
Available physical RAM: 1398.49 MB
Total Virtual: 4194.07 MB
Available Virtual: 1686.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:439.32 GB) (Free:375.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.33 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0324B0BA)
Partition: GPT.
Ran by Philip (2015-09-29 15:58:54)
Running from C:\Users\Philip\AppData\Local\Microsoft\Windows\INetCache\IE\53DR1OWN
Windows 10 Home (X64) (2015-08-24 00:27:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1898691579-3776423045-1794422828-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1898691579-3776423045-1794422828-503 - Limited - Disabled)
Guest (S-1-5-21-1898691579-3776423045-1794422828-501 - Limited - Disabled)
Philip (S-1-5-21-1898691579-3776423045-1794422828-1002 - Administrator - Enabled) => C:\Users\Philip
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Advanced SystemCare Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Advanced SystemCare Packages) (Version: - ) <==== ATTENTION
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F196C498-5681-BCA2-8029-5BF070368F35}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Player Location Check (HKLM-x32\...\{0B67634E-7C91-4675-9FB3-28DC0B6E23CC}) (Version: 3.0.2.8 - GeoComply)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
ShopAtHome.com Helper (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\ShopAtHome.com Helper) (Version: 7.10.6.8 - ShopAtHome.com) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Smart Defrag Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Smart Defrag Packages) (Version: - ) <==== ATTENTION
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Companion (HKLM-x32\...\{f21e78e3-009e-4e1e-a3f7-828e86862958}) (Version: 2.1.1133.2333 - Lavasoft)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
ZoneAlarm Antivirus (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.522.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FBB995E-9468-D082-0809-CAEE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5F5E75D4-9468-D082-82E5-2FAE85889A47} => No File
==================== Restore Points =========================
16-09-2015 01:29:12 Driver Booster : Micro size USB to Bluetooth Dongle
17-09-2015 12:35:40 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
20-09-2015 21:42:56 Restore Operation
22-09-2015 14:37:26 Removed IncrediMail.
27-09-2015 11:01:29 Installed IncrediMail.
28-09-2015 20:28:52 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-10-30 14:36 - 2015-09-28 18:55 - 00451915 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F37D24E-1DE8-48A3-9530-F6EA134E6B85} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {2DEC4852-24AE-48E6-9CA8-946445A9D2F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {31BC57CA-CBED-4803-A6F0-4BE1DAD45437} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3A8620D7-591F-4481-8987-84D712AFC951} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49578BBC-6B38-4073-9E72-AE551D5CE605} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4D703AD2-D610-4DEF-904C-4FE366F5B6CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {54D35ACC-EF70-4A93-B417-21107FC18291} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {72584B4A-5E13-49E6-BBF6-C54419A92C44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {765130B8-9BFB-4D07-B987-232692272939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {88BC7D31-6250-4807-AEB1-1DA9755EE47E} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMJMCNOMPMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMOMFMEKMICNJJCKFMMMPMNMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJ"
Task: {8FD37428-63F6-4684-B193-F68C894767FE} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {929915BF-0B6C-40A2-BDD3-641A3BEE1241} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {A3F379CD-737D-4CB5-8456-09A53FBDB484} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A568B93A-7297-4049-893D-9468B7E0FC40} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMOMPMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {AA0D1CC5-7046-47BA-85D3-BDDF7CF4E263} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-03] (AVAST Software)
Task: {AE8AEA27-7A9C-4091-A267-2A2E29824C8B} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {AED1223B-56ED-4AD9-8095-E3287D938838} - System32\Tasks\Uninstaller_SkipUac_Philip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {B7BACF8F-5840-40D6-A626-8DFB0648CA8F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB203185-F1F8-4BC6-9142-52ABF9E3FE6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {BE4AC729-7ED4-4F83-873D-505BA2023250} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BEC28112-41C5-4281-A748-819F20670D59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C038BF3F-D228-49BA-9EC2-92B462383CE0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {C74D2463-F3B7-48BC-AC8A-688052DB3941} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {CBB50E3E-1129-4FD5-9403-F6A05743E4BE} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {D010AF73-B422-400E-BCC0-C1AA54AEDA51} - System32\Tasks\{88541932-405A-4949-BDA5-8DFECA0C8CBA} => pcalua.exe -a "C:\PROGRA~2\WSE Rocket\\uninstall.exe"
Task: {D52AD5A8-91A4-48B8-A608-3C93AF824267} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D66A8C53-655C-49C6-B7A5-B03DC3CFD996} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-03] (Siber Systems)
Task: {DA136833-CF94-4A2E-A3DC-43612A52A605} - System32\Tasks\07ARYVuxbrMzE => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: {DBE144C6-9F46-45AE-B401-04BA7CF1C321} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF621E36-60C2-431D-B113-D29B47C1CF71} - System32\Tasks\ASC8_SkipUac_Philip => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {EC4C545B-D15A-422D-8FA8-B7AD517DC30D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\07ARYVuxbrMzE.job => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Philip.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Philip.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-23 23:14 - 2015-08-23 23:14 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-05-19 21:10 - 2009-09-08 17:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-08-27 15:54 - 2015-08-27 15:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-07-24 20:56 - 2015-07-24 20:56 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-28 17:31 - 2015-09-28 17:31 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092801\algo.dll
2015-09-29 13:49 - 2015-09-29 13:49 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092901\algo.dll
2014-01-05 12:58 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-09-04 15:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 15:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 15:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-25 08:32 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:10894A2E
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_0favicon274298539
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_1favicon-1484237488
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_2favicon233515818
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_3favicon-1519011051
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_4favicon860087195
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12721 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "fst_us_7"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch_14 Browser Plugin Loader 64"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeUpdater"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeWatcher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{645D6542-F9B1-44EA-92DF-3EA94E5445BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2DBD7AD1-0D7B-4930-9B64-A61F0B64FC8C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{69D3E23A-34F4-48FD-9008-F227883F6BC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{68BCEBC8-09F2-43CA-B34A-50B73B96C0D5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5CA3D49D-2B81-41EC-9433-B9C192A91FC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{06675675-C168-45B1-92DA-8DD6F1BE1C20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{0E7FFAEB-70F1-42E9-82BB-31F5CB46E23E}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [TCP Query User{A44DB701-F662-4295-B61B-12CF8E4131B4}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{1D4E0CD5-3CDC-4A30-9C5A-7B1EB10445CE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3A571D-D266-4EBA-963E-5D747DFF44D3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{24762852-79A2-4563-A8A0-B7C922604402}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B09515B5-4A55-4FE8-9C47-C61F8F7B0B4E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{27C9ABF2-FB25-46A5-B606-415F323BC749}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{295ACD62-FBC5-4BA2-AF45-721264A39D2A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{85B78AA2-A815-433F-B6EF-E1766F4B2F6F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{832E3684-8965-4783-9937-5051ABECBB82}] => (Allow) LPort=1900
FirewallRules: [{5B9062BF-0BE8-4D99-B9D6-3CD09DB77AC6}] => (Allow) LPort=2869
FirewallRules: [{A667AC35-013C-4D16-BEC9-636D1C55A495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F8641670-088F-464E-8BFC-52189CEB95AE}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{B0E484E7-503F-4876-9837-2442CA6A9D32}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{91FD07FB-C1EE-4E50-AC27-08CEA22F1178}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5151B207-3011-42F2-A099-DD30350E8113}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{36E5A7C0-29FD-4C3E-9B7F-CE7E3271A484}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{73A64CD0-D537-481B-9F7F-2E4762E811FA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E586B140-6690-4D3B-9F75-EA265F58CC66}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8C5B4AED-DD62-4C77-8912-C349D992EF15}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2015 02:56:12 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 02:55:59 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 02:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x55d2cdf8
Exception code: 0xc0000005
Fault offset: 0x0000000000061f8e
Faulting process id: 0xb3c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
Error: (09/29/2015 01:53:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1a70
Start Time: 01d0fadee358d540
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: eca3e295-66d2-11e5-8526-98588a045ff2
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (09/29/2015 01:52:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Philip-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (09/29/2015 01:47:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarminService.exe, version: 4.2.0.167, time stamp: 0x55f2dbae
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0xafc
Faulting application start time: 0xGarminService.exe0
Faulting application path: GarminService.exe1
Faulting module path: GarminService.exe2
Report Id: GarminService.exe3
Faulting package full name: GarminService.exe4
Faulting package-relative application ID: GarminService.exe5
Error: (09/29/2015 01:47:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GarminService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Garmin.Omt.Service.Program.Run()
at Garmin.Omt.Service.Program.Main(System.String[])
Error: (09/29/2015 01:46:31 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/28/2015 10:19:14 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (09/28/2015 10:19:14 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
System errors:
=============
Error: (09/29/2015 02:56:38 PM) (Source: DCOM) (EventID: 10010) (User: Philip-PC)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 02:56:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 01:54:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (09/29/2015 01:54:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
CodeIntegrity:
===================================
Date: 2015-09-05 17:35:50.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.697
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.940
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 57%
Total physical RAM: 3554.07 MB
Available physical RAM: 1506.93 MB
Total Virtual: 4194.07 MB
Available Virtual: 1689.04 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:439.32 GB) (Free:375.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.33 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0324B0BA)
Partition: GPT.
==================== End of Addition.txt ============================
Hi,
I'm 76, not to far behind you :)
You posted the FRST Additions log twice, I need to see the main FRST log please. If you can't find it just run FRST again and post the main log
IObit
http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes
Incrdibar
rule i.e. 43928ed57
hijackers-000
everytime i download inc i get this malware
HI!
Thanks for the tip on Orbit. What, I don't understand I spend money on Zone Alarm and Avg etc. They come up with a Trojan or virus but, don't remove it. Why spend the money????? Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Philip (2015-09-29 19:49:43)
Running from C:\Users\Philip\AppData\Local\Microsoft\Windows\INetCache\IE\0URF03AN
Windows 10 Home (X64) (2015-08-24 00:27:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1898691579-3776423045-1794422828-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1898691579-3776423045-1794422828-503 - Limited - Disabled)
Guest (S-1-5-21-1898691579-3776423045-1794422828-501 - Limited - Disabled)
Philip (S-1-5-21-1898691579-3776423045-1794422828-1002 - Administrator - Enabled) => C:\Users\Philip
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Advanced SystemCare Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Advanced SystemCare Packages) (Version: - ) <==== ATTENTION
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F196C498-5681-BCA2-8029-5BF070368F35}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Player Location Check (HKLM-x32\...\{0B67634E-7C91-4675-9FB3-28DC0B6E23CC}) (Version: 3.0.2.8 - GeoComply)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
ShopAtHome.com Helper (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\ShopAtHome.com Helper) (Version: 7.10.6.8 - ShopAtHome.com) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Smart Defrag Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Smart Defrag Packages) (Version: - ) <==== ATTENTION
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
ZoneAlarm Antivirus (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.522.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FBB995E-9468-D082-0809-CAEE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5F5E75D4-9468-D082-82E5-2FAE85889A47} => No File
==================== Restore Points =========================
16-09-2015 01:29:12 Driver Booster : Micro size USB to Bluetooth Dongle
17-09-2015 12:35:40 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
20-09-2015 21:42:56 Restore Operation
22-09-2015 14:37:26 Removed IncrediMail.
27-09-2015 11:01:29 Installed IncrediMail.
28-09-2015 20:28:52 JRT Pre-Junkware Removal
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-10-30 14:36 - 2015-09-28 18:55 - 00451915 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F37D24E-1DE8-48A3-9530-F6EA134E6B85} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {2DEC4852-24AE-48E6-9CA8-946445A9D2F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {31BC57CA-CBED-4803-A6F0-4BE1DAD45437} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3A8620D7-591F-4481-8987-84D712AFC951} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49578BBC-6B38-4073-9E72-AE551D5CE605} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4ABF3C13-BAC4-4986-B287-42B22854AC5E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {4D703AD2-D610-4DEF-904C-4FE366F5B6CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {54D35ACC-EF70-4A93-B417-21107FC18291} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {72584B4A-5E13-49E6-BBF6-C54419A92C44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {765130B8-9BFB-4D07-B987-232692272939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {88BC7D31-6250-4807-AEB1-1DA9755EE47E} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMJMCNOMPMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMOMFMEKMICNJJCKFMMMPMNMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJ"
Task: {8FD37428-63F6-4684-B193-F68C894767FE} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {929915BF-0B6C-40A2-BDD3-641A3BEE1241} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {A3F379CD-737D-4CB5-8456-09A53FBDB484} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A568B93A-7297-4049-893D-9468B7E0FC40} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMOMPMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {AA0D1CC5-7046-47BA-85D3-BDDF7CF4E263} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-03] (AVAST Software)
Task: {AE8AEA27-7A9C-4091-A267-2A2E29824C8B} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {AED1223B-56ED-4AD9-8095-E3287D938838} - System32\Tasks\Uninstaller_SkipUac_Philip => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {B7BACF8F-5840-40D6-A626-8DFB0648CA8F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB203185-F1F8-4BC6-9142-52ABF9E3FE6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {BE4AC729-7ED4-4F83-873D-505BA2023250} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BEC28112-41C5-4281-A748-819F20670D59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C038BF3F-D228-49BA-9EC2-92B462383CE0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {CBB50E3E-1129-4FD5-9403-F6A05743E4BE} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {D010AF73-B422-400E-BCC0-C1AA54AEDA51} - System32\Tasks\{88541932-405A-4949-BDA5-8DFECA0C8CBA} => pcalua.exe -a "C:\PROGRA~2\WSE Rocket\\uninstall.exe"
Task: {D52AD5A8-91A4-48B8-A608-3C93AF824267} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D66A8C53-655C-49C6-B7A5-B03DC3CFD996} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-03] (Siber Systems)
Task: {DA136833-CF94-4A2E-A3DC-43612A52A605} - System32\Tasks\07ARYVuxbrMzE => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: {DBE144C6-9F46-45AE-B401-04BA7CF1C321} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF621E36-60C2-431D-B113-D29B47C1CF71} - System32\Tasks\ASC8_SkipUac_Philip => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {EC4C545B-D15A-422D-8FA8-B7AD517DC30D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\07ARYVuxbrMzE.job => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Philip.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Philip.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-23 23:14 - 2015-08-23 23:14 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-05-19 21:10 - 2009-09-08 17:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-08-27 15:54 - 2015-08-27 15:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 15:56 - 2015-08-27 15:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 15:57 - 2015-08-27 15:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 15:57 - 2015-08-27 15:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-07-24 20:56 - 2015-07-24 20:56 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-29 13:49 - 2015-09-29 13:49 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092901\algo.dll
2014-01-05 12:58 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-09-04 15:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 15:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 15:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-25 08:32 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-09-03 00:30 - 2015-09-03 00:30 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-29 11:32 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-06-29 11:32 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-06-29 11:32 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-08-25 08:32 - 2014-12-10 09:14 - 01284896 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\Scan.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:10894A2E
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_0favicon274298539
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_1favicon-1484237488
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_2favicon233515818
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_3favicon-1519011051
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_4favicon860087195
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12722 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "fst_us_7"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch_14 Browser Plugin Loader 64"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeUpdater"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeWatcher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{645D6542-F9B1-44EA-92DF-3EA94E5445BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2DBD7AD1-0D7B-4930-9B64-A61F0B64FC8C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{69D3E23A-34F4-48FD-9008-F227883F6BC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{68BCEBC8-09F2-43CA-B34A-50B73B96C0D5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5CA3D49D-2B81-41EC-9433-B9C192A91FC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{06675675-C168-45B1-92DA-8DD6F1BE1C20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{1D4E0CD5-3CDC-4A30-9C5A-7B1EB10445CE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3A571D-D266-4EBA-963E-5D747DFF44D3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{24762852-79A2-4563-A8A0-B7C922604402}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B09515B5-4A55-4FE8-9C47-C61F8F7B0B4E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{27C9ABF2-FB25-46A5-B606-415F323BC749}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{295ACD62-FBC5-4BA2-AF45-721264A39D2A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{85B78AA2-A815-433F-B6EF-E1766F4B2F6F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{832E3684-8965-4783-9937-5051ABECBB82}] => (Allow) LPort=1900
FirewallRules: [{5B9062BF-0BE8-4D99-B9D6-3CD09DB77AC6}] => (Allow) LPort=2869
FirewallRules: [{A667AC35-013C-4D16-BEC9-636D1C55A495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F8641670-088F-464E-8BFC-52189CEB95AE}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{B0E484E7-503F-4876-9837-2442CA6A9D32}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{91FD07FB-C1EE-4E50-AC27-08CEA22F1178}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5151B207-3011-42F2-A099-DD30350E8113}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{36E5A7C0-29FD-4C3E-9B7F-CE7E3271A484}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{73A64CD0-D537-481B-9F7F-2E4762E811FA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E586B140-6690-4D3B-9F75-EA265F58CC66}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8C5B4AED-DD62-4C77-8912-C349D992EF15}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2015 07:08:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10240.16412 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 15a4
Start Time: 01d0fb0ba5e52c42
Termination Time: 806
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id: ec62e950-66fe-11e5-8528-98588a045ff2
Faulting package full name:
Faulting package-relative application ID:
Error: (09/29/2015 05:23:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GarminService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Garmin.Omt.Service.Program.Run()
at Garmin.Omt.Service.Program.Main(System.String[])
Error: (09/29/2015 05:22:48 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 05:21:56 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (09/29/2015 05:21:56 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (09/29/2015 05:21:07 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 05:09:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1914
Start Time: 01d0fafa75ce1e26
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Report Id: 5b05d80f-66ee-11e5-8527-98588a045ff2
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Error: (09/29/2015 05:09:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Philip-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (09/29/2015 05:03:36 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 04:59:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Philip-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (09/29/2015 05:23:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053
Error: (09/29/2015 05:23:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
Error: (09/29/2015 05:23:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IE Search Set service failed to start due to the following error:
%%2
Error: (09/29/2015 05:22:26 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (09/29/2015 05:21:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 05:21:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 05:21:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 05:21:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 05:06:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053
Error: (09/29/2015 05:06:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
CodeIntegrity:
===================================
Date: 2015-09-05 17:35:50.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.697
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.940
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 3554.07 MB
Available physical RAM: 1447.14 MB
Total Virtual: 4194.07 MB
Available Virtual: 1518.36 MB
Where do I find the main first log?????????
I am sorr
All Antivirus and Anti Malware programs are different, what one finds and removes another may not
You posted the Additions log 3 times, I need to see the main FRST log not the Additions
You seem to have a hard time doing this, is there a family member or a friend that is somewhat computer savvy that can help you. With out the logs its pretty difficult to help you. Running other programs once I see the FRST log may be a bit difficult for you to run
All Antivirus and Anti Malware programs are different, what one finds and removes another may not
You posted the Additions log 3 times, I need to see the main FRST log not the Additions
You seem to have a hard time doing this, is there a family member or a friend that is somewhat computer savvy that can help you. With out the logs its pretty difficult to help you. Running other programs once I see the FRST log may be a bit difficult for you to run
Thank you for trying to help me. I am sorry I wasted your time. But, I am limited to Personal Confusers. lol
I will just use my email that comes with Xfinity. I used INC for years;
I removed the Orbit and I will look around for another program.
Thanks again and have a good day.
We really have not accomplished much, you posted for help and I am trying to help you
Open up FRST, run a new scan and post the log that pops up. All the logs from the tools we run open in Notepad, when it opens up on the top left click on EDIT > SELECT ALL Then EDIT>COPY and then come back to this thread and paste the log
We really have not accomplished much, you posted for help and I am trying to help you
Open up FRST, run a new scan and post the log that pops up. All the logs from the tools we run open in Notepad, when it opens up on the top left click on EDIT > SELECT ALL Then EDIT>COPY and then come back to this thread and paste the log
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by Philip (2015-09-29 22:20:16)
Running from C:\Users\Philip\AppData\Local\Microsoft\Windows\INetCache\IE\53DR1OWN
Windows 10 Home (X64) (2015-08-24 00:27:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1898691579-3776423045-1794422828-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1898691579-3776423045-1794422828-503 - Limited - Disabled)
Guest (S-1-5-21-1898691579-3776423045-1794422828-501 - Limited - Disabled)
Philip (S-1-5-21-1898691579-3776423045-1794422828-1002 - Administrator - Enabled) => C:\Users\Philip
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Advanced SystemCare Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Advanced SystemCare Packages) (Version: - ) <==== ATTENTION
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{F196C498-5681-BCA2-8029-5BF070368F35}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version: - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IncrediMail (x32 Version: 6.6.0.5288 - IncrediMail) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Player Location Check (HKLM-x32\...\{0B67634E-7C91-4675-9FB3-28DC0B6E23CC}) (Version: 3.0.2.8 - GeoComply)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
ShopAtHome.com Helper (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\ShopAtHome.com Helper) (Version: 7.10.6.8 - ShopAtHome.com) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Smart Defrag Packages (HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\Smart Defrag Packages) (Version: - ) <==== ATTENTION
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
ZoneAlarm Antivirus (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 14.0.522.000 - Check Point)
ZoneAlarm Security (x32 Version: 14.0.522.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1FBB995E-9468-D082-0809-CAEE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5F5E75D4-9468-D082-82E5-2FAE85889A47} => No File
==================== Restore Points =========================
17-09-2015 12:35:40 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
20-09-2015 21:42:56 Restore Operation
22-09-2015 14:37:26 Removed IncrediMail.
27-09-2015 11:01:29 Installed IncrediMail.
28-09-2015 20:28:52 JRT Pre-Junkware Removal
29-09-2015 21:16:33 AA11
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-10-30 14:36 - 2015-09-28 18:55 - 00451915 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F37D24E-1DE8-48A3-9530-F6EA134E6B85} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {2DEC4852-24AE-48E6-9CA8-946445A9D2F3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {31BC57CA-CBED-4803-A6F0-4BE1DAD45437} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {3A8620D7-591F-4481-8987-84D712AFC951} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49578BBC-6B38-4073-9E72-AE551D5CE605} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {4D703AD2-D610-4DEF-904C-4FE366F5B6CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {54D35ACC-EF70-4A93-B417-21107FC18291} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {72584B4A-5E13-49E6-BBF6-C54419A92C44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {765130B8-9BFB-4D07-B987-232692272939} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {88BC7D31-6250-4807-AEB1-1DA9755EE47E} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMJMCNOMPMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNNMCNGMNMPMPMCNNMJNPICMOMFMEKMICNJJCKFMMMPMNMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJ"
Task: {8FD37428-63F6-4684-B193-F68C894767FE} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {929915BF-0B6C-40A2-BDD3-641A3BEE1241} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {94B04BA5-36CD-4C59-8DE9-A4855C260CBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {A3F379CD-737D-4CB5-8456-09A53FBDB484} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A568B93A-7297-4049-893D-9468B7E0FC40} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMOJKJLJNMIMKJKJCNKJMMNMOMCNLMKJKMLMCNNJLJGMLMCNKMJMJJIMLJGMNJNJKJKMLMGMJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMPKHJGJDJGJPIJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMOMPMGMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {AE8AEA27-7A9C-4091-A267-2A2E29824C8B} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {B7BACF8F-5840-40D6-A626-8DFB0648CA8F} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BB203185-F1F8-4BC6-9142-52ABF9E3FE6B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {BE4AC729-7ED4-4F83-873D-505BA2023250} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BEC28112-41C5-4281-A748-819F20670D59} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C038BF3F-D228-49BA-9EC2-92B462383CE0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {CBB50E3E-1129-4FD5-9403-F6A05743E4BE} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2015-03-15] (GeoComply Inc.)
Task: {D010AF73-B422-400E-BCC0-C1AA54AEDA51} - System32\Tasks\{88541932-405A-4949-BDA5-8DFECA0C8CBA} => pcalua.exe -a "C:\PROGRA~2\WSE Rocket\\uninstall.exe"
Task: {D52AD5A8-91A4-48B8-A608-3C93AF824267} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D66A8C53-655C-49C6-B7A5-B03DC3CFD996} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-03] (Siber Systems)
Task: {DA136833-CF94-4A2E-A3DC-43612A52A605} - System32\Tasks\07ARYVuxbrMzE => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: {DBE144C6-9F46-45AE-B401-04BA7CF1C321} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DF621E36-60C2-431D-B113-D29B47C1CF71} - System32\Tasks\ASC8_SkipUac_Philip => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {EC4C545B-D15A-422D-8FA8-B7AD517DC30D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\07ARYVuxbrMzE.job => C:\Users\Philip\AppData\Roaming\07ARYVuxbrMzE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Philip.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-23 23:14 - 2015-08-23 23:14 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-05-19 21:10 - 2009-09-08 17:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-08 20:47 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-23 23:14 - 2015-08-23 23:14 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-24 20:56 - 2015-07-24 20:56 - 00794920 _____ () C:\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kpcengine.2.3.dll
2014-01-05 12:58 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-09-04 15:16 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-04 15:16 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-04 15:16 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-04 15:16 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-25 08:32 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:10894A2E
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_0favicon274298539
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_1favicon-1484237488
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_2favicon233515818
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_3favicon-1519011051
AlternateDataStreams: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Comcast.net.website:TASKICON_4favicon860087195
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 12722 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "fst_us_7"
HKLM\...\StartupApproved\Run32: => "TotalRecipeSearch_14 Browser Plugin Loader 64"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeUpdater"
HKU\S-1-5-21-1898691579-3776423045-1794422828-1002\...\StartupApproved\Run: => "ShopAtHomeWatcher"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{645D6542-F9B1-44EA-92DF-3EA94E5445BE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2DBD7AD1-0D7B-4930-9B64-A61F0B64FC8C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{69D3E23A-34F4-48FD-9008-F227883F6BC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{68BCEBC8-09F2-43CA-B34A-50B73B96C0D5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5CA3D49D-2B81-41EC-9433-B9C192A91FC2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{06675675-C168-45B1-92DA-8DD6F1BE1C20}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{1D4E0CD5-3CDC-4A30-9C5A-7B1EB10445CE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DC3A571D-D266-4EBA-963E-5D747DFF44D3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{24762852-79A2-4563-A8A0-B7C922604402}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B09515B5-4A55-4FE8-9C47-C61F8F7B0B4E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{27C9ABF2-FB25-46A5-B606-415F323BC749}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{295ACD62-FBC5-4BA2-AF45-721264A39D2A}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{85B78AA2-A815-433F-B6EF-E1766F4B2F6F}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{832E3684-8965-4783-9937-5051ABECBB82}] => (Allow) LPort=1900
FirewallRules: [{5B9062BF-0BE8-4D99-B9D6-3CD09DB77AC6}] => (Allow) LPort=2869
FirewallRules: [{A667AC35-013C-4D16-BEC9-636D1C55A495}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F8641670-088F-464E-8BFC-52189CEB95AE}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{B0E484E7-503F-4876-9837-2442CA6A9D32}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{91FD07FB-C1EE-4E50-AC27-08CEA22F1178}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{5151B207-3011-42F2-A099-DD30350E8113}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{36E5A7C0-29FD-4C3E-9B7F-CE7E3271A484}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{73A64CD0-D537-481B-9F7F-2E4762E811FA}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{E586B140-6690-4D3B-9F75-EA265F58CC66}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8C5B4AED-DD62-4C77-8912-C349D992EF15}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/29/2015 10:12:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarminService.exe, version: 4.2.0.167, time stamp: 0x55f2dbae
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0x890
Faulting application start time: 0xGarminService.exe0
Faulting application path: GarminService.exe1
Faulting module path: GarminService.exe2
Report Id: GarminService.exe3
Faulting package full name: GarminService.exe4
Faulting package-relative application ID: GarminService.exe5
Error: (09/29/2015 10:12:03 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GarminService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Garmin.Omt.Service.Program.Run()
at Garmin.Omt.Service.Program.Main(System.String[])
Error: (09/29/2015 10:11:25 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 10:07:02 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (09/29/2015 10:07:02 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (09/29/2015 10:06:38 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 10:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarminService.exe, version: 4.2.0.167, time stamp: 0x55f2dbae
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0xa58
Faulting application start time: 0xGarminService.exe0
Faulting application path: GarminService.exe1
Faulting module path: GarminService.exe2
Report Id: GarminService.exe3
Faulting package full name: GarminService.exe4
Faulting package-relative application ID: GarminService.exe5
Error: (09/29/2015 10:01:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: GarminService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
Stack:
at Garmin.Omt.Service.Program.Run()
at Garmin.Omt.Service.Program.Main(System.String[])
Error: (09/29/2015 10:01:30 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (09/29/2015 09:59:43 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
System errors:
=============
Error: (09/29/2015 10:12:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053
Error: (09/29/2015 10:12:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
Error: (09/29/2015 10:11:06 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
Error: (09/29/2015 10:06:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 10:06:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 10:06:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 10:06:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/29/2015 10:02:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error:
%%1053
Error: (09/29/2015 10:02:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
Error: (09/29/2015 10:00:53 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
CodeIntegrity:
===================================
Date: 2015-09-05 17:35:50.787
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.744
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:50.697
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.940
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-05 17:35:31.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 22:38:35.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-09-02 12:38:22.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3554.07 MB
Available physical RAM: 1908.25 MB
Total Virtual: 4194.07 MB
Available Virtual: 2336.6 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:439.32 GB) (Free:377.44 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.33 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0324B0BA)
Partition: GPT.
==================== End of Addition.txt ============================
Nope, you posted the Additions log again for the 4th time, I need to see the main FRST log
Last try
Open up FRST by right clicking on it and selecting RUN AS ADMINISTRATOR. When it opens DO NOT PUT A CHECKMARK IN ADDITIONS...IF ADDITIONS IS CHECKED REMOVE THE CHECKMARK. Then run a new scan and post the log
Due to inactivity, this thread will now be closed.