View Full Version : Still Highjacked
My browser has been highjacked. I keep getting redirects when viewing pages. I've tried Spybot, AVG, and Hitman Pro. They all show my system as clean but I still get redirects. I've uninstalled and reinstalled Chrome and ran the Chrome clean up tool. No luck. Any suggestions?
Please back up your registry!
Backup the Registry:
Credit: Dakeyras
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
``````````````````````````````````````````````````````
Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs
Farbar Log
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your desktop.
Note:
You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
(A simple way to check your system: Start --> Computer (right click) --> Properties
How to determine whether a computer is running a 32-bit version or 64-bit version (http://support.microsoft.com/kb/827218)of the Windows operating system
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Please make sure All Users is checked
Do not check
*List BCD
*Drivers MD5
*Shortcut txt
Or your logs will be too long to post.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
Please copy and paste log into your topic.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.
aswMBR Log
Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.
Please download aswMBR (http://public.avast.com/%7Egmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
Click the Scan button to start scan.
If you are asked to update the Avast Virus database please allow it to do so.
When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.
If the infection prevents you from obtaining logs please start a topic and make note of the situation, provide details of the computer's current symptoms and wait for a response.
Do not post other logs or use "code wrap" unless requested in that format. :)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by John (administrator) on DADSPC (14-02-2016 10:42:51)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & DefaultAppPool)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\ToolbarUpdater.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Astrill) C:\Program Files (x86)\Astrill\astrill.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Voobly) C:\Program Files (x86)\Voobly\voobly.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-02-16] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-02-16] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2857544 2016-02-02] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-12] (Voobly)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [7213592 2015-12-17] (Astrill)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\MountPoints2: {453b0e54-7e58-11e3-be6e-806e6f6e6963} - "E:\SETUP.EXE"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2016-02-02]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-1569399677-2339013464-2643545198-1001] => hxxp://stop-block.org/wpad.dat?388afb707f76a35a9c2bff480ce582745755573
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\ASProxy.dll [391192 2015-09-03] (Astrill)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\ASProxy.dll [391192 2015-09-03] (Astrill)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\ASProxy.dll [391192 2015-09-03] (Astrill)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\ASProxy.dll [391192 2015-09-03] (Astrill)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\ASProxy.dll [391192 2015-09-03] (Astrill)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\ASProxy64.dll [555032 2015-09-03] (Astrill)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C391C4FB-21DA-44EC-ACCD-854B50ECE956}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D61DDEC4-5FD5-4C57-8A9E-DA4363CA3F60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F3685BC7-A488-4FD1-9C59-325FD2214783}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={43FC9FB8-A529-459F-B400-F1190F4F31FB}&mid=f8fbbb7488c147d29dc39913f0ed10a1-3f14605c5294c24fc80f29d9b02977255938e260&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2014-11-07 18:23:36&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.5.441\AVG Web TuneUp.dll [2016-02-02] (AVG)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: No Name -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.5.441\AVG Web TuneUp.dll [2016-02-02] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-09] (AVG Secure Search)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-12-02] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2002-06-07] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1569399677-2339013464-2643545198-1001: hp.com/HPDetect -> C:\Users\John\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_05¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByCyDyE0FtA0FyB0D0A0EtBtCtAtN0D0Tzu0StCyEzytAtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEzyzyzyyEyDtCyDtGyBtAyDyCtGyCyDtBzztGyBzzzzyBtGzyyEtAyDtCzz0CyD0F0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AzzyD0C0AyB0AtG0B0DzyyBtGyEyCyB0DtGzz0EyE0FtG0FyEtBtDzztA0E0Ezy0AtByB2QtN0A0LzuyE%26cr%3D1001654787%26a%3Dwncy_nxtad_16_05%26os_ver%3D6.3%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxp://truckingsim.com/index.php"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-12]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12]
CHR Extension: (Video Downloader professional) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-02-12]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-12]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [602136 2015-11-19] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2607640 2015-09-03] (Astrill)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-02-16] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2014-02-16] (IDT, Inc.) [File not signed]
R2 vToolbarUpdater40.2.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\ToolbarUpdater.exe [1936968 2016-02-02] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-02] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 asvpndrv; C:\Windows\system32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-04] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-02-16] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2016-02-04] (Duplex Secure Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 qknfd; system32\drivers\qknfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-14 10:42 - 2016-02-14 10:43 - 00027661 _____ C:\Users\John\Desktop\FRST.txt
2016-02-14 10:33 - 2016-02-14 10:42 - 00000000 ____D C:\FRST
2016-02-14 10:32 - 2016-02-14 10:32 - 02370560 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-02-14 10:31 - 2016-02-14 10:31 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-02-14 10:31 - 2016-02-14 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-14 10:30 - 2016-02-14 10:31 - 00016199 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-02-14 10:29 - 2016-02-14 10:29 - 04777232 _____ (Tweaking.com) C:\Users\John\Desktop\tweaking.com_registry_backup_setup.exe
2016-02-13 21:48 - 2016-02-13 21:48 - 00000000 ____D C:\Users\John\AppData\Local\HP Quick Start
2016-02-13 21:45 - 2016-02-13 21:45 - 04584344 _____ (Google) C:\Users\John\Downloads\chrome_cleanup_tool.exe
2016-02-12 15:30 - 2016-02-12 15:30 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-12 15:30 - 2016-02-12 15:30 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-12 15:29 - 2016-02-14 10:34 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 15:29 - 2016-02-13 15:34 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 15:29 - 2016-02-12 15:29 - 00003880 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-12 15:29 - 2016-02-12 15:29 - 00003644 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-12 15:29 - 2016-02-12 15:29 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2016-02-12 12:22 - 2016-02-12 12:22 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2016-02-11 14:33 - 2016-02-11 14:32 - 00450979 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160211-143319.backup
2016-02-11 14:32 - 2016-02-11 13:33 - 00450979 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160211-143240.backup
2016-02-11 13:33 - 2015-08-12 20:20 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160211-133353.backup
2016-02-11 11:10 - 2016-02-11 11:10 - 00558336 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot2-license.exe
2016-02-10 08:17 - 2016-02-10 08:17 - 54329568 _____ (Microsoft Corporation) C:\Users\John\Downloads\Windows-KB890830-x64-V5.33.exe
2016-02-10 00:47 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 00:47 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 00:47 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 00:47 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 00:47 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 00:47 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 00:47 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 00:47 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 19:44 - 2016-02-11 12:16 - 00001771 _____ C:\WINDOWS\wininit.ini
2016-02-09 19:14 - 2016-02-09 19:14 - 00002458 _____ C:\WINDOWS\system32\.crusader
2016-02-09 17:04 - 2016-01-10 12:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 17:04 - 2016-01-10 12:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 17:04 - 2016-01-10 12:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-09 17:04 - 2016-01-10 12:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 17:04 - 2016-01-10 12:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-09 17:04 - 2016-01-10 11:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 17:04 - 2016-01-10 11:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-09 17:04 - 2016-01-10 11:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-09 17:04 - 2016-01-10 11:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 17:03 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 17:03 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 17:03 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-09 17:03 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 17:03 - 2016-01-22 01:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 17:03 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-09 17:03 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-09 17:03 - 2016-01-22 00:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-02-09 17:03 - 2016-01-22 00:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 17:03 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-09 17:03 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-02-09 17:03 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-09 17:03 - 2016-01-22 00:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-09 17:03 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-09 17:03 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-09 17:03 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 17:03 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 17:03 - 2016-01-22 00:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-02-09 17:03 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-09 17:03 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-02-09 17:03 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 17:03 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-09 17:03 - 2016-01-22 00:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-09 17:03 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-09 17:03 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 17:03 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-02-09 17:03 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-09 17:03 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 17:03 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-02-09 17:03 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-09 17:03 - 2016-01-19 14:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 17:03 - 2016-01-19 14:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 17:03 - 2016-01-19 14:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 17:03 - 2016-01-19 14:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 17:03 - 2016-01-19 14:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 17:03 - 2016-01-19 13:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 17:03 - 2016-01-19 13:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 17:03 - 2016-01-19 13:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 17:03 - 2016-01-19 13:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 17:03 - 2016-01-19 12:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 17:03 - 2016-01-19 11:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-09 17:03 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-09 17:03 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-09 17:03 - 2016-01-10 14:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 17:03 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-09 17:03 - 2016-01-10 13:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 17:03 - 2016-01-10 13:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-09 17:03 - 2016-01-10 13:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-09 17:03 - 2016-01-10 12:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-09 17:03 - 2016-01-10 12:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 17:03 - 2016-01-10 12:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-09 17:03 - 2016-01-10 12:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 17:03 - 2016-01-10 11:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-09 17:03 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 17:03 - 2016-01-10 11:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 17:03 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-02-09 17:03 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-02-09 17:03 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-09 17:03 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-02-09 17:03 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-02-09 17:03 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-09 17:03 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-02-09 17:03 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-02-09 17:03 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-02-09 17:03 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-09 17:03 - 2016-01-07 13:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-09 17:03 - 2016-01-06 13:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 17:03 - 2015-12-29 10:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-09 17:03 - 2015-12-29 10:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-09 17:03 - 2015-12-29 10:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-09 17:03 - 2015-12-29 10:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 17:03 - 2015-12-28 16:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-09 17:03 - 2015-12-28 15:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-09 17:03 - 2015-12-17 13:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-09 17:03 - 2015-12-17 11:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-09 13:33 - 2016-02-09 13:33 - 00000000 ____D C:\Users\John\Documents\ProcAlyzer Dumps
2016-02-09 13:30 - 2016-02-09 13:30 - 00000363 _____ C:\Users\John\Control Panel - Shortcut.lnk
2016-02-09 13:23 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-09 13:21 - 2016-02-09 13:21 - 00001414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-09 13:21 - 2016-02-09 13:21 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-09 13:21 - 2016-02-09 13:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-09 13:21 - 2016-02-09 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-09 13:20 - 2016-02-11 14:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-09 13:20 - 2016-02-11 11:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-09 13:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-08 20:34 - 2016-02-08 20:34 - 03039232 _____ C:\Users\John\ntuser.rhk
2016-02-08 20:30 - 2016-02-08 20:40 - 00000478 _____ C:\WINDOWS\Tasks\Wise Registry Cleaner Schedule Task.job
2016-02-08 20:30 - 2016-02-08 20:30 - 00003326 _____ C:\WINDOWS\System32\Tasks\Wise Registry Cleaner Schedule Task
2016-02-08 05:23 - 2016-02-08 05:23 - 00000000 ____D C:\sh4ldr
2016-02-08 05:23 - 2016-02-08 05:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-02-08 05:23 - 2016-02-08 05:23 - 00000000 _____ C:\autoexec.bat
2016-02-07 02:53 - 2016-02-07 02:53 - 00001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-07 02:53 - 2016-02-07 02:53 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-07 02:52 - 2016-02-09 19:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-06 17:49 - 2016-02-06 17:50 - 02468442 _____ C:\Users\John\Downloads\forced.mp4
2016-02-06 12:18 - 2016-02-06 12:26 - 00000000 ____D C:\Users\John\Documents\Attachments
2016-02-05 22:05 - 2016-02-11 10:55 - 00000000 ____D C:\Program Files (x86)\No-IP
2016-02-05 22:05 - 2016-02-05 22:05 - 00000000 ____D C:\Users\John\AppData\Local\Vitalwerks
2016-02-05 20:26 - 2016-02-08 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2016-02-04 22:25 - 2016-02-04 22:25 - 00000041 ___SH C:\ProgramData\.zreglib
2016-02-04 22:24 - 2016-02-04 22:29 - 00000000 ____D C:\Program Files (x86)\SlySoft
2016-02-04 22:17 - 2016-02-04 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Hawk Technology
2016-02-04 22:17 - 2006-03-20 00:00 - 00057344 _____ (NexiTech, Inc.) C:\WINDOWS\SysWOW64\WNASPINT.DLL
2016-02-04 22:09 - 2016-02-04 22:13 - 00868848 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2016-02-04 21:45 - 2016-02-04 21:45 - 00001704 _____ C:\Users\John\Desktop\Warcraft 2 Combat Map Editor.lnk
2016-02-04 21:32 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\Viewpoint
2016-02-04 21:32 - 2016-02-04 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netscape 7.0
2016-02-04 21:32 - 2016-02-04 21:32 - 00010004 _____ C:\WINDOWS\mozver.dat
2016-02-04 21:31 - 2016-02-04 21:31 - 00003072 _____ C:\WINDOWS\System32\Tasks\{885D906F-296A-4054-A9DC-1129789D4DF3}
2016-02-04 21:20 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\AppData\Local\Netscape
2016-02-04 21:20 - 2016-02-04 21:32 - 00000335 _____ C:\WINDOWS\nsreg.dat
2016-02-04 21:11 - 2016-02-04 21:11 - 00000000 ____D C:\Program Files\Jasc Software Inc
2016-02-04 21:10 - 2016-02-04 21:11 - 00018994 _____ C:\WINDOWS\Team C8 - 200 Paintshop Pro Plugins Mega-Pack 01 - Filters Setup Log.txt
2016-02-04 21:05 - 2016-02-04 21:05 - 00000000 ____D C:\Program Files (x86)\War2CombatMapEditor
2016-02-04 00:22 - 2016-02-04 00:22 - 00003248 _____ C:\WINDOWS\System32\Tasks\{D80DD150-CBD1-4F3F-8FB0-B796A447F6C9}
2016-02-04 00:21 - 2016-02-04 00:21 - 00001636 _____ C:\Users\John\Desktop\PSP 7.lnk
2016-02-03 23:41 - 2016-02-03 23:43 - 31725159 _____ C:\Users\John\Downloads\psp7.zip
2016-02-03 00:51 - 2016-02-03 00:51 - 01193136 _____ (Corel Corporation) C:\Users\John\Downloads\pspx8.1_seo.exe
2016-02-03 00:34 - 2016-02-03 00:34 - 00003204 _____ C:\WINDOWS\System32\Tasks\{18E4AAEF-0F88-4456-8AE9-B262A884FF88}
2016-02-02 23:38 - 2016-02-02 23:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-02 23:38 - 2016-02-02 23:38 - 00000000 ____D C:\Users\John\AppData\Local\CEF
2016-02-02 23:37 - 2016-02-02 23:49 - 00000000 ____D C:\Users\John\AppData\Local\{56C7609B-726F-0C23-1FF7-29CB3B9FD553}
2016-02-02 22:26 - 2016-02-02 22:26 - 00000000 ____D C:\ProgramData\BulletProof Software
2016-02-02 21:45 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\AppData\Local\BulletProof Software
2016-02-02 21:43 - 2016-02-08 22:51 - 00000000 ____D C:\BBB
2016-02-02 21:14 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\Jasc Software Inc
2016-02-02 19:16 - 2016-02-02 19:16 - 00000879 _____ C:\Users\John\Documents\bbbhq.dwt
2016-02-02 18:59 - 2016-02-02 18:59 - 00000000 ____D C:\ProgramData\Macromedia
2016-02-02 18:58 - 2016-02-10 10:01 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-02-02 18:58 - 2016-02-10 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2016-02-02 18:58 - 2016-02-10 10:01 - 00000000 ____D C:\Program Files (x86)\Macromedia
2016-02-02 16:44 - 2016-02-04 21:52 - 00044867 _____ C:\Users\John\Documents\Black Blade Brigade.htm
2016-02-02 16:44 - 2016-02-02 19:28 - 00000000 ____D C:\Users\John\Documents\Black Blade Brigade_files
2016-02-02 16:05 - 2016-02-02 16:05 - 02930208 _____ (NetworkActiv) C:\Users\John\Downloads\NetworkActivWebServerV4.0_PA_3.7.0.exe
2016-02-02 16:04 - 2016-02-02 16:04 - 00622608 _____ (NetworkActiv) C:\Users\John\Downloads\NetworkActivWebServerV3.5.exe
2016-02-02 14:57 - 2016-02-02 14:57 - 00001660 _____ C:\Users\John\Desktop\Warcraft II Map Editor.exe - Shortcut.lnk
2016-02-02 13:50 - 2016-02-02 13:50 - 00000002 _____ C:\Users\John\Documents\gwd_workspace.json
2016-02-02 01:07 - 2016-02-02 01:07 - 00000000 ____D C:\Users\John\Documents\OneNote Notebooks
2016-02-02 01:06 - 2016-02-06 11:13 - 00000000 ____D C:\Users\John\Documents\bbb_index_files
2016-02-02 01:06 - 2016-02-02 01:06 - 00077824 _____ C:\Users\John\Documents\Publication4.pub
2016-02-02 01:06 - 2016-02-02 01:06 - 00013132 _____ C:\Users\John\Documents\bbb_index.htm
2016-02-02 00:49 - 2016-02-02 00:49 - 00033881 _____ C:\Users\John\Documents\bbb.htm
2016-02-02 00:49 - 2016-02-02 00:49 - 00000000 ____D C:\Users\John\Documents\bbb_files
2016-02-02 00:46 - 2016-02-02 12:55 - 00254976 _____ C:\Users\John\Documents\bbb.pub
2016-02-02 00:19 - 2016-02-02 00:19 - 00129528 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 23:42 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\CoffeeCup Software
2016-02-01 23:42 - 2016-02-01 23:42 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup DirectFTP.lnk
2016-02-01 23:42 - 2016-02-01 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup DirectFTP
2016-02-01 23:33 - 2016-02-01 23:33 - 00003100 _____ C:\WINDOWS\System32\Tasks\{D451E8EB-F2D8-4DAE-BA65-5E56D847B3BA}
2016-02-01 22:39 - 2016-02-01 22:39 - 00000000 ____D C:\Users\John\Documents\HQ
2016-02-01 22:34 - 2016-02-01 22:37 - 00000000 ____D C:\Users\John\Documents\Headquarters
2016-02-01 20:57 - 2016-02-01 20:57 - 00000000 ____D C:\Users\John\AppData\Local\Disruptive Innovations SARL
2016-02-01 19:26 - 2016-02-01 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-01 19:08 - 2016-02-01 19:12 - 00000000 ____D C:\Users\John\Documents\BBB
2016-02-01 18:02 - 2016-02-01 18:02 - 00000006 ____S C:\ProgramData\9d14874e4867a8275e174fe4445aabd83ba0869d
2016-02-01 18:02 - 2016-02-01 18:02 - 00000000 ____D C:\ProgramData\238559
2016-02-01 18:02 - 2016-02-01 18:02 - 00000000 ____D C:\ProgramData\238459
2016-02-01 04:10 - 2016-02-01 04:10 - 00000000 ____D C:\Users\John\AppData\Local\Globalscape
2016-02-01 04:10 - 2016-02-01 04:10 - 00000000 ____D C:\ProgramData\Globalscape
2016-01-30 20:17 - 2016-01-30 20:17 - 00000001 _____ C:\Users\John\Downloads\RED_Overnight_Express.zip
2016-01-29 17:34 - 2016-02-08 20:01 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-29 17:34 - 2016-01-29 17:34 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-01-29 17:34 - 2016-01-29 13:04 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-01-29 17:34 - 2014-02-21 23:37 - 00000369 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-29 17:34 - 2014-02-21 23:37 - 00000369 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-29 17:34 - 2014-02-15 23:06 - 00000000 ____D C:\Users\DefaultAppPool\Documents\hp.system.package.metadata
2016-01-29 17:34 - 2014-02-15 23:06 - 00000000 ____D C:\Users\DefaultAppPool\Documents\hp.applications.package.appdata
2016-01-29 17:34 - 2014-02-15 23:06 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2016-01-29 17:25 - 2016-02-14 00:18 - 00000000 ____D C:\War2Combat
2016-01-29 17:25 - 2016-01-29 17:25 - 00001576 _____ C:\Users\John\Desktop\War2Combat.lnk
2016-01-29 14:52 - 2016-01-29 14:52 - 00000000 _____ C:\WINDOWS\SysWOW64\Access.dat
2016-01-29 13:05 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-01-29 13:04 - 2016-01-29 13:04 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-01-29 13:04 - 2016-01-29 13:04 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-01-29 13:03 - 2016-01-29 13:03 - 00000000 ____D C:\Users\John\Documents\Tunngle
2016-01-29 13:03 - 2015-12-21 17:01 - 00047736 _____ (Tunngle.net) C:\WINDOWS\system32\Drivers\tap0901t.sys
2016-01-29 02:03 - 2016-01-29 15:47 - 00000000 ____D C:\Users\John\Desktop\AGEditor3
2016-01-28 23:57 - 2016-01-28 23:57 - 00001147 _____ C:\Users\John\Desktop\CoffeeCup Free HTML Editor.lnk
2016-01-28 23:56 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\Documents\CoffeeCup Software
2016-01-28 23:56 - 2016-01-28 23:56 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2016-01-28 23:55 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\AppData\Roaming\CoffeeCup Software
2016-01-28 22:18 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\Desktop\NP++
2016-01-28 22:17 - 2016-01-28 22:17 - 02020520 _____ C:\Users\John\Desktop\npp.6.8.8.bin.7z
2016-01-28 22:17 - 2016-01-28 22:17 - 00000000 ____D C:\Users\John\AppData\Roaming\Notepad++
2016-01-28 21:48 - 2016-01-28 21:48 - 00781994 _____ C:\Users\John\Desktop\phpsgex-2.0.1.7.zip
2016-01-24 22:55 - 2016-01-24 22:55 - 00001127 _____ C:\Users\John\Desktop\Investments.txt
2016-01-22 15:19 - 2016-01-22 15:19 - 00000000 ____D C:\Users\John\Downloads\Kali
2016-01-22 15:17 - 2016-01-22 15:18 - 02811349 _____ (InstallShield Software Corporation) C:\Users\John\Downloads\kali2613.exe
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-14 10:41 - 2014-04-07 08:43 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-02-14 10:37 - 2014-01-15 21:01 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569399677-2339013464-2643545198-1001
2016-02-14 10:31 - 2015-08-12 18:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-14 10:09 - 2015-08-13 19:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-14 09:51 - 2014-01-22 20:59 - 00000000 ____D C:\ProgramData\MFAData
2016-02-14 09:51 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-14 08:39 - 2014-01-15 20:53 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4E3A0E6E-0F52-4F4E-99F7-A943C718BF2E}
2016-02-14 01:00 - 2015-12-25 17:29 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2016-02-13 22:44 - 2015-12-04 19:59 - 00104448 ___SH C:\Users\John\Downloads\Thumbs.db
2016-02-13 18:00 - 2015-08-12 18:16 - 00000480 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2016-02-13 02:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-12 15:30 - 2014-01-15 20:59 - 00000000 ____D C:\Users\John\AppData\Local\Google
2016-02-12 15:30 - 2014-01-15 20:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-12 10:57 - 2014-01-15 21:37 - 00000000 ____D C:\Program Files (x86)\Voobly
2016-02-12 09:44 - 2013-11-14 02:28 - 00992412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-12 09:44 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-12 09:42 - 2014-02-15 23:24 - 00000000 ___DO C:\Users\John\SkyDrive
2016-02-12 09:42 - 2014-01-31 20:33 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-02-12 09:42 - 2013-03-22 13:00 - 00000983 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-02-12 09:41 - 2015-08-12 18:16 - 00000506 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-02-12 09:40 - 2013-12-02 09:45 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-02-12 09:39 - 2013-12-02 09:45 - 00000088 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2016-02-12 09:39 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-12 09:34 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-12 09:32 - 2015-09-04 07:18 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2016-02-12 09:31 - 2013-08-22 09:44 - 00507936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-12 09:29 - 2015-04-17 03:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-12 09:29 - 2013-11-14 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 09:29 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-12 03:35 - 2015-09-04 07:18 - 00003154 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2016-02-12 03:08 - 2015-05-13 22:23 - 00000000 ___RD C:\Users\John\OneDrive
2016-02-12 03:08 - 2015-01-15 21:49 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1569399677-2339013464-2643545198-1001
2016-02-11 22:11 - 2014-03-31 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-11 22:11 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-10 10:08 - 2015-12-20 14:40 - 00000000 ____D C:\Software
2016-02-10 08:18 - 2014-10-16 23:03 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 01:03 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 01:03 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-10 01:03 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 00:56 - 2014-01-16 21:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 21:09 - 2015-12-29 11:09 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-09 21:09 - 2015-08-13 19:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 19:22 - 2014-04-05 09:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-09 17:03 - 2015-11-10 16:24 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 17:03 - 2015-11-10 16:24 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-09 13:30 - 2014-02-15 23:04 - 00000000 ____D C:\Users\John
2016-02-09 13:23 - 2015-06-22 08:57 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-09 05:07 - 2015-08-12 18:16 - 00000454 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
2016-02-08 22:56 - 2016-01-12 22:50 - 00000000 ____D C:\Users\John\AppData\Roaming\PSpad
2016-02-08 22:56 - 2015-12-21 23:33 - 00000000 ____D C:\Users\John\AppData\Roaming\Astrill
2016-02-08 22:56 - 2015-12-21 23:33 - 00000000 ____D C:\Program Files (x86)\Astrill
2016-02-08 22:56 - 2015-04-04 03:02 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-08 22:52 - 2015-12-20 15:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Spool
2016-02-08 22:52 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-08 22:51 - 2016-01-12 22:50 - 00000000 ____D C:\Program Files (x86)\PSPad editor
2016-02-08 22:51 - 2016-01-06 14:31 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-02-08 22:51 - 2016-01-06 14:31 - 00000000 ____D C:\Users\John\AppData\Local\Amazon
2016-02-08 22:51 - 2015-12-25 17:28 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-02-08 22:51 - 2015-12-25 17:18 - 00000000 ____D C:\Users\John\AppData\Local\converter
2016-02-08 22:51 - 2015-12-25 16:32 - 00000000 ____D C:\Users\John\AppData\Local\fontconfig
2016-02-08 22:51 - 2015-12-25 15:08 - 00000000 ____D C:\Users\John\AppData\Local\RzStats
2016-02-08 22:51 - 2015-12-25 15:03 - 00000000 ____D C:\Users\John\AppData\Roaming\Anvsoft
2016-02-08 22:51 - 2015-12-25 14:30 - 00000000 ____D C:\Users\Public\CyberLink
2016-02-08 22:51 - 2015-12-20 15:00 - 00000000 ____D C:\ProgramData\InstallShield
2016-02-08 22:51 - 2015-12-12 23:30 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft Games
2016-02-08 22:51 - 2015-12-12 23:27 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade
2016-02-08 22:51 - 2015-12-10 22:32 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-02-08 20:46 - 2013-08-22 08:25 - 00000292 _____ C:\WINDOWS\win.ini
2016-02-08 20:28 - 2014-02-01 12:57 - 00000000 ____D C:\Users\John\AppData\Local\HPConnectedMusic
2016-02-06 00:53 - 2014-04-05 09:08 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-06 00:53 - 2014-04-05 09:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-04 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\System
2016-02-03 18:48 - 2015-12-20 15:37 - 00000000 ____D C:\Users\John\Documents\My PSP Files
2016-02-03 18:48 - 2015-12-20 14:45 - 00006580 ___SH C:\WINDOWS\SysWOW64\KGyGaAvL.sys
2016-02-03 01:24 - 2014-02-16 19:22 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2016-02-02 23:38 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-02-02 23:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-02 22:26 - 2013-12-02 09:26 - 00000000 ____D C:\ProgramData\Temp
2016-02-02 22:06 - 2014-01-15 20:51 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2016-02-02 04:29 - 2014-11-07 18:23 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-02 04:28 - 2014-11-07 18:23 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-02 04:28 - 2014-11-07 18:23 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-01 21:37 - 2015-12-11 13:46 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-01 21:37 - 2015-12-11 13:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 20:27 - 2014-04-07 08:43 - 00000000 ____D C:\ProgramData\Skype
2016-02-01 19:28 - 2013-12-02 09:39 - 00000000 ____D C:\Program Files\7-Zip
2016-02-01 15:25 - 2013-12-02 09:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-29 18:50 - 2014-12-04 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-29 17:38 - 2014-02-16 01:53 - 00000000 ____D C:\inetpub
2016-01-29 17:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-01-29 17:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-01-29 13:04 - 2013-04-03 19:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-29 01:57 - 2014-12-04 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-29 01:53 - 2013-12-02 09:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-29 01:53 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 02:56 - 2015-05-21 07:55 - 00000000 ____D C:\Users\John\AppData\Local\Avg
2016-01-22 02:56 - 2014-01-22 21:03 - 00000000 ___HD C:\$AVG
2016-01-16 17:58 - 2014-04-07 08:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 16:38 - 2015-03-31 08:53 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
==================== Files in the root of some directories =======
2015-12-21 23:33 - 2015-05-05 11:56 - 1701390 _____ () C:\Users\John\AppData\Roaming\addr2line.exe
2014-01-16 18:37 - 2014-07-18 23:31 - 0000210 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-02-02 22:22 - 2014-02-02 22:23 - 0003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-04 22:25 - 2016-02-04 22:25 - 0000041 ___SH () C:\ProgramData\.zreglib
2016-02-01 18:02 - 2016-02-01 18:02 - 0000006 ____S () C:\ProgramData\9d14874e4867a8275e174fe4445aabd83ba0869d
2015-12-25 17:17 - 2015-12-25 17:17 - 0000016 _____ () C:\ProgramData\mntemp
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-13 02:06
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by John (2016-02-14 10:44:11)
Running from C:\Users\John\Desktop
Windows 8.1 (X64) (2014-02-16 04:21:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1569399677-2339013464-2643545198-500 - Administrator - Disabled)
Guest (S-1-5-21-1569399677-2339013464-2643545198-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1569399677-2339013464-2643545198-1005 - Limited - Enabled)
John (S-1-5-21-1569399677-2339013464-2643545198-1001 - Administrator - Enabled) => C:\Users\John
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.5.441 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\CoffeeCup Free HTML Editor) (Version: - )
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.256 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\HPConnectedMusic) (Version: 1.1 (build 88) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\OneDriveSetup.exe) (Version: 17.3.6301.0127 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Paint Shop Pro 7 ESD (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Viewpoint Media Player (Remove Only) (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
War2Combat version 4.01 (HKLM-x32\...\War2Combat_is1) (Version: 4.01 - War2 RU Admins)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DE6D96A-CEFF-47E7-955C-E72850EF4997} - System32\Tasks\{885D906F-296A-4054-A9DC-1129789D4DF3} => pcalua.exe -a C:\Software\Netscape702.exe -d C:\Software
Task: {0EFD0EF6-ECEA-4630-BE08-FC904084A805} - System32\Tasks\{D80DD150-CBD1-4F3F-8FB0-B796A447F6C9} => pcalua.exe -a "C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\psp.exe" -d "C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7"
Task: {1D5CD059-EF4A-4232-BB7D-5929D17991BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {1E1F95C9-20E8-4831-9327-CDD9EA8D3692} - System32\Tasks\{0F3F556A-E2B3-48EE-B310-9AE2AFD33034} => pcalua.exe -a C:\Users\John\Downloads\kali2613.exe -d C:\Users\John\Downloads
Task: {27E90822-026C-4219-9FD1-3863ED1A17A1} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {291A0C24-759B-4A48-BC46-0DF6522B9B53} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {5071E220-4FE9-4F09-83B3-4D921B9D9DBB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {567C60F9-2844-4FCB-81D7-5EE59724C9F9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {5692E3A3-1846-4685-A611-3FA681734961} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {577E69C9-B172-444A-8385-F1650D61ABA6} - System32\Tasks\{D451E8EB-F2D8-4DAE-BA65-5E56D847B3BA} => pcalua.exe -a C:\Users\John\Desktop\setup.exe -d C:\Users\John\Desktop
Task: {61BFBA64-41DD-47D2-B643-FD8264C65A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
Task: {657E3322-C270-4617-8264-1873FA38CCC2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {7961BE82-22FE-4CAF-B72F-57F29D10BD0F} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {7A0E8C5C-19E0-4791-B40D-20D9A6AA2342} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2015-11-30] (DivX, LLC)
Task: {7B9EC744-E796-40D7-80A8-4916A26CD951} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {7D40B79E-437A-4EAB-B1BE-55A52BF0F2F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {847FDBB2-7691-45CF-977D-1A117D2A0279} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
Task: {89563CEE-DC34-4E75-BE77-BE5926E0BFEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {A5CF101D-2F1E-414B-9502-021CDDE4CC8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B2A98F79-5FA9-4E4C-B781-0E33DE29E38A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {B45018C0-6975-4A5B-A22B-B91BD31DEDEE} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()
Task: {B900BEBB-454C-4459-A360-78C2CFE9FB69} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {C6B940F4-4564-42F6-A5AD-C8EE225BBE97} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-11-20] ()
Task: {D41ADF3B-375A-4717-8C73-521A9FE1BF09} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1569399677-2339013464-2643545198-1001 => C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-02-12] (Microsoft Corporation)
Task: {DCD3046B-2A0F-4C9D-A6AD-9F756201A239} - System32\Tasks\{851B229F-6786-4961-B86F-7E72FC09E81C} => pcalua.exe -a C:\Users\John\Downloads\kali2613.exe -d C:\Users\John\Downloads
Task: {E4166C61-55BF-4390-9E99-8F5300EE83A5} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {EA79D8F6-3652-4133-A7D2-21D002B43ED0} - System32\Tasks\DivX Update => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {F279DC8F-956C-4059-A276-377D5FF6CB03} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F4B65365-1316-488D-A98F-976C6FBE7515} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {FB482630-C1CB-4B16-AD99-58103EA54DFF} - System32\Tasks\{18E4AAEF-0F88-4456-8AE9-B262A884FF88} => pcalua.exe -a "C:\Software\Jasc Software Inc\Paint Shop Pro 7\psp.exe" -d "C:\Software\Jasc Software Inc\Paint Shop Pro 7"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-03-03 22:52 - 2016-02-02 04:28 - 01205832 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-10-31 18:27 - 2014-10-31 18:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-02-02 04:28 - 2016-02-02 04:28 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\loggingserver.exe
2013-01-10 16:30 - 2013-01-10 16:30 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00055296 _____ () C:\windows\system32\BlueSoleilCSps.dll
2013-01-10 14:25 - 2013-01-10 14:25 - 00364544 _____ () C:\windows\system32\BsExtendFunc.dll
2014-11-07 18:23 - 2016-02-02 04:28 - 02857544 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2013-01-10 16:30 - 2013-01-10 16:30 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-03-22 13:06 - 2013-03-22 13:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 13:53 - 2011-07-05 13:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00055296 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2016-02-09 13:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-09 13:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-09 13:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-02-09 13:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-02-02 04:28 - 2016-02-02 04:28 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.5\log4cplusU.dll
2013-12-02 09:29 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-12-01 14:09 - 2015-12-01 14:08 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2014-02-16 00:32 - 2014-02-16 00:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 00622592 _____ () C:\Program Files (x86)\Voobly\gui.dll
2014-01-15 21:37 - 2014-09-17 08:57 - 02023424 _____ () C:\Program Files (x86)\Voobly\QtCore4.dll
2014-01-15 21:37 - 2014-09-17 08:57 - 07426048 _____ () C:\Program Files (x86)\Voobly\QtGui4.dll
2014-01-15 21:37 - 2014-09-17 08:57 - 01609728 _____ () C:\Program Files (x86)\Voobly\QtNetwork4.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 02146304 _____ () C:\Program Files (x86)\Voobly\lobby.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 01044480 _____ () C:\Program Files (x86)\Voobly\messenger.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 00651264 _____ () C:\Program Files (x86)\Voobly\vooblynat1.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 00503808 _____ () C:\Program Files (x86)\Voobly\vooblynat3.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 00548864 _____ () C:\Program Files (x86)\Voobly\launch.dll
2014-01-15 21:38 - 2015-11-15 14:46 - 01196032 _____ () C:\Program Files (x86)\Voobly\anticheat1.dll
2014-01-15 21:37 - 2014-01-12 20:44 - 00019456 _____ () C:\Program Files (x86)\Voobly\imageformats\qgif4.dll
2014-01-15 21:37 - 2014-01-12 20:44 - 00131072 _____ () C:\Program Files (x86)\Voobly\imageformats\qjpeg4.dll
2016-02-12 15:30 - 2016-02-09 06:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-12 15:30 - 2016-02-09 06:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:4E0E77A0ED053531
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7871 more sites.
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123simsen.com -> www.123simsen.com
There are 7871 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2016-02-11 14:33 - 00450979 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15470 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\Pictures\earth-moon-photo-lro.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\StartupApproved\Run: => "Astrill"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{F4EBFC1D-E068-4381-9B00-185F20036A35}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [TCP Query User{68733256-15E9-4E3D-8EF2-DA8610429C07}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [UDP Query User{F110405F-9AE0-40DD-9AEB-F53516AC1E00}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{391DFEE8-B715-443A-BE65-855C41F31573}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{7B215395-2AA2-4B33-AB90-E184DE121044}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{2615DA2F-DE0C-4C1E-ACE4-32DD1DC81C3D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{D14EA835-F845-44A1-BDCC-12A070A7399E}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{A8CF1E97-3537-4FAD-BCC1-BB7A47850B0E}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [{DCC92AF2-BC4C-457B-B194-93F8C71A78B7}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
FirewallRules: [{EE41C626-06E2-4627-8E35-0A260C14D6DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{43D7EE1A-CF43-4C1D-8419-D5215945C67D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{B28704A6-8135-4017-BA84-B59DE3015D9F}] => (Allow) LPort=1900
FirewallRules: [{5B4218F9-2487-43A4-AF41-37327258F649}] => (Allow) LPort=2869
FirewallRules: [{85F11C25-F507-4B54-9D25-A33C87BE0E5D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14BDA67B-0933-4F2B-A3BB-65FB3433BB70}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C20B4506-A17F-4E9E-BDC7-CC3D521EF6A0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{861C7345-82D2-479C-85FA-1FD77CE29022}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E7EC0ED-40F2-4752-AC9C-B2C485C18CD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBEA879D-A1B5-44E0-B171-50E2C7E5F9EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B1F9945-5C2C-4285-A29B-65CB854879DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C84E8418-D103-40B7-9290-19453F44024F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8268AC9F-B4DF-4A5A-BCCC-48BFA746D115}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{5687E6D3-A537-452D-A75E-6BECA4BC8E86}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5DF4C964-DE12-4F21-9AB2-C406B53FF674}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{3B689F6F-C996-465A-AF6F-76BF458D5C93}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F7812B2A-C39E-41CC-8588-9C641B605139}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BD2AD89C-1EC2-4219-933E-BB62596668DB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{76CD426E-F71A-43A1-8AFB-BAFA67C18030}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{C723930D-0509-458F-970E-6BA9F11DC6E4}C:\war2combat\warcraft ii bne.exe] => (Allow) C:\war2combat\warcraft ii bne.exe
FirewallRules: [UDP Query User{48B9D663-EF5C-4DA6-8FBF-55F3CBF8E68B}C:\war2combat\warcraft ii bne.exe] => (Allow) C:\war2combat\warcraft ii bne.exe
FirewallRules: [TCP Query User{095B06A3-3ED0-4080-B683-8B858DC9B9C2}C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe] => (Allow) C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe
FirewallRules: [UDP Query User{0B4AFEBB-CFAC-41B5-8D1D-20F7AAB26DDC}C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe] => (Allow) C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe
FirewallRules: [{6C96CD2A-2619-4A14-9C9F-4F1980B20C19}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe
FirewallRules: [{164745DB-048B-4831-B1DB-B5060C9E3180}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe
FirewallRules: [TCP Query User{4A5A5F1B-8582-4867-BFB6-6D4BCB2159C1}C:\program files (x86)\microsoft games\rise of nations\patriots.exe] => (Allow) C:\program files (x86)\microsoft games\rise of nations\patriots.exe
FirewallRules: [UDP Query User{60C65838-A70E-476A-BD56-259AA63C3CA2}C:\program files (x86)\microsoft games\rise of nations\patriots.exe] => (Allow) C:\program files (x86)\microsoft games\rise of nations\patriots.exe
FirewallRules: [{E1C19C47-BB03-4A90-A659-20795430588D}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED8DABEA-8E9E-45CD-AA76-13F55A19DC87}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63B486EE-5F8A-4287-8991-AF553633C70B}] => (Allow) LPort=30101
FirewallRules: [{4A2D5CB7-D982-4318-8791-49473D2C74A3}] => (Allow) C:\Program Files\WS_FTP Pro\ftp95pro.exe
FirewallRules: [{27F49E3C-DAEB-4D6B-A195-985B16A392DC}] => (Allow) C:\Program Files\WS_FTP Pro\ftp95pro.exe
FirewallRules: [{156A5292-2E47-4401-9512-2DE55AE8B2EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{83D82C0C-9033-41D8-B350-773C80A5ED76}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{7EA120C1-14C3-45EF-9A67-6FA13CC3BA94}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DCBA1DC6-F7A2-490E-8C5C-5C799F5538C5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C0F61208-EF64-4D96-9772-7FDF0EDC712B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0BD3B047-5FBA-4FDB-9B06-77E8283667EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2A3B8441-E2FD-496B-9AF5-5B93F81AF2C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
07-02-2016 03:00:30 Checkpoint by HitmanPro
08-02-2016 23:09:28 AA11
10-02-2016 10:00:14 Removed Macromedia Dreamweaver 8
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/12/2016 09:42:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.0.0.32, time stamp: 0x546da4ee
Faulting module name: libcef.dll, version: 3.1453.1255.0, time stamp: 0x518aa75e
Exception code: 0xc0000005
Fault offset: 0x005b6195
Faulting process id: 0x1e64
Faulting application start time: 0xRzStats.Manager.exe0
Faulting application path: RzStats.Manager.exe1
Faulting module path: RzStats.Manager.exe2
Report Id: RzStats.Manager.exe3
Faulting package full name: RzStats.Manager.exe4
Faulting package-relative application ID: RzStats.Manager.exe5
Error: (02/12/2016 09:42:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 5FA96195
Error: (02/12/2016 09:40:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pareto_Update3.exe, version: 3.0.3.0, time stamp: 0x51b0e6d8
Faulting module name: Pareto_Update3.exe, version: 3.0.3.0, time stamp: 0x51b0e6d8
Exception code: 0x40000015
Fault offset: 0x0013585b
Faulting process id: 0x1054
Faulting application start time: 0xPareto_Update3.exe0
Faulting application path: Pareto_Update3.exe1
Faulting module path: Pareto_Update3.exe2
Report Id: Pareto_Update3.exe3
Faulting package full name: Pareto_Update3.exe4
Faulting package-relative application ID: Pareto_Update3.exe5
Error: (02/12/2016 03:35:03 AM) (Source: HP Active Health) (EventID: 1002) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)
Error: (02/10/2016 10:00:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IDriver.exe, version: 10.1.0.238, time stamp: 0x40f76668
Faulting module name: iusercnv.dll, version: 10.1.0.238, time stamp: 0x40f76541
Exception code: 0xc0000005
Fault offset: 0x00010e2d
Faulting process id: 0x23cc
Faulting application start time: 0xIDriver.exe0
Faulting application path: IDriver.exe1
Faulting module path: IDriver.exe2
Report Id: IDriver.exe3
Faulting package full name: IDriver.exe4
Faulting package-relative application ID: IDriver.exe5
Error: (02/10/2016 09:08:56 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (02/10/2016 09:08:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 4a8
Start Time: 01d1640c5b26ae83
Termination Time: 0
Application Path: C:\WINDOWS\SysWOW64\mmc.exe
Report Id: b9f8a086-cfff-11e5-bee6-485ab609f952
Faulting package full name:
Faulting package-relative application ID:
Error: (02/09/2016 07:24:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzStats.Manager.exe, version: 1.0.0.32, time stamp: 0x546da4ee
Faulting module name: libcef.dll, version: 3.1453.1255.0, time stamp: 0x518aa75e
Exception code: 0xc0000005
Fault offset: 0x005b6195
Faulting process id: 0x1f10
Faulting application start time: 0xRzStats.Manager.exe0
Faulting application path: RzStats.Manager.exe1
Faulting module path: RzStats.Manager.exe2
Report Id: RzStats.Manager.exe3
Faulting package full name: RzStats.Manager.exe4
Faulting package-relative application ID: RzStats.Manager.exe5
Error: (02/09/2016 07:24:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzStats.Manager.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 60FB6195
Error: (02/09/2016 07:22:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pareto_Update3.exe, version: 3.0.3.0, time stamp: 0x51b0e6d8
Faulting module name: Pareto_Update3.exe, version: 3.0.3.0, time stamp: 0x51b0e6d8
Exception code: 0x40000015
Fault offset: 0x0013585b
Faulting process id: 0x1034
Faulting application start time: 0xPareto_Update3.exe0
Faulting application path: Pareto_Update3.exe1
Faulting module path: Pareto_Update3.exe2
Report Id: Pareto_Update3.exe3
Faulting package full name: Pareto_Update3.exe4
Faulting package-relative application ID: Pareto_Update3.exe5
System errors:
=============
Error: (02/12/2016 09:38:49 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
Error: (02/12/2016 09:37:47 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
Error: (02/12/2016 09:36:16 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Error: (02/12/2016 09:35:00 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
Error: (02/12/2016 09:34:42 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
%%2147942450
Error: (02/12/2016 09:34:42 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147942450.
Error: (02/12/2016 09:34:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
Error: (02/12/2016 09:34:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
Error: (02/12/2016 09:30:15 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
Error: (02/09/2016 07:22:43 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0
CodeIntegrity:
===================================
Date: 2016-02-14 10:44:18.365
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:44:18.141
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:44:17.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:44:17.667
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:44:17.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:43:22.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:43:22.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:43:21.927
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:43:21.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-14 10:43:21.467
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Windows\SysWOW64\ASProxy.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 88%
Total physical RAM: 12207.35 MB
Available physical RAM: 1436.39 MB
Total Virtual: 14063.35 MB
Available Virtual: 2953.46 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1842.55 GB) (Free:1709.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.64 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (WAR2BNECD) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 600E6D3B)
Partition: GPT.
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-02-14 10:52:04
-----------------------------
10:52:04.351 OS Version: Windows x64 6.2.9200
10:52:04.351 Number of processors: 4 586 0x3C03
10:52:04.351 ComputerName: DADSPC UserName: John
10:52:34.036 Initialize success
10:52:34.214 VM: initialized successfully
10:52:34.214 VM: Intel CPU BiosDisabled
10:53:43.765 AVAST engine defs: 16021400
10:54:16.607 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000031
10:54:16.607 Disk 0 Vendor: ST2000DM001-1CH164 HP34 Size: 1907729MB BusType: 11
10:54:16.701 Disk 0 MBR read successfully
10:54:16.701 Disk 0 MBR scan
10:54:16.716 Disk 0 unknown MBR code
10:54:16.716 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
10:54:16.748 Disk 0 scanning C:\WINDOWS\system32\drivers
10:54:27.885 Service scanning
10:54:48.922 Modules scanning
10:54:48.937 Disk 0 trace - called modules:
10:54:48.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
10:54:48.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0001eb225e0]
10:54:48.968 3 CLASSPNP.SYS[fffff800a1825170] -> nt!IofCallDriver -> [0xffffe0001d495c40]
10:54:48.984 5 ACPI.sys[fffff800a0649c21] -> nt!IofCallDriver -> [0xffffe0001d492d30]
10:54:48.984 7 ACPI.sys[fffff800a0649c21] -> nt!IofCallDriver -> \Device\00000031[0xffffe0001d495060]
10:54:50.203 AVAST engine scan C:\WINDOWS
10:54:54.937 AVAST engine scan C:\WINDOWS\system32
10:58:49.169 AVAST engine scan C:\WINDOWS\system32\drivers
10:59:49.140 AVAST engine scan C:\Users\John
11:36:46.319 AVAST engine scan C:\ProgramData
11:40:43.597 Disk 0 statistics 4614773/0/0 @ 0.92 MB/s
11:40:43.597 Scan finished successfully
11:41:54.214 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
11:41:54.214 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
We suggest uninstalling them via Add or Remove Programs in your Control Panel.
~~~~~~~~~~~~~~~~~
Let's create a restore point
To create a restore point
Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
In the left pane, click System protection. ...
Click the System Protection tab, and then click Create.
In the System Protection dialog box, type a description, and then click Create.
~~~~~~~~~~~~~~~~~`
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CreateRestorePoint:
CloseProcesses:
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_05¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByCyDyE0FtA0FyB0D0A0EtBtCtAtN0D0Tzu0StCyEzytAtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEzyzyzyyEyDtCyDtGyBtAyDyCtGyCyDtBzztGyBzzzzyBtGzyyEtAyDtCzz0CyD0F0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AzzyD0C0AyB0AtG0B0DzyyBtGyEyCyB0DtGzz0EyE0FtG0FyEtBtDzztA0E0Ezy0AtByB2QtN0A0LzuyE%26cr%3D1001654787%26a%3Dwncy_nxtad_16_05%26os_ver%3D6.3%26os%3DWindows%2B8.1
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> No File
Toolbar: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
AlternateDataStreams: C:\Windows:4E0E77A0ED053531
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by John (2016-02-14 21:28:15) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_05¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByCyDyE0FtA0FyB0D0A0EtBtCtAtN0D0Tzu0StCyEzytAtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEzyzyzyyEyDtCyDtGyBtAyDyCtGyCyDtBzztGyBzzzzyBtGzyyEtAyDtCzz0CyD0F0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AzzyD0C0AyB0AtG0B0DzyyBtGyEyCyB0DtGzz0EyE0FtG0FyEtBtDzztA0E0Ezy0AtByB2QtN0A0LzuyE%26cr%3D1001654787%26a%3Dwncy_nxtad_16_05%26os_ver%3D6.3%26os%3DWindows%2B8.1
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> No File
Toolbar: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
AlternateDataStreams: C:\Windows:4E0E77A0ED053531
CMD: ipconfig /flushdns
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
Chrome HomePage => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}" => key removed successfully
HKCR\Wow6432Node\CLSID\{601ED020-FB6C-11D3-87D8-0050DA59922B} => key not found.
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
C:\Windows => ":4E0E77A0ED053531" ADS removed successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{64492F0E-A2A7-42AF-B8FA-4C9FFC155373} canceled.
1 out of 1 jobs canceled.
========= End of CMD: =========
EmptyTemp: => 1.8 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 21:36:07 ====
# AdwCleaner v5.033 - Logfile created 14/02/2016 at 21:54:15
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : John - DADSPC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : qknfd
[-] Service Deleted : vToolbarUpdater40.2.5
***** [ Folders ] *****
[x] Folder Not Deleted : C:\Program Files (x86)\Viewpoint
[x] Folder Not Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[x] Folder Not Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
[x] Folder Not Deleted : C:\Program Files\Common Files\AVG Secure Search
[x] Folder Not Deleted : C:\ProgramData\AVG Secure Search
[x] Folder Not Deleted : C:\ProgramData\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\mntemp
[x] Folder Not Deleted : C:\ProgramData\ParetoLogic
[x] Folder Not Deleted : C:\ProgramData\Avg_Update_0215tb
[x] Folder Not Deleted : C:\ProgramData\Avg_Update_1214tb
[-] Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[x] Folder Not Deleted : C:\Users\John\AppData\Roaming\DriverCure
[x] Folder Not Deleted : C:\Users\John\AppData\Roaming\ParetoLogic
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[x] Task Not Deleted : paretologic registration3
[x] Task Not Deleted : paretologic update version3
[x] Task Not Deleted : ParetoLogic Update Version3 Startup Task
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\euask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.euask.com
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
***** [ Web browsers ] *****
[-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7597 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64
Ran by John (Administrator) on Sun 02/14/2016 at 22:33:18.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/15/2016 at 0:09:05.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tell me what the computer is doing now.
Let's run a quick scan with Malwarebytes
Open Malwarebytes Anti-Malware
http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply
~~~~~~~~~~~~~~~~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
Please post these 2 logs when finished.
Still getting redirected. However, this time MBAM found something. See below.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/15/2016
Scan Time: 11:49 AM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2016.02.15.03
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: John
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389439
Time Elapsed: 8 min, 26 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stop-block.org/wpad.dat?388afb707f76a35a9c2bff480ce582745755573, Quarantined, [4cb33030f9a069cd041345163cc854ac]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
ESET found no threats. No log generated.
Still having problems even after quarantine and reboot.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by John (administrator) on DADSPC (15-02-2016 17:23:00)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & DefaultAppPool)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Astrill) C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\John\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
() C:\Program Files\WindowsApps\10013ProdTester11.WindowsDefender_1.0.0.0_neutral__8zhdgmmraffpm\App3.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-02-16] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-02-16] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2015-01-12] (Voobly)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Astrill] => C:\Program Files (x86)\Astrill\astrill.exe [7213592 2015-12-17] (Astrill)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\MountPoints2: {453b0e54-7e58-11e3-be6e-806e6f6e6963} - "E:\SETUP.EXE"
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2016-02-02]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C391C4FB-21DA-44EC-ACCD-854B50ECE956}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D61DDEC4-5FD5-4C57-8A9E-DA4363CA3F60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F3685BC7-A488-4FD1-9C59-325FD2214783}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2001-02-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-12-02] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-12] (Google Inc.)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin HKU\S-1-5-21-1569399677-2339013464-2643545198-1001: hp.com/HPDetect -> C:\Users\John\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
Chrome:
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_05¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByCyDyE0FtA0FyB0D0A0EtBtCtAtN0D0Tzu0StCyEzytAtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEzyzyzyyEyDtCyDtGyBtAyDyCtGyCyDtBzztGyBzzzzyBtGzyyEtAyDtCzz0CyD0F0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AzzyD0C0AyB0AtG0B0DzyyBtGyEyCyB0DtGzz0EyE0FtG0FyEtBtDzztA0E0Ezy0AtByB2QtN0A0LzuyE%26cr%3D1001654787%26a%3Dwncy_nxtad_16_05%26os_ver%3D6.3%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxp://truckingsim.com/index.php"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-12]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12]
CHR Extension: (No Name) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-02-15]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-12]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [602136 2015-11-19] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2607640 2015-09-03] (Astrill)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-02-16] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [337920 2014-02-16] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-02] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 asvpndrv; C:\Windows\system32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-04] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-02-16] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2014-11-17] (Razer, Inc.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2016-02-04] (Duplex Secure Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-15 12:18 - 2016-02-15 12:18 - 02870984 _____ (ESET) C:\Users\John\Desktop\esetsmartinstaller_enu.exe
2016-02-15 12:13 - 2016-02-15 12:13 - 00001287 _____ C:\Users\John\Desktop\MBAM.txt
2016-02-15 00:09 - 2016-02-15 00:09 - 00000550 _____ C:\Users\John\Desktop\JRT.txt
2016-02-14 22:02 - 2016-02-14 22:02 - 00007728 _____ C:\Users\John\Desktop\AdwCleaner[C1].txt
2016-02-14 22:00 - 2016-02-14 22:00 - 01609032 _____ (Malwarebytes) C:\Users\John\Desktop\JRT.exe
2016-02-14 21:46 - 2016-02-14 21:54 - 00000000 ____D C:\AdwCleaner
2016-02-14 21:45 - 2016-02-14 21:45 - 01508352 _____ C:\Users\John\Desktop\AdwCleaner.exe
2016-02-14 21:32 - 2016-02-14 21:33 - 00000368 _____ C:\WINDOWS\Tasks\0116pizUpdateInfo.job
2016-02-14 21:32 - 2016-02-14 21:32 - 00002464 _____ C:\WINDOWS\System32\Tasks\0116pizUpdateInfo
2016-02-14 21:32 - 2016-02-14 21:32 - 00000000 ____D C:\ProgramData\Avg_Update_0116piz
2016-02-14 21:28 - 2016-02-14 21:36 - 00006244 _____ C:\Users\John\Desktop\Fixlog.txt
2016-02-14 11:41 - 2016-02-14 11:41 - 00002016 _____ C:\Users\John\Desktop\aswMBR.txt
2016-02-14 11:41 - 2016-02-14 11:41 - 00000512 _____ C:\Users\John\Desktop\MBR.dat
2016-02-14 10:44 - 2016-02-14 10:48 - 00052318 _____ C:\Users\John\Desktop\Addition.txt
2016-02-14 10:42 - 2016-02-15 17:23 - 00024067 _____ C:\Users\John\Desktop\FRST.txt
2016-02-14 10:33 - 2016-02-15 17:23 - 00000000 ____D C:\FRST
2016-02-14 10:32 - 2016-02-14 10:32 - 02370560 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-02-14 10:31 - 2016-02-14 10:31 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-02-14 10:31 - 2016-02-14 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-14 10:30 - 2016-02-14 10:31 - 00016199 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-02-14 10:29 - 2016-02-14 10:29 - 04777232 _____ (Tweaking.com) C:\Users\John\Desktop\tweaking.com_registry_backup_setup.exe
2016-02-13 21:48 - 2016-02-13 21:48 - 00000000 ____D C:\Users\John\AppData\Local\HP Quick Start
2016-02-13 21:45 - 2016-02-13 21:45 - 04584344 _____ (Google) C:\Users\John\Downloads\chrome_cleanup_tool.exe
2016-02-12 15:30 - 2016-02-12 15:30 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-12 15:30 - 2016-02-12 15:30 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-12 15:29 - 2016-02-15 16:34 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-12 15:29 - 2016-02-15 15:34 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 15:29 - 2016-02-12 15:29 - 00003880 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-12 15:29 - 2016-02-12 15:29 - 00003644 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-12 15:29 - 2016-02-12 15:29 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2016-02-12 12:22 - 2016-02-12 12:22 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2016-02-11 14:33 - 2016-02-11 14:32 - 00450979 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160211-143319.backup
2016-02-11 14:32 - 2016-02-11 13:33 - 00450979 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160211-143240.backup
2016-02-11 13:33 - 2015-08-12 20:20 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160211-133353.backup
2016-02-11 11:10 - 2016-02-11 11:10 - 00558336 _____ (Safer-Networking Ltd. ) C:\Users\John\Downloads\spybot2-license.exe
2016-02-10 08:17 - 2016-02-10 08:17 - 54329568 _____ (Microsoft Corporation) C:\Users\John\Downloads\Windows-KB890830-x64-V5.33.exe
2016-02-10 00:47 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 00:47 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 00:47 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 00:47 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 00:47 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 00:47 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 00:47 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 00:47 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 19:14 - 2016-02-09 19:14 - 00002458 _____ C:\WINDOWS\system32\.crusader
2016-02-09 17:04 - 2016-01-10 12:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-09 17:04 - 2016-01-10 12:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 17:04 - 2016-01-10 12:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-09 17:04 - 2016-01-10 12:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-09 17:04 - 2016-01-10 12:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-09 17:04 - 2016-01-10 11:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 17:04 - 2016-01-10 11:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-09 17:04 - 2016-01-10 11:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-09 17:04 - 2016-01-10 11:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 17:03 - 2016-01-22 03:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-09 17:03 - 2016-01-22 02:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-09 17:03 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-09 17:03 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 17:03 - 2016-01-22 01:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 17:03 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-09 17:03 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-09 17:03 - 2016-01-22 00:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-02-09 17:03 - 2016-01-22 00:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 17:03 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-09 17:03 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-02-09 17:03 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-09 17:03 - 2016-01-22 00:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-09 17:03 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-09 17:03 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-09 17:03 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 17:03 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 17:03 - 2016-01-22 00:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-02-09 17:03 - 2016-01-22 00:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-09 17:03 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-02-09 17:03 - 2016-01-22 00:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 17:03 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-09 17:03 - 2016-01-22 00:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-09 17:03 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-09 17:03 - 2016-01-22 00:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 17:03 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-02-09 17:03 - 2016-01-22 00:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-09 17:03 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 17:03 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-02-09 17:03 - 2016-01-21 23:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-09 17:03 - 2016-01-19 14:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-09 17:03 - 2016-01-19 14:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 17:03 - 2016-01-19 14:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 17:03 - 2016-01-19 14:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 17:03 - 2016-01-19 14:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 17:03 - 2016-01-19 13:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 17:03 - 2016-01-19 13:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 17:03 - 2016-01-19 13:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 17:03 - 2016-01-19 13:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 17:03 - 2016-01-19 12:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 17:03 - 2016-01-19 11:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-09 17:03 - 2016-01-14 20:42 - 00033472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-09 17:03 - 2016-01-14 15:44 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-09 17:03 - 2016-01-14 15:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-09 17:03 - 2016-01-10 14:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-09 17:03 - 2016-01-10 14:37 - 00136912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-09 17:03 - 2016-01-10 13:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-09 17:03 - 2016-01-10 13:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-09 17:03 - 2016-01-10 13:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-09 17:03 - 2016-01-10 12:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-09 17:03 - 2016-01-10 12:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-09 17:03 - 2016-01-10 12:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-09 17:03 - 2016-01-10 12:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 17:03 - 2016-01-10 11:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-09 17:03 - 2016-01-10 11:51 - 03707392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 17:03 - 2016-01-10 11:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 17:03 - 2016-01-10 11:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-02-09 17:03 - 2016-01-10 11:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-02-09 17:03 - 2016-01-10 11:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-09 17:03 - 2016-01-10 11:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-02-09 17:03 - 2016-01-10 11:35 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-02-09 17:03 - 2016-01-10 11:35 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-09 17:03 - 2016-01-10 11:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-02-09 17:03 - 2016-01-10 11:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-02-09 17:03 - 2016-01-10 11:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-02-09 17:03 - 2016-01-10 11:26 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-09 17:03 - 2016-01-07 13:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-09 17:03 - 2016-01-06 13:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 17:03 - 2015-12-29 10:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-09 17:03 - 2015-12-29 10:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-09 17:03 - 2015-12-29 10:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-09 17:03 - 2015-12-29 10:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 17:03 - 2015-12-28 16:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-09 17:03 - 2015-12-28 15:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-09 17:03 - 2015-12-17 13:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-09 17:03 - 2015-12-17 11:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-09 13:33 - 2016-02-09 13:33 - 00000000 ____D C:\Users\John\Documents\ProcAlyzer Dumps
2016-02-09 13:30 - 2016-02-09 13:30 - 00000363 _____ C:\Users\John\Control Panel - Shortcut.lnk
2016-02-09 13:23 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-02-09 13:21 - 2016-02-09 13:21 - 00001414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-02-09 13:21 - 2016-02-09 13:21 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-02-09 13:21 - 2016-02-09 13:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-02-09 13:21 - 2016-02-09 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-02-09 13:20 - 2016-02-11 14:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-09 13:20 - 2016-02-11 11:15 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-09 13:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-02-08 20:34 - 2016-02-08 20:34 - 03039232 _____ C:\Users\John\ntuser.rhk
2016-02-08 05:23 - 2016-02-08 05:23 - 00000000 ____D C:\sh4ldr
2016-02-08 05:23 - 2016-02-08 05:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-02-08 05:23 - 2016-02-08 05:23 - 00000000 _____ C:\autoexec.bat
2016-02-07 02:53 - 2016-02-07 02:53 - 00001916 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-07 02:53 - 2016-02-07 02:53 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-07 02:52 - 2016-02-09 19:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-06 17:49 - 2016-02-06 17:50 - 02468442 _____ C:\Users\John\Downloads\forced.mp4
2016-02-06 12:18 - 2016-02-06 12:26 - 00000000 ____D C:\Users\John\Documents\Attachments
2016-02-05 22:05 - 2016-02-11 10:55 - 00000000 ____D C:\Program Files (x86)\No-IP
2016-02-05 22:05 - 2016-02-05 22:05 - 00000000 ____D C:\Users\John\AppData\Local\Vitalwerks
2016-02-05 20:26 - 2016-02-08 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2016-02-04 22:25 - 2016-02-04 22:25 - 00000041 ___SH C:\ProgramData\.zreglib
2016-02-04 22:24 - 2016-02-04 22:29 - 00000000 ____D C:\Program Files (x86)\SlySoft
2016-02-04 22:17 - 2016-02-04 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Hawk Technology
2016-02-04 22:17 - 2006-03-20 00:00 - 00057344 _____ (NexiTech, Inc.) C:\WINDOWS\SysWOW64\WNASPINT.DLL
2016-02-04 22:09 - 2016-02-04 22:13 - 00868848 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2016-02-04 21:45 - 2016-02-04 21:45 - 00001704 _____ C:\Users\John\Desktop\Warcraft 2 Combat Map Editor.lnk
2016-02-04 21:32 - 2016-02-04 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netscape 7.0
2016-02-04 21:32 - 2016-02-04 21:32 - 00010004 _____ C:\WINDOWS\mozver.dat
2016-02-04 21:31 - 2016-02-04 21:31 - 00003072 _____ C:\WINDOWS\System32\Tasks\{885D906F-296A-4054-A9DC-1129789D4DF3}
2016-02-04 21:20 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\AppData\Local\Netscape
2016-02-04 21:20 - 2016-02-04 21:32 - 00000335 _____ C:\WINDOWS\nsreg.dat
2016-02-04 21:11 - 2016-02-04 21:11 - 00000000 ____D C:\Program Files\Jasc Software Inc
2016-02-04 21:10 - 2016-02-04 21:11 - 00018994 _____ C:\WINDOWS\Team C8 - 200 Paintshop Pro Plugins Mega-Pack 01 - Filters Setup Log.txt
2016-02-04 21:05 - 2016-02-04 21:05 - 00000000 ____D C:\Program Files (x86)\War2CombatMapEditor
2016-02-04 00:22 - 2016-02-04 00:22 - 00003248 _____ C:\WINDOWS\System32\Tasks\{D80DD150-CBD1-4F3F-8FB0-B796A447F6C9}
2016-02-04 00:21 - 2016-02-04 00:21 - 00001636 _____ C:\Users\John\Desktop\PSP 7.lnk
2016-02-03 23:41 - 2016-02-03 23:43 - 31725159 _____ C:\Users\John\Downloads\psp7.zip
2016-02-03 00:51 - 2016-02-03 00:51 - 01193136 _____ (Corel Corporation) C:\Users\John\Downloads\pspx8.1_seo.exe
2016-02-03 00:34 - 2016-02-03 00:34 - 00003204 _____ C:\WINDOWS\System32\Tasks\{18E4AAEF-0F88-4456-8AE9-B262A884FF88}
2016-02-02 23:38 - 2016-02-02 23:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-02 23:38 - 2016-02-02 23:38 - 00000000 ____D C:\Users\John\AppData\Local\CEF
2016-02-02 22:26 - 2016-02-02 22:26 - 00000000 ____D C:\ProgramData\BulletProof Software
2016-02-02 21:45 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\AppData\Local\BulletProof Software
2016-02-02 21:43 - 2016-02-08 22:51 - 00000000 ____D C:\BBB
2016-02-02 21:14 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\Jasc Software Inc
2016-02-02 19:16 - 2016-02-02 19:16 - 00000879 _____ C:\Users\John\Documents\bbbhq.dwt
2016-02-02 18:59 - 2016-02-02 18:59 - 00000000 ____D C:\ProgramData\Macromedia
2016-02-02 18:58 - 2016-02-10 10:01 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-02-02 18:58 - 2016-02-10 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2016-02-02 18:58 - 2016-02-10 10:01 - 00000000 ____D C:\Program Files (x86)\Macromedia
2016-02-02 16:44 - 2016-02-04 21:52 - 00044867 _____ C:\Users\John\Documents\Black Blade Brigade.htm
2016-02-02 16:44 - 2016-02-02 19:28 - 00000000 ____D C:\Users\John\Documents\Black Blade Brigade_files
2016-02-02 16:05 - 2016-02-02 16:05 - 02930208 _____ (NetworkActiv) C:\Users\John\Downloads\NetworkActivWebServerV4.0_PA_3.7.0.exe
2016-02-02 16:04 - 2016-02-02 16:04 - 00622608 _____ (NetworkActiv) C:\Users\John\Downloads\NetworkActivWebServerV3.5.exe
2016-02-02 14:57 - 2016-02-02 14:57 - 00001660 _____ C:\Users\John\Desktop\Warcraft II Map Editor.exe - Shortcut.lnk
2016-02-02 13:50 - 2016-02-02 13:50 - 00000002 _____ C:\Users\John\Documents\gwd_workspace.json
2016-02-02 01:07 - 2016-02-02 01:07 - 00000000 ____D C:\Users\John\Documents\OneNote Notebooks
2016-02-02 01:06 - 2016-02-06 11:13 - 00000000 ____D C:\Users\John\Documents\bbb_index_files
2016-02-02 01:06 - 2016-02-02 01:06 - 00077824 _____ C:\Users\John\Documents\Publication4.pub
2016-02-02 01:06 - 2016-02-02 01:06 - 00013132 _____ C:\Users\John\Documents\bbb_index.htm
2016-02-02 00:49 - 2016-02-02 00:49 - 00033881 _____ C:\Users\John\Documents\bbb.htm
2016-02-02 00:49 - 2016-02-02 00:49 - 00000000 ____D C:\Users\John\Documents\bbb_files
2016-02-02 00:46 - 2016-02-02 12:55 - 00254976 _____ C:\Users\John\Documents\bbb.pub
2016-02-02 00:19 - 2016-02-02 00:19 - 00129528 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 23:42 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\CoffeeCup Software
2016-02-01 23:42 - 2016-02-01 23:42 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup DirectFTP.lnk
2016-02-01 23:42 - 2016-02-01 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup DirectFTP
2016-02-01 23:33 - 2016-02-01 23:33 - 00003100 _____ C:\WINDOWS\System32\Tasks\{D451E8EB-F2D8-4DAE-BA65-5E56D847B3BA}
2016-02-01 22:39 - 2016-02-01 22:39 - 00000000 ____D C:\Users\John\Documents\HQ
2016-02-01 22:34 - 2016-02-01 22:37 - 00000000 ____D C:\Users\John\Documents\Headquarters
2016-02-01 20:57 - 2016-02-01 20:57 - 00000000 ____D C:\Users\John\AppData\Local\Disruptive Innovations SARL
2016-02-01 19:26 - 2016-02-01 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-01 19:08 - 2016-02-01 19:12 - 00000000 ____D C:\Users\John\Documents\BBB
2016-02-01 18:02 - 2016-02-01 18:02 - 00000006 ____S C:\ProgramData\9d14874e4867a8275e174fe4445aabd83ba0869d
2016-02-01 04:10 - 2016-02-01 04:10 - 00000000 ____D C:\Users\John\AppData\Local\Globalscape
2016-02-01 04:10 - 2016-02-01 04:10 - 00000000 ____D C:\ProgramData\Globalscape
2016-01-30 20:17 - 2016-01-30 20:17 - 00000001 _____ C:\Users\John\Downloads\RED_Overnight_Express.zip
2016-01-29 17:34 - 2016-02-08 20:01 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-29 17:34 - 2016-01-29 17:34 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-01-29 17:34 - 2016-01-29 13:04 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-01-29 17:34 - 2014-02-21 23:37 - 00000369 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-29 17:34 - 2014-02-21 23:37 - 00000369 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-29 17:34 - 2014-02-15 23:06 - 00000000 ____D C:\Users\DefaultAppPool\Documents\hp.system.package.metadata
2016-01-29 17:34 - 2014-02-15 23:06 - 00000000 ____D C:\Users\DefaultAppPool\Documents\hp.applications.package.appdata
2016-01-29 17:34 - 2014-02-15 23:06 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2016-01-29 17:25 - 2016-02-15 03:02 - 00000000 ____D C:\War2Combat
2016-01-29 17:25 - 2016-01-29 17:25 - 00001576 _____ C:\Users\John\Desktop\War2Combat.lnk
2016-01-29 14:52 - 2016-01-29 14:52 - 00000000 _____ C:\WINDOWS\SysWOW64\Access.dat
2016-01-29 13:05 - 2016-02-08 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-01-29 13:04 - 2016-01-29 13:04 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-01-29 13:04 - 2016-01-29 13:04 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-01-29 13:03 - 2016-01-29 13:03 - 00000000 ____D C:\Users\John\Documents\Tunngle
2016-01-29 13:03 - 2015-12-21 17:01 - 00047736 _____ (Tunngle.net) C:\WINDOWS\system32\Drivers\tap0901t.sys
2016-01-29 02:03 - 2016-01-29 15:47 - 00000000 ____D C:\Users\John\Desktop\AGEditor3
2016-01-28 23:57 - 2016-01-28 23:57 - 00001147 _____ C:\Users\John\Desktop\CoffeeCup Free HTML Editor.lnk
2016-01-28 23:56 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\Documents\CoffeeCup Software
2016-01-28 23:56 - 2016-01-28 23:56 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2016-01-28 23:55 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\AppData\Roaming\CoffeeCup Software
2016-01-28 22:18 - 2016-02-08 22:51 - 00000000 ____D C:\Users\John\Desktop\NP++
2016-01-28 22:17 - 2016-01-28 22:17 - 02020520 _____ C:\Users\John\Desktop\npp.6.8.8.bin.7z
2016-01-28 22:17 - 2016-01-28 22:17 - 00000000 ____D C:\Users\John\AppData\Roaming\Notepad++
2016-01-28 21:48 - 2016-01-28 21:48 - 00781994 _____ C:\Users\John\Desktop\phpsgex-2.0.1.7.zip
2016-01-24 22:55 - 2016-01-24 22:55 - 00001127 _____ C:\Users\John\Desktop\Investments.txt
2016-01-22 15:19 - 2016-01-22 15:19 - 00000000 ____D C:\Users\John\Downloads\Kali
2016-01-22 15:17 - 2016-01-22 15:18 - 02811349 _____ (InstallShield Software Corporation) C:\Users\John\Downloads\kali2613.exe
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-15 17:09 - 2015-08-13 19:05 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-15 17:05 - 2014-04-07 08:43 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-02-15 14:36 - 2014-01-15 21:01 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1569399677-2339013464-2643545198-1001
2016-02-15 14:36 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-15 14:31 - 2014-01-15 20:51 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2016-02-15 14:31 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-15 14:12 - 2014-04-05 09:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-15 14:07 - 2014-02-15 23:24 - 00000000 ___DO C:\Users\John\SkyDrive
2016-02-15 14:07 - 2013-11-14 02:28 - 00992412 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-15 14:07 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-15 14:06 - 2013-03-22 13:00 - 00000983 _____ C:\WINDOWS\SysWOW64\bscs.ini
2016-02-15 14:03 - 2013-12-02 09:45 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2016-02-15 14:03 - 2013-12-02 09:45 - 00000088 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2016-02-15 14:03 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-15 14:02 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-15 13:08 - 2014-01-15 20:53 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4E3A0E6E-0F52-4F4E-99F7-A943C718BF2E}
2016-02-15 06:45 - 2014-01-22 20:59 - 00000000 ____D C:\ProgramData\MFAData
2016-02-15 00:43 - 2015-12-04 19:59 - 00104448 ___SH C:\Users\John\Downloads\Thumbs.db
2016-02-14 22:00 - 2014-01-31 20:33 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-02-14 10:31 - 2015-08-12 18:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-14 09:51 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-14 01:00 - 2015-12-25 17:29 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2016-02-13 02:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-12 15:30 - 2014-01-15 20:59 - 00000000 ____D C:\Users\John\AppData\Local\Google
2016-02-12 15:30 - 2014-01-15 20:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-12 10:57 - 2014-01-15 21:37 - 00000000 ____D C:\Program Files (x86)\Voobly
2016-02-12 09:32 - 2015-09-04 07:18 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2016-02-12 09:31 - 2013-08-22 09:44 - 00507936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-12 09:29 - 2015-04-17 03:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-12 09:29 - 2013-11-14 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-12 09:29 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-12 03:35 - 2015-09-04 07:18 - 00003154 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2016-02-12 03:08 - 2015-05-13 22:23 - 00000000 ___RD C:\Users\John\OneDrive
2016-02-12 03:08 - 2015-01-15 21:49 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1569399677-2339013464-2643545198-1001
2016-02-11 22:11 - 2014-03-31 07:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-11 22:11 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-10 10:08 - 2015-12-20 14:40 - 00000000 ____D C:\Software
2016-02-10 08:18 - 2014-10-16 23:03 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 01:03 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 00:56 - 2014-01-16 21:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-09 21:09 - 2015-12-29 11:09 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-02-09 21:09 - 2015-08-13 19:05 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 17:03 - 2015-11-10 16:24 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-09 17:03 - 2015-11-10 16:24 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-09 13:30 - 2014-02-15 23:04 - 00000000 ____D C:\Users\John
2016-02-09 13:23 - 2015-06-22 08:57 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-08 22:56 - 2016-01-12 22:50 - 00000000 ____D C:\Users\John\AppData\Roaming\PSpad
2016-02-08 22:56 - 2015-12-21 23:33 - 00000000 ____D C:\Users\John\AppData\Roaming\Astrill
2016-02-08 22:56 - 2015-12-21 23:33 - 00000000 ____D C:\Program Files (x86)\Astrill
2016-02-08 22:56 - 2015-04-04 03:02 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-02-08 22:52 - 2015-12-20 15:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Spool
2016-02-08 22:52 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-02-08 22:51 - 2016-01-12 22:50 - 00000000 ____D C:\Program Files (x86)\PSPad editor
2016-02-08 22:51 - 2016-01-06 14:31 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-02-08 22:51 - 2016-01-06 14:31 - 00000000 ____D C:\Users\John\AppData\Local\Amazon
2016-02-08 22:51 - 2015-12-25 17:28 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-02-08 22:51 - 2015-12-25 17:18 - 00000000 ____D C:\Users\John\AppData\Local\converter
2016-02-08 22:51 - 2015-12-25 16:32 - 00000000 ____D C:\Users\John\AppData\Local\fontconfig
2016-02-08 22:51 - 2015-12-25 15:08 - 00000000 ____D C:\Users\John\AppData\Local\RzStats
2016-02-08 22:51 - 2015-12-25 15:03 - 00000000 ____D C:\Users\John\AppData\Roaming\Anvsoft
2016-02-08 22:51 - 2015-12-25 14:30 - 00000000 ____D C:\Users\Public\CyberLink
2016-02-08 22:51 - 2015-12-20 15:00 - 00000000 ____D C:\ProgramData\InstallShield
2016-02-08 22:51 - 2015-12-12 23:30 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft Games
2016-02-08 22:51 - 2015-12-12 23:27 - 00000000 ____D C:\Program Files (x86)\GameSpy Arcade
2016-02-08 22:51 - 2015-12-10 22:32 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-02-08 20:46 - 2013-08-22 08:25 - 00000292 _____ C:\WINDOWS\win.ini
2016-02-08 20:28 - 2014-02-01 12:57 - 00000000 ____D C:\Users\John\AppData\Local\HPConnectedMusic
2016-02-06 00:53 - 2014-04-05 09:08 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-06 00:53 - 2014-04-05 09:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-04 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\System
2016-02-03 18:48 - 2015-12-20 15:37 - 00000000 ____D C:\Users\John\Documents\My PSP Files
2016-02-03 18:48 - 2015-12-20 14:45 - 00006580 ___SH C:\WINDOWS\SysWOW64\KGyGaAvL.sys
2016-02-03 01:24 - 2014-02-16 19:22 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2016-02-02 23:38 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-02-02 23:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-02 22:26 - 2013-12-02 09:26 - 00000000 ____D C:\ProgramData\Temp
2016-02-02 22:06 - 2014-01-15 20:51 - 00000000 ____D C:\Users\John\AppData\Local\VirtualStore
2016-02-02 04:29 - 2014-11-07 18:23 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-02 04:28 - 2014-11-07 18:23 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-02 04:28 - 2014-11-07 18:23 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-01 21:37 - 2015-12-11 13:46 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-01 21:37 - 2015-12-11 13:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-01 20:27 - 2014-04-07 08:43 - 00000000 ____D C:\ProgramData\Skype
2016-02-01 19:28 - 2013-12-02 09:39 - 00000000 ____D C:\Program Files\7-Zip
2016-02-01 15:25 - 2013-12-02 09:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-29 18:50 - 2014-12-04 19:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-29 17:38 - 2014-02-16 01:53 - 00000000 ____D C:\inetpub
2016-01-29 17:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-01-29 17:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-01-29 13:04 - 2013-04-03 19:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-29 01:57 - 2014-12-04 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-29 01:53 - 2013-12-02 09:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-29 01:53 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-22 02:56 - 2015-05-21 07:55 - 00000000 ____D C:\Users\John\AppData\Local\Avg
2016-01-22 02:56 - 2014-01-22 21:03 - 00000000 ___HD C:\$AVG
2016-01-16 17:58 - 2014-04-07 08:43 - 00000000 ___RD C:\Program Files (x86)\Skype
==================== Files in the root of some directories =======
2015-12-21 23:33 - 2015-05-05 11:56 - 1701390 _____ () C:\Users\John\AppData\Roaming\addr2line.exe
2014-01-16 18:37 - 2014-07-18 23:31 - 0000210 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2014-02-02 22:22 - 2014-02-02 22:23 - 0003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-04 22:25 - 2016-02-04 22:25 - 0000041 ___SH () C:\ProgramData\.zreglib
2016-02-01 18:02 - 2016-02-01 18:02 - 0000006 ____S () C:\ProgramData\9d14874e4867a8275e174fe4445aabd83ba0869d
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-14 22:07
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by John (2016-02-15 17:23:41)
Running from C:\Users\John\Desktop
Windows 8.1 (X64) (2014-02-16 04:21:45)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1569399677-2339013464-2643545198-500 - Administrator - Disabled)
Guest (S-1-5-21-1569399677-2339013464-2643545198-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1569399677-2339013464-2643545198-1005 - Limited - Enabled)
John (S-1-5-21-1569399677-2339013464-2643545198-1001 - Administrator - Enabled) => C:\Users\John
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Spybot - Search and Destroy (Disabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.5.441 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CoffeeCup Free HTML Editor (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\CoffeeCup Free HTML Editor) (Version: - )
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.256 - SurfRight B.V.)
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\HPConnectedMusic) (Version: 1.1 (build 88) hp - Meridian Audio Ltd)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\OneDriveSetup.exe) (Version: 17.3.6301.0127 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Paint Shop Pro 7 ESD (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.0.2700 - Jan Fiala)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)
War2Combat version 4.01 (HKLM-x32\...\War2Combat_is1) (Version: 4.01 - War2 RU Admins)
Warcraft II BNE (HKLM-x32\...\Warcraft II BNE) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DE6D96A-CEFF-47E7-955C-E72850EF4997} - System32\Tasks\{885D906F-296A-4054-A9DC-1129789D4DF3} => pcalua.exe -a C:\Software\Netscape702.exe -d C:\Software
Task: {0EFD0EF6-ECEA-4630-BE08-FC904084A805} - System32\Tasks\{D80DD150-CBD1-4F3F-8FB0-B796A447F6C9} => pcalua.exe -a "C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7\psp.exe" -d "C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 7"
Task: {1C239607-033B-4FB7-829B-890F36367737} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {1D5CD059-EF4A-4232-BB7D-5929D17991BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {1E1F95C9-20E8-4831-9327-CDD9EA8D3692} - System32\Tasks\{0F3F556A-E2B3-48EE-B310-9AE2AFD33034} => pcalua.exe -a C:\Users\John\Downloads\kali2613.exe -d C:\Users\John\Downloads
Task: {291A0C24-759B-4A48-BC46-0DF6522B9B53} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {347A45D2-543D-4E41-B9CF-625D4E51AAF9} - System32\Tasks\0116pizUpdateInfo => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe [2016-01-10] ()
Task: {5692E3A3-1846-4685-A611-3FA681734961} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {577E69C9-B172-444A-8385-F1650D61ABA6} - System32\Tasks\{D451E8EB-F2D8-4DAE-BA65-5E56D847B3BA} => pcalua.exe -a C:\Users\John\Desktop\setup.exe -d C:\Users\John\Desktop
Task: {61BFBA64-41DD-47D2-B643-FD8264C65A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
Task: {657E3322-C270-4617-8264-1873FA38CCC2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {7267E0D7-7CE3-4360-8833-015D42DF47E2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {7961BE82-22FE-4CAF-B72F-57F29D10BD0F} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {7A0E8C5C-19E0-4791-B40D-20D9A6AA2342} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2015-11-30] (DivX, LLC)
Task: {7D40B79E-437A-4EAB-B1BE-55A52BF0F2F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {847FDBB2-7691-45CF-977D-1A117D2A0279} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
Task: {89563CEE-DC34-4E75-BE77-BE5926E0BFEA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {A3899934-D51F-493A-AD80-6FB82F9CB919} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {A5CF101D-2F1E-414B-9502-021CDDE4CC8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B2A98F79-5FA9-4E4C-B781-0E33DE29E38A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {B900BEBB-454C-4459-A360-78C2CFE9FB69} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D41ADF3B-375A-4717-8C73-521A9FE1BF09} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1569399677-2339013464-2643545198-1001 => C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-02-12] (Microsoft Corporation)
Task: {DCD3046B-2A0F-4C9D-A6AD-9F756201A239} - System32\Tasks\{851B229F-6786-4961-B86F-7E72FC09E81C} => pcalua.exe -a C:\Users\John\Downloads\kali2613.exe -d C:\Users\John\Downloads
Task: {EA79D8F6-3652-4133-A7D2-21D002B43ED0} - System32\Tasks\DivX Update => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {F279DC8F-956C-4059-A276-377D5FF6CB03} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F4B65365-1316-488D-A98F-976C6FBE7515} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {FB482630-C1CB-4B16-AD99-58103EA54DFF} - System32\Tasks\{18E4AAEF-0F88-4456-8AE9-B262A884FF88} => pcalua.exe -a "C:\Software\Jasc Software Inc\Paint Shop Pro 7\psp.exe" -d "C:\Software\Jasc Software Inc\Paint Shop Pro 7"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\0116pizUpdateInfo.job => C:\ProgramData\Avg_Update_0116piz\0116piz_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-03-03 22:52 - 2016-02-02 04:28 - 01205832 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-10-31 18:27 - 2014-10-31 18:27 - 00183488 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-01-10 16:35 - 2013-01-10 16:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00055296 _____ () C:\windows\system32\BlueSoleilCSps.dll
2013-01-10 14:25 - 2013-01-10 14:25 - 00364544 _____ () C:\windows\system32\BsExtendFunc.dll
2013-01-10 16:30 - 2013-01-10 16:30 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2014-11-20 03:23 - 2014-11-20 03:23 - 00289792 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2016-02-15 14:31 - 2016-02-15 14:31 - 00018944 _____ () C:\Program Files\WindowsApps\10013ProdTester11.WindowsDefender_1.0.0.0_neutral__8zhdgmmraffpm\App3.exe
2013-01-10 16:30 - 2013-01-10 16:30 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-03-22 13:06 - 2013-03-22 13:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 13:53 - 2011-07-05 13:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 16:35 - 2013-01-10 16:35 - 00055296 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2016-02-09 13:20 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-02-09 13:20 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-02 09:29 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-12-01 14:09 - 2015-12-01 14:08 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2014-12-25 08:45 - 2014-01-03 19:20 - 34755072 _____ () C:\Users\John\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-11-20 01:02 - 2014-11-20 01:02 - 00193024 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-12-25 08:45 - 2014-01-03 19:20 - 00970240 _____ () C:\Users\John\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\ffmpegsumo.dll
2014-02-16 00:32 - 2014-02-16 00:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-02-09 13:20 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-02-12 15:30 - 2016-02-09 06:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-12 15:30 - 2016-02-09 06:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7871 more sites.
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\123simsen.com -> www.123simsen.com
There are 7871 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2016-02-11 14:33 - 00450979 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15470 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\Pictures\108455_web.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\...\StartupApproved\Run: => "Astrill"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{F4EBFC1D-E068-4381-9B00-185F20036A35}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [TCP Query User{68733256-15E9-4E3D-8EF2-DA8610429C07}C:\program files (x86)\microsoft games\age of empires\empiresx.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires\empiresx.exe
FirewallRules: [UDP Query User{F110405F-9AE0-40DD-9AEB-F53516AC1E00}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{391DFEE8-B715-443A-BE65-855C41F31573}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{7B215395-2AA2-4B33-AB90-E184DE121044}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{2615DA2F-DE0C-4C1E-ACE4-32DD1DC81C3D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{D14EA835-F845-44A1-BDCC-12A070A7399E}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{A8CF1E97-3537-4FAD-BCC1-BB7A47850B0E}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [{DCC92AF2-BC4C-457B-B194-93F8C71A78B7}] => (Allow) C:\Program Files (x86)\Veetle\Player\VeetleNet.exe
FirewallRules: [{EE41C626-06E2-4627-8E35-0A260C14D6DE}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{43D7EE1A-CF43-4C1D-8419-D5215945C67D}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{B28704A6-8135-4017-BA84-B59DE3015D9F}] => (Allow) LPort=1900
FirewallRules: [{5B4218F9-2487-43A4-AF41-37327258F649}] => (Allow) LPort=2869
FirewallRules: [{85F11C25-F507-4B54-9D25-A33C87BE0E5D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{14BDA67B-0933-4F2B-A3BB-65FB3433BB70}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C20B4506-A17F-4E9E-BDC7-CC3D521EF6A0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{861C7345-82D2-479C-85FA-1FD77CE29022}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E7EC0ED-40F2-4752-AC9C-B2C485C18CD6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBEA879D-A1B5-44E0-B171-50E2C7E5F9EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B1F9945-5C2C-4285-A29B-65CB854879DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C84E8418-D103-40B7-9290-19453F44024F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8268AC9F-B4DF-4A5A-BCCC-48BFA746D115}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{5687E6D3-A537-452D-A75E-6BECA4BC8E86}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5DF4C964-DE12-4F21-9AB2-C406B53FF674}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{3B689F6F-C996-465A-AF6F-76BF458D5C93}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{F7812B2A-C39E-41CC-8588-9C641B605139}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{BD2AD89C-1EC2-4219-933E-BB62596668DB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{76CD426E-F71A-43A1-8AFB-BAFA67C18030}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{C723930D-0509-458F-970E-6BA9F11DC6E4}C:\war2combat\warcraft ii bne.exe] => (Allow) C:\war2combat\warcraft ii bne.exe
FirewallRules: [UDP Query User{48B9D663-EF5C-4DA6-8FBF-55F3CBF8E68B}C:\war2combat\warcraft ii bne.exe] => (Allow) C:\war2combat\warcraft ii bne.exe
FirewallRules: [TCP Query User{095B06A3-3ED0-4080-B683-8B858DC9B9C2}C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe] => (Allow) C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe
FirewallRules: [UDP Query User{0B4AFEBB-CFAC-41B5-8D1D-20F7AAB26DDC}C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe] => (Allow) C:\program files (x86)\warcraft ii bne\warcraft ii bne.exe
FirewallRules: [{6C96CD2A-2619-4A14-9C9F-4F1980B20C19}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe
FirewallRules: [{164745DB-048B-4831-B1DB-B5060C9E3180}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe
FirewallRules: [TCP Query User{4A5A5F1B-8582-4867-BFB6-6D4BCB2159C1}C:\program files (x86)\microsoft games\rise of nations\patriots.exe] => (Allow) C:\program files (x86)\microsoft games\rise of nations\patriots.exe
FirewallRules: [UDP Query User{60C65838-A70E-476A-BD56-259AA63C3CA2}C:\program files (x86)\microsoft games\rise of nations\patriots.exe] => (Allow) C:\program files (x86)\microsoft games\rise of nations\patriots.exe
FirewallRules: [{E1C19C47-BB03-4A90-A659-20795430588D}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED8DABEA-8E9E-45CD-AA76-13F55A19DC87}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{63B486EE-5F8A-4287-8991-AF553633C70B}] => (Allow) LPort=30101
FirewallRules: [{4A2D5CB7-D982-4318-8791-49473D2C74A3}] => (Allow) C:\Program Files\WS_FTP Pro\ftp95pro.exe
FirewallRules: [{27F49E3C-DAEB-4D6B-A195-985B16A392DC}] => (Allow) C:\Program Files\WS_FTP Pro\ftp95pro.exe
FirewallRules: [{156A5292-2E47-4401-9512-2DE55AE8B2EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{83D82C0C-9033-41D8-B350-773C80A5ED76}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{7EA120C1-14C3-45EF-9A67-6FA13CC3BA94}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DCBA1DC6-F7A2-490E-8C5C-5C799F5538C5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{C0F61208-EF64-4D96-9772-7FDF0EDC712B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0BD3B047-5FBA-4FDB-9B06-77E8283667EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2A3B8441-E2FD-496B-9AF5-5B93F81AF2C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
10-02-2016 10:00:14 Removed Macromedia Dreamweaver 8
14-02-2016 21:24:48 System Restore
14-02-2016 21:28:17 Restore Point Created by FRST
14-02-2016 22:02:19 JRT Pre-Junkware Removal
14-02-2016 22:33:19 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2016 02:01:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xde404
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x1210
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x219c
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x1820
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x1874
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x50938
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xf19a8
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xf1dac
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xf1e38
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
Error: (02/15/2016 02:01:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpcmdrun.exe, version: 4.8.207.0, time stamp: 0x55933d5c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xdb96c
Faulting application start time: 0xmpcmdrun.exe0
Faulting application path: mpcmdrun.exe1
Faulting module path: mpcmdrun.exe2
Report Id: mpcmdrun.exe3
Faulting package full name: mpcmdrun.exe4
Faulting package-relative application ID: mpcmdrun.exe5
System errors:
=============
Error: (02/15/2016 02:39:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/15/2016 02:02:22 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .
Error: (02/15/2016 02:01:40 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:40 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:39 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:38 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:38 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:37 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:37 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (02/15/2016 02:01:36 PM) (Source: DCOM) (EventID: 10010) (User: DADSPC)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
CodeIntegrity:
===================================
Date: 2016-02-15 17:23:54.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 17:23:54.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 17:22:32.488
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 17:22:32.286
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 15:11:54.364
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 15:11:54.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 14:58:40.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-02-15 14:40:49.355
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 14:40:49.135
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-02-15 14:40:48.853
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 25%
Total physical RAM: 12207.35 MB
Available physical RAM: 9111.34 MB
Total Virtual: 14063.35 MB
Available Virtual: 10424.11 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1842.55 GB) (Free:1712.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.64 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (WAR2BNECD) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 600E6D3B)
Partition: GPT.
==================== End of Addition.txt ============================
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
Proceed with the reset once done.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
~~~~~~~~~~~~~~~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_05¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByCyDyE0FtA0FyB0D0A0EtBtCtAtN0D0Tzu0StCyEzytAtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEzyzyzyyEyDtCyDtGyBtAyDyCtGyCyDtBzztGyBzzzzyBtGzyyEtAyDtCzz0CyD0F0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AzzyD0C0AyB0AtG0B0DzyyBtGyEyCyB0DtGzz0EyE0FtG0FyEtBtDzztA0E0Ezy0AtByB2QtN0A0LzuyE%26cr%3D1001654787%26a%3Dwncy_nxtad_16_05%26os_ver%3D6.3%26os%3DWindows%2B8.1
C:\Users\John\AppData\Local\Temp\sqlite3.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~`
Please download RogueKiller and save it to your desktop.
You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.[/*]
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.
*********
Please post these logs when finished
Please also run this one.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you for all your help Juliet, I narrowed it down to "NowUSeeIt.exe" I've removed the program and all seems fine. If it acts up again, I will pick up on this thread and continue to resolve any issues. Once again, thank you very much.
Blind
Thank you for all your help Juliet, I narrowed it down to "NowUSeeIt.exe" I've removed the program and all seems fine. If it acts up again, I will pick up on this thread and continue to resolve any issues. Once again, thank you very much.
Blind
Glad you found it. This had not been located in any of the logs requested and I didn't see it.
If all is well
http://i.imgur.com/AFZxnZc.jpg DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
Ok, removing NowUSeeIt helped, but still getting redirected. Please see below.
Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by John (2016-02-16 10:56:17) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1569399677-2339013464-2643545198-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nxtad_16_05¶m1=1¶m2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0C0ByCyDyE0FtA0FyB0D0A0EtBtCtAtN0D0Tzu0StCyEzytAtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEzyzyzyyEyDtCyDtGyBtAyDyCtGyCyDtBzztGyBzzzzyBtGzyyEtAyDtCzz0CyD0F0FtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AzzyD0C0AyB0AtG0B0DzyyBtGyEyCyB0DtGzz0EyE0FtG0FyEtBtDzztA0E0Ezy0AtByB2QtN0A0LzuyE%26cr%3D1001654787%26a%3Dwncy_nxtad_16_05%26os_ver%3D6.3%26os%3DWindows%2B8.1
C:\Users\John\AppData\Local\Temp\sqlite3.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-1569399677-2339013464-2643545198-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
Chrome HomePage => removed successfully
C:\Users\John\AppData\Local\Temp\sqlite3.dll => moved successfully
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 500.3 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 10:57:04 ====
RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : John [Administrator]
Started from : C:\Users\John\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/16/2016 11:30:17
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 5 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG SafeGuard toolbar -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASWMBR (\??\C:\Users\John\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASWVMM (\??\C:\Users\John\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASWMBR (\??\C:\Users\John\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASWVMM (\??\C:\Users\John\AppData\Local\Temp\aswVmm.sys) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] ad2d1e7ce0eda9a7740a3d54688c02f5
[BSP] 9f7635b722199a6e52ad7c538cb8bbfb : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 1886775 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3867211776 | Size: 350 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 3867928576 | Size: 19092 MB
User = LL1 ... OK
User = LL2 ... OK
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)
Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)
Proceed with the reset once done.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)
http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)
~~~~~~~~~~~~~~~~~~
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please post these logs when finished
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
or the two below links
http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe
http://www.bleepingcomputer.com/download/tdsskiller/dl/4/
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Since this issue appears resolved ... this Topic is closed.