any help would be greatly appreciated :) [Archive]

View Full Version : any help would be greatly appreciated :)

JooB87

2016-05-05, 08:32

hello. im pretty sure infections have come from free games ive downloaded and torrent files. ive run malwarebytes, avira antivirus and comodo antivirus removing threats they have found but i suspect there is infections it hasnt picked up, my computer runs really slow out of safe mode and the cpu and processor usage stays at around 50 percent and above. i also cant find the tea timer thing in spybot to turn it off... so here are the FRST and aswMBR logs, im guessing i'll need to post spybot logs so let me know please.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-05-2016
Ran by Dick Bryden (administrator) on JOOB (04-05-2016 14:59:30)
Running from C:\Users\Dick Bryden\Desktop
Loaded Profiles: Dick Bryden (Available Profiles: Dick Bryden)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Users\Dick Bryden\Desktop\aswMBR.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-13] (Google Inc.)
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Dick Bryden\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 862d9c604f2747d1936b65cbb87f5285-91d39ddd3a95dcdc1daff2f9296dceab9a99c7df --CMPID 0913b
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\MountPoints2: {15fc6ff5-d454-11e4-9833-b482fe9bbb76} - E:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\MountPoints2: {60e6cee6-512b-11e1-bdab-b482fe9bbb76} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-04-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
AutoConfigURL: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{398A13F5-762E-4A3E-947B-5403643B702C}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{9751FFE6-2F56-4CCB-93C3-63816B848093}: [NameServer] 10.4.81.105 10.4.182.22

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => No File
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-11] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-11] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Dick Bryden\AppData\Roaming\Mozilla\Firefox\Profiles\vu8muwuo.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-18] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-11] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-28] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dick Bryden\AppData\Roaming\Mozilla\Firefox\Profiles\vu8muwuo.default\searchplugins\google-avast.xml [2016-04-03]
FF Extension: Avira Browser Safety - C:\Users\Dick Bryden\AppData\Roaming\Mozilla\Firefox\Profiles\vu8muwuo.default\Extensions\abs@avira.com [2016-04-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1427867108&from=smt&uid=SAMSUNGXHM250HI_S20TJ9FZ521148"
CHR DefaultSearchKeyword: Default -> google.com.au
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Tampermonkey) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-25]
CHR Extension: (AdBlock) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 f68c1dcb; "C:\windows\system32\rundll32.exe" "c:\Program Files\TerminusTurbo\TerminusTurbo.dll",serv

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRCMDECO; C:\windows\System32\DRIVERS\BRCMHD32.sys [107008 2009-11-18] (Broadcom Corporation)
S0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 samsung_hspa_datacard_cdc_acm; C:\windows\system32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\windows\system32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
S3 xnacc; C:\windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 aswMBR; \??\C:\Users\DICKBR~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\DICKBR~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 14:59 - 2016-05-04 15:00 - 00016273 _____ C:\Users\Dick Bryden\Desktop\FRST.txt
2016-05-04 14:48 - 2016-05-04 14:48 - 05198336 _____ (AVAST Software) C:\Users\Dick Bryden\Desktop\aswMBR.exe
2016-05-04 14:47 - 2016-05-04 14:59 - 00000000 ____D C:\FRST
2016-05-04 14:45 - 2016-05-04 14:46 - 01728000 _____ (Farbar) C:\Users\Dick Bryden\Desktop\FRST.exe
2016-05-02 15:16 - 2016-05-02 15:16 - 00000207 _____ C:\windows\tweaking.com-regbackup-JOOB-Windows-7-Starter-(32-bit).dat
2016-05-02 15:16 - 2016-05-02 15:16 - 00000000 ____D C:\RegBackup
2016-05-02 15:13 - 2016-05-02 15:13 - 00002185 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-05-02 15:13 - 2016-05-02 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-02 15:13 - 2016-05-02 15:13 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-02 14:52 - 2016-04-04 17:59 - 00000826 _____ C:\windows\system32\Drivers\etc\hosts.20160502-145203.backup
2016-05-02 14:30 - 2016-05-02 15:13 - 00017408 _____ C:\windows\Tweaking.com - Registry Backup Setup Log.txt
2016-05-02 13:49 - 2016-05-02 13:49 - 00002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-02 13:49 - 2016-05-02 13:49 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-05-02 13:49 - 2016-05-02 13:49 - 00000644 _____ C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-05-02 13:49 - 2016-05-02 13:49 - 00000616 _____ C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-05-02 13:49 - 2016-05-02 13:49 - 00000446 _____ C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-05-02 13:49 - 2016-05-02 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-02 13:49 - 2015-06-16 17:19 - 00018688 _____ (Safer-Networking Ltd.) C:\windows\system32\sdnclean.exe
2016-04-29 01:16 - 2016-04-29 01:16 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-29 01:16 - 2016-04-29 01:16 - 00001945 _____ C:\windows\epplauncher.mif
2016-04-29 01:16 - 2016-04-29 01:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-28 20:10 - 2016-04-29 00:55 - 00000507 _____ C:\windows\wininit.ini
2016-04-28 17:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-28 17:50 - 2016-05-02 14:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-28 17:50 - 2016-05-02 14:26 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-04-25 16:15 - 2016-04-25 16:15 - 00013813 _____ C:\Users\Dick Bryden\Downloads\[kat.cr]nashville.season.2.s02.complete.torrent
2016-04-25 15:32 - 2016-04-25 15:32 - 00162516 _____ C:\Users\Dick Bryden\Downloads\[kat.cr]ufc.197.ppv.jones.vs.saint.preux.hdtv.x264.ebi.tjet.torrent
2016-04-25 15:25 - 2016-04-25 15:25 - 00106074 _____ C:\Users\Dick Bryden\Downloads\[kat.cr]ufc.197.prelims.webrip.x264.fmn.tjet.torrent
2016-04-25 04:33 - 2016-04-25 04:33 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\AVG
2016-04-25 04:18 - 2016-04-25 04:51 - 00000000 ____D C:\ProgramData\Avg
2016-04-25 04:16 - 2016-04-25 04:51 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\Avg
2016-04-25 04:16 - 2016-04-25 04:47 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\AvgSetupLog
2016-04-25 01:55 - 2016-04-25 01:56 - 04889864 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe
2016-04-25 00:03 - 2016-04-25 00:03 - 00025716 _____ C:\Users\Dick Bryden\Documents\CisReport_x86_v8.2.0.5005_20160425-000316.zip
2016-04-25 00:02 - 2016-04-25 00:02 - 00024629 _____ C:\Users\Dick Bryden\Documents\CisReport_x86_v8.2.0.5005_20160425-000223.zip
2016-04-20 14:42 - 2016-04-20 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-20 14:28 - 2016-04-20 14:29 - 22851472 _____ (Malwarebytes ) C:\Users\Dick Bryden\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-04-20 14:07 - 2016-04-20 14:07 - 22851472 _____ (Malwarebytes ) C:\Users\Dick Bryden\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-20 13:37 - 2016-05-04 14:50 - 01420000 _____ C:\windows\ntbtlog.txt
2016-04-18 16:54 - 2016-04-18 16:54 - 27858944 _____ C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi
2016-04-18 01:19 - 2016-04-18 02:18 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\sexmessenger
2016-04-18 01:15 - 2016-04-18 01:17 - 00143784 _____ (Rentabiliweb) C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe
2016-04-16 16:23 - 2016-04-16 16:23 - 00000000 _____ C:\Users\Dick Bryden\Downloads\BEIyc_Rz
2016-04-16 16:12 - 2016-04-16 16:13 - 00242104 _____ C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe
2016-04-16 16:10 - 2016-04-16 16:13 - 10629936 _____ (MEGA Limited) C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe
2016-04-16 15:38 - 2016-04-16 15:38 - 00242104 _____ C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-16 15:25 - 2016-04-16 15:25 - 00030000 _____ C:\Users\Dick Bryden\Downloads\download (1)
2016-04-16 14:44 - 2016-04-16 14:58 - 70360880 _____ C:\Users\Dick Bryden\Downloads\download
2016-04-16 14:41 - 2016-04-16 14:41 - 00000634 _____ C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent
2016-04-12 22:59 - 2016-04-12 22:59 - 00000000 ____D C:\Users\Dick Bryden\AppData\Local\Microsoft Corporation
2016-04-12 22:57 - 2016-04-20 18:05 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2016-04-12 22:57 - 2016-04-20 18:03 - 00002067 _____ C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
2016-04-12 22:57 - 2016-04-12 22:57 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2016-04-12 22:54 - 2016-04-12 22:55 - 08669472 _____ (Microsoft Corporation) C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe
2016-04-12 22:10 - 2016-04-25 04:08 - 00000000 ____D C:\ProgramData\Comodo
2016-04-12 22:08 - 2016-04-12 22:09 - 62707224 _____ (COMODO) C:\Users\Dick Bryden\Downloads\cispremium_only_installer.exe
2016-04-07 15:00 - 2016-04-07 15:01 - 00000672 _____ C:\Users\Dick Bryden\Downloads\desmume.ini
2016-04-07 14:37 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2016-04-07 14:37 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2016-04-07 14:36 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2016-04-07 14:36 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2016-04-07 14:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2016-04-04 23:43 - 2016-04-20 18:01 - 00000695 _____ C:\Users\Dick Bryden\Desktop\Movies.lnk
2016-04-04 01:25 - 2016-04-04 01:27 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Moovies
2016-04-04 01:22 - 2016-04-04 01:23 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Car Movies

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 14:26 - 2009-07-14 14:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-04 14:26 - 2009-07-14 14:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-04 14:18 - 2012-01-20 11:56 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-04 14:16 - 2012-12-14 08:41 - 00000228 _____ C:\windows\Tasks\AutoKMS.job
2016-05-04 14:16 - 2009-07-14 14:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-02 14:29 - 2016-02-15 12:10 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Torrent Files
2016-04-29 03:32 - 2012-01-20 11:56 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 03:27 - 2009-07-27 06:06 - 00859368 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-29 03:27 - 2009-07-14 12:37 - 00000000 ____D C:\windows\inf
2016-04-29 02:49 - 2013-06-04 17:49 - 00000304 _____ C:\windows\Tasks\DSite.job
2016-04-29 02:45 - 2014-07-24 09:30 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-28 17:58 - 2016-04-02 23:20 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-27 01:51 - 2009-07-14 12:37 - 00000000 ____D C:\windows\system32\NDF
2016-04-25 17:59 - 2015-03-20 13:17 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\vlc
2016-04-25 05:05 - 2012-02-06 13:35 - 00007598 _____ C:\Users\Dick Bryden\AppData\Local\Resmon.ResmonCfg
2016-04-25 04:51 - 2012-02-17 14:01 - 00000000 ____D C:\Program Files\AVG
2016-04-25 04:50 - 2012-02-17 13:52 - 00000000 ____D C:\ProgramData\MFAData
2016-04-25 03:50 - 2012-01-20 11:05 - 00000000 ____D C:\ProgramData\Skype
2016-04-22 17:57 - 2014-07-24 11:30 - 00374944 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-20 18:06 - 2012-01-20 10:38 - 00001393 _____ C:\Users\Dick Bryden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-20 18:05 - 2016-02-14 13:18 - 00002129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 18:05 - 2014-04-18 13:07 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-20 18:05 - 2010-03-13 11:27 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2016-04-20 18:05 - 2010-03-13 11:27 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-04-20 18:05 - 2009-07-14 14:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-20 18:05 - 2009-07-14 14:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-20 18:03 - 2016-02-14 13:18 - 00002123 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 18:03 - 2014-04-18 13:07 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-20 18:03 - 2013-06-04 17:50 - 00001222 _____ C:\Users\Public\Desktop\Image Converter.lnk
2016-04-20 18:03 - 2010-03-13 11:10 - 00001782 _____ C:\Users\Public\Desktop\ChargeableUSB.lnk
2016-04-20 18:02 - 2009-07-14 14:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-20 18:02 - 2009-07-14 14:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-20 18:01 - 2016-03-24 15:56 - 00000723 _____ C:\Users\Dick Bryden\Desktop\Blender Shiznit.lnk
2016-04-20 18:01 - 2016-02-17 21:38 - 00000866 _____ C:\Users\Dick Bryden\Desktop\Downloads.lnk
2016-04-20 18:01 - 2015-03-21 19:26 - 00001081 _____ C:\Users\Dick Bryden\Desktop\YouCam(Webcam).lnk
2016-04-20 17:23 - 2015-04-04 12:07 - 00000000 ____D C:\Users\Dick Bryden\Desktop\Games
2016-04-20 15:08 - 2009-07-14 12:37 - 00000000 ____D C:\windows\AppCompat
2016-04-20 15:03 - 2013-06-04 17:49 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\DSite
2016-04-18 01:35 - 2014-07-24 09:30 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-04-18 01:35 - 2014-07-24 09:30 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-12 17:49 - 2013-07-28 08:27 - 00000300 _____ C:\Users\Dick Bryden\AppData\Roaming\WB.CFG
2016-04-09 14:45 - 2016-02-25 14:00 - 00000000 ____D C:\tmp
2016-04-08 17:53 - 2016-02-13 18:51 - 00000000 ____D C:\B3ender Sh5t
2016-04-07 14:57 - 2013-06-30 02:39 - 00000000 ____D C:\Program Files\QuickTime
2016-04-07 14:54 - 2015-03-23 12:06 - 00000000 ____D C:\Users\Dick Bryden\AppData\Roaming\Stykz
2016-04-07 14:53 - 2015-03-29 00:13 - 00000000 ____D C:\Users\Dick Bryden\Desktop\School Shit
2016-04-04 17:41 - 2016-04-02 23:11 - 00000000 ____D C:\ProgramData\AVAST Software

==================== Files in the root of some directories =======

2015-04-20 17:19 - 2016-02-12 14:23 - 0000020 _____ () C:\Users\Dick Bryden\AppData\Roaming\appdataFr3.bin
2013-07-28 08:27 - 2016-04-12 17:49 - 0000300 _____ () C:\Users\Dick Bryden\AppData\Roaming\WB.CFG
2013-06-17 15:42 - 2013-11-22 15:04 - 0000006 _____ () C:\Users\Dick Bryden\AppData\Roaming\WBPU-TTL.DAT
2013-07-17 20:22 - 2015-04-30 14:16 - 0001324 _____ () C:\Users\Dick Bryden\AppData\Roaming\wklnhst.dat
2012-02-06 13:35 - 2016-04-25 05:05 - 0007598 _____ () C:\Users\Dick Bryden\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Dick Bryden\AppData\Local\Temp\avgnt.exe
C:\Users\Dick Bryden\AppData\Local\Temp\ose00001.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-29 16:42

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-05-2016
Ran by Dick Bryden (2016-05-04 15:00:58)
Running from C:\Users\Dick Bryden\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2012-01-20 00:30:31)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1132959120-1673921071-3958761770-500 - Administrator - Disabled)
Dick Bryden (S-1-5-21-1132959120-1673921071-3958761770-1000 - Administrator - Enabled) => C:\Users\Dick Bryden
Guest (S-1-5-21-1132959120-1673921071-3958761770-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Blender (HKLM\...\{1115EF75-E8C1-4BA1-829F-1B8460D47701}) (Version: 2.76.2 - Blender Foundation)
Broadcom CrystalHD Decoder (HKLM\...\{A6E1E8AF-A00E-45A7-BE1B-4397897C8A3E}) (Version: 3.0.30.32 - Broadcom Corporation)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.1 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}) (Version: 4.2.4 - Samsung)
Easy Resolution Manager (HKLM\...\{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}) (Version: 1.0.0 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
Free Torrent Opener (HKLM\...\Free Torrent Opener) (Version: 1.3 - BlueCPA)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Image Editor Packages (HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.1972 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Samsung HSPA DataCard 4.3.29.7814 (HKLM\...\{27A34859-3E29-438B-BBF6-19BDC6CA9C06}) (Version: 4.3.29.7814 - Samsung)
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.5 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.800 - Broadcom Corporation)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.28.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05C1E80E-BCF9-4CF1-9F90-8858197F3AE3} - System32\Tasks\{EC196882-0894-4E8E-A41B-9416393FF897} => C:\Users\Dick Bryden\Downloads\super-drift-3d.exe
Task: {09E05A91-6566-42B0-9C63-0C004001A370} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-11] (SEC)
Task: {0C6BB33A-4D15-49E7-90BF-E5FA86BAFA68} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-02] (AVAST Software)
Task: {10840463-48F6-4BC1-8EAE-D11FC7519520} - System32\Tasks\{A64363C6-4F1A-4E3B-936F-5F391202FC3E} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {124E0A04-BA5A-4932-B548-03D5CCC84C6F} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
Task: {1AEF9E41-AA77-4956-84AB-A6A19B675CFD} - System32\Tasks\{747E7019-9A4C-40B8-9ACD-1B3B8D7AD677} => C:\Users\Dick Bryden\Desktop\Nitroracers.exe
Task: {2359DB73-A9E4-491D-9EC2-1A0F4B717028} - System32\Tasks\{8AAF43CD-75D5-4A43-8944-2185E66B544B} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Local\Temp\Temp2_boona-racer-2000.zip\boonarac.exe"
Task: {28748748-DAC5-4894-AB96-3D135A13410D} - System32\Tasks\{3BA5A11C-56CB-4E97-B882-43391075B0FB} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {294AC12C-25C1-476F-AF19-DCC89D394D91} - System32\Tasks\{12FC3BB1-EFF1-4036-A4F9-7C815213FAA2} => Chrome.exe
Task: {2999829F-1713-488B-878C-2BE057CAA368} - System32\Tasks\{958800F9-D308-4852-98E4-7F17B07A3DCF} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Local\Temp\Temp1_boona-racer-2000.zip\boonarac.exe"
Task: {3F8D0360-3268-4DC6-90F8-6F517DC25F11} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {417058BB-A6CC-4184-9F41-C14BCC6070FD} - System32\Tasks\{BFD37719-40EF-414C-BAC1-689037E9B2D2} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {41FE58E7-6030-4274-B70F-5688CEC9371F} - System32\Tasks\QtraxPlayer => 3897169018.portal.qtrax.com
Task: {43802977-1387-4283-8673-80B20FCBE3B9} - System32\Tasks\{F53A60B5-F3EC-4BE4-BDB3-D57F2844E9E8} => C:\Users\Dick Bryden\Desktop\Nitroracers.exe
Task: {446EE6EC-827B-4669-83AB-277B6E7DAC73} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {45EE8E20-1552-4431-8FC1-68358CD8F451} - System32\Tasks\{ACEE4F60-DE43-4ED3-95E1-73E46C4421F4} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {4C392E39-3645-462A-BD75-09AC6DADEA65} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {5231E600-2144-4CBA-9E04-CEF97BFDF7C6} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\ProgramData\cis144D.exe <==== ATTENTION
Task: {52F7BEFC-7EE6-403A-B17A-5E8FC09EC7DD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1132959120-1673921071-3958761770-1000Core => C:\Users\Dick Bryden\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {57224B13-EACF-4055-BF94-0C159384E4F4} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {5A2F4A2E-3C57-4DF4-A870-547EF1351119} - System32\Tasks\{D22536AB-8023-4530-844F-BF41C0A9AF78} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {5A984BB2-9722-4678-831C-80ACEAD20C5F} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-12-21] (Samsung Electronics Co., Ltd.)
Task: {5DE35011-6CF4-419C-AE42-99A725F35D62} - System32\Tasks\{31F2DCF1-72A9-4F74-928F-43041AB97126} => pcalua.exe -a "C:\Users\Dick Bryden\Desktop\topfuel_setup.exe" -d "C:\Users\Dick Bryden\Desktop"
Task: {5E7095F3-2ACC-41AD-A937-AB4848572D8B} - System32\Tasks\{31F0C38E-C9A9-4E97-A01D-C06CC9B3E032} => pcalua.exe -a "C:\Users\Dick Bryden\Desktop\trialbike_setup.exe" -d "C:\Users\Dick Bryden\Desktop"
Task: {68006114-6183-4F5C-95BF-9DD51D705927} - System32\Tasks\{157945D1-9196-4CF1-8208-D22D9E11107C} => Chrome.exe
Task: {6DC55B74-594D-416E-8A57-1AF13A08F460} - System32\Tasks\{95704D09-EDB4-4BAD-8247-681CE7DD3B00} => Chrome.exe
Task: {6DF9388C-157C-4718-AB31-633543F4E1CF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-18] (Adobe Systems Incorporated)
Task: {7419A3C1-1CB9-447F-AA35-FE2A8A72E5ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {7542A7E1-9CE5-41CB-B28A-4C7AF1CBD015} - System32\Tasks\DSite => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7669A732-7080-483D-81DE-3277D389CEC1} - System32\Tasks\{49BF4408-CF8C-409B-AA8C-A0205DD15299} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=smt
Task: {8E31879B-CE86-4A9B-AFD0-C30F20973660} - System32\Tasks\{37947E2E-52B1-4A8C-9FF9-2DFD7E3E7594} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {8E926034-CF4F-4605-AC42-47388D95F10C} - System32\Tasks\{E038B96D-D22F-4E0D-9544-F32F12FFC14D} => C:\Program Files\GameTop.com\Nitro Racers\NitroRacers.exe
Task: {9C750BDD-D4B1-44C0-8C85-849DEDF08E32} - System32\Tasks\{437008E5-A9BF-4AEF-AC88-39FCABF3550A} => C:\Program Files\Shmehao.com\Super Drift 3D\Super Drift 3D.exe
Task: {C9A76374-8226-4AE3-A27D-98DF1386D51D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {D2D7245F-E579-4EEC-9A9D-329E3079090E} - System32\Tasks\{905B0282-A387-4735-AB2A-50FC30F934AC} => Chrome.exe
Task: {D4B6EDE0-3DB2-4A44-904F-BF757303B601} - System32\Tasks\{5199EB10-37CF-4052-B85D-949A5994844A} => pcalua.exe -a "C:\Program Files\GameTop.com\Nitro Racers\unins000.exe" -d "C:\Program Files\GameTop.com\Nitro Racers"
Task: {DACE4E83-F7B9-4ECE-AFF6-0285D1678E42} - System32\Tasks\{3044872A-1420-454D-9C72-66322D9CC7EA} => C:\Program Files\Mario Forever\Mario Forever.exe
Task: {E997196C-1AE3-487D-967B-E4573FBB65E3} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {EEBAB4BC-17AE-45E1-AB83-B3BD6163A1E0} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS\AutoKMS.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\windows\Tasks\DSite.job => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Eyes of the Dead.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Game Over.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Machine Head - Ghosts Will Haunt My Bones.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.

IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2016-05-02 14:52 - 00452290 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15518 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B46E3084-1F2D-4B8F-B95C-CB1E88D34D10}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{B8AC5A8E-2A67-4AE4-87B0-BEBD6891F2DA}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{77E63E27-7E9D-4384-8A00-75F4D151060A}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A64AD628-4233-4E5A-A36F-02E08EDE828D}] => (Allow) svchost.exe
FirewallRules: [{92FC50AF-969E-4CE7-A3F6-5A70C66B336E}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{215C4CE1-54DD-4F28-95AA-BACD9B9AE01A}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{3AF8C1F3-7076-4AF7-AC77-661FB5C5D93E}] => (Allow) C:\Program Files\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{811B1E6E-FD46-4E1F-8185-822944CFCB66}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{7FE45947-7CD3-41BB-84AF-0F44AEF5DA3C}] => (Allow) C:\Program Files\AVG\AVG2012\avgnsx.exe
FirewallRules: [{95844A80-9433-425E-89A9-9E082DB558A4}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{BFE0047C-74CE-4519-802D-6E8425A33DC4}] => (Allow) C:\Program Files\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{2BAF1770-EB77-4C17-8E1F-BA36DACC28BD}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{91C25921-7ECD-4979-8411-424711C66F60}] => (Allow) C:\Program Files\AVG\AVG2012\avgemcx.exe
FirewallRules: [{512F25BA-0023-4578-88E9-E7F8B9DB7D7B}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{24B908A2-3718-4FD1-8B13-2AB1E99D34C6}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{5DE288A1-068A-44B1-BC19-71DDE523B61C}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{09DC7826-45BE-4F9B-919C-A56370824800}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{40356BA9-9320-4065-A56C-E57208559E04}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{C795DDCC-DD95-40FA-98CE-75AA1496717E}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe
FirewallRules: [{50D7F556-7AFE-4AED-A97D-EBA799CB0E6A}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3649D2AB-452B-4B3F-9DDC-BAF8A99AEA1C}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{FF7DFE02-B440-45ED-B38C-9F28CB191203}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{4EDD69DF-7EF4-45A6-BE6D-062DFFAC61B3}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe
FirewallRules: [{BF2222C2-4C03-48DE-9804-EBDBCF2BD879}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C4A9D485-2193-4E60-B2ED-0FBCD32C4FA7}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{8A3B22C9-CC24-4874-8701-13CFCDD5569A}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{FD7BA169-3882-485F-88ED-414848792AA0}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
FirewallRules: [{D6B656B2-5D0C-4CE5-887F-65B0C6EA6E4A}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{81CF0DD3-022B-499E-A609-1C98C005D6C0}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{0D88D531-9BD5-46C9-9911-229360C0E349}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [{25A79636-4F3B-412C-A978-D39014207A3C}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
FirewallRules: [TCP Query User{2D70E451-4CE8-4EF1-A3E2-1F9ED21D0B61}C:\program files\free torrent opener\free torrent opener.exe] => (Allow) C:\program files\free torrent opener\free torrent opener.exe
FirewallRules: [UDP Query User{224F1C89-6444-4F3F-99E7-340AD1A9EDBE}C:\program files\free torrent opener\free torrent opener.exe] => (Allow) C:\program files\free torrent opener\free torrent opener.exe
FirewallRules: [{A637B0E8-BF9F-4D48-936A-630F860BC51E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{87AE7810-EE50-46D6-9157-FCDC79AFFC66}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{63C4CCC2-DF51-4813-9286-8284D6689371}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{C7632223-A70C-49D4-95C4-571526AA1365}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{3F558852-9C6F-40D5-A80B-2282AAC4898D}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

01-05-2016 02:17:05 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2016 05:06:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa285b
Exception code: 0xc0000005
Fault offset: 0x0017a615
Faulting process id: 0x5fc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/25/2016 03:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x3e8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (04/25/2016 04:46:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (04/18/2016 05:34:39 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisFileRatingChangeCisFileRatingChange//./root/cis

Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisStatusChangeCisStatusChange//./root/cis

Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM CisNotificationCisNotification//./root/cis

Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM FwAlertFwAlert//./root/cis

Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM DfAlertDfAlert//./root/cis

Error: (04/12/2016 10:17:22 PM) (Source: WinMgmt) (EventID: 24) (User: )
Description: CisWmiSELECT * FROM AvAlertAvAlert//./root/cis

System errors:
=============
Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (05/04/2016 02:55:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

CodeIntegrity:
===================================
Date: 2016-05-04 14:59:58.227
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-04 14:59:57.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-04 14:19:33.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 14:26:48.356
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 14:26:47.311
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 14:25:39.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 14:25:38.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 13:58:54.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 13:58:53.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

Date: 2016-05-02 13:52:13.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Percentage of memory in use: 55%
Total physical RAM: 2037.3 MB
Available physical RAM: 902.16 MB
Total Virtual: 4074.59 MB
Available Virtual: 2929.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:40 GB) (Free:1.56 GB) NTFS
Drive d: () (Fixed) (Total:177.79 GB) (Free:133.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 137641B8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=177.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-05-04 15:14:38
-----------------------------
15:14:38.502 OS Version: Windows 6.1.7601 Service Pack 1
15:14:38.502 Number of processors: 2 586 0x1C0A
15:14:38.517 ComputerName: JOOB UserName:
15:14:45.771 Initialize success
15:14:46.161 VM: initialized successfully
15:14:46.161 VM: Intel CPU virtualization not supported
15:17:50.085 AVAST engine defs: 16050301
15:20:15.337 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:20:15.353 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 238475MB BusType: 3
15:20:15.712 Disk 0 MBR read successfully
15:20:15.727 Disk 0 MBR scan
15:20:16.180 Disk 0 unknown MBR code
15:20:16.211 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:20:16.367 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:20:16.414 Disk 0 default boot code
15:20:16.601 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 31664128
15:20:16.835 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 182052 MB offset 115550208
15:20:17.038 Disk 0 scanning sectors +488392704
15:20:17.599 Disk 0 scanning C:\windows\system32\drivers
15:21:49.249 Service scanning
15:23:32.693 Modules scanning
15:23:32.740 Disk 0 trace - called modules:
15:23:32.787 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:23:32.818 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8598b7c8]
15:23:32.834 3 CLASSPNP.SYS[8899c59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f47028]
15:23:34.893 AVAST engine scan C:\windows
15:24:08.963 AVAST engine scan C:\windows\system32
15:44:17.263 AVAST engine scan C:\windows\system32\drivers
15:45:42.455 AVAST engine scan C:\Users\Dick Bryden
15:58:11.069 AVAST engine scan C:\ProgramData
16:01:36.553 Disk 0 statistics 2613604/0/0 @ 2.63 MB/s
16:01:36.600 Scan finished successfully
16:45:10.649 Disk 0 MBR has been saved successfully to "C:\Users\Dick Bryden\Desktop\MBR.dat"
16:45:10.949 The log file has been saved successfully to "C:\Users\Dick Bryden\Desktop\aswMBR.txt"

Juliet

2016-05-05, 23:20

Let's make sure you only have 1 antivirus on the computer or we can run into complications.
************

Warning, multiple anti-virus scanners have detected possible malware in Image Editor Packages
Image Editor Packages (HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\...\Image Editor Packages) (Version: - ) <==== ATTENTION
I would uninstall.

~~~~~~~~~~~~~~`

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
AutoConfigURL: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-11] (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1427867108&from=smt&uid=SAMSUNGXHM250HI_S20TJ9FZ521148"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
S2 f68c1dcb; "C:\windows\system32\rundll32.exe" "c:\Program Files\TerminusTurbo\TerminusTurbo.dll",serv
c:\Program Files\TerminusTurbo\TerminusTurbo.dll
C:\Users\Dick Bryden\AppData\Local\Temp\avgnt.exe
C:\Users\Dick Bryden\AppData\Local\Temp\ose00001.exe
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.28.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {7542A7E1-9CE5-41CB-B28A-4C7AF1CBD015} - System32\Tasks\DSite => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7669A732-7080-483D-81DE-3277D389CEC1} - System32\Tasks\{49BF4408-CF8C-409B-AA8C-A0205DD15299} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=smt
Task: {EEBAB4BC-17AE-45E1-AB83-B3BD6163A1E0} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\DSite.job => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Eyes of the Dead.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Game Over.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Machine Head - Ghosts Will Haunt My Bones.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdZnID [26]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
******************

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

======================================================

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

****
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

AutoKMS.exe
is installed when someone installs a cracked or keygen version of Microsoft Office. AutoKMS as all of the KMS activation tools is a cracking utility - the activation application for MS Office. By most antiviruses this application will be marked as a possible threat cracked software.

Forum Policy
I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.

JooB87

2016-05-07, 11:30

yeah i bought this netbook secondhand and the guy told me office was cracked, i'd completely forgotten about it til you reminded me, sorry about that. ok so ive ran everything you told me to, i did run in safe mode first and then realised it said run in normal mode, so i did lol. i ran adwCleaner a few times and it kept finding a couple more things so theres a few logs of that but i'll post the first one and let me know if you need the others.

Fix result of Farbar Recovery Scan Tool (x86) Version:06-05-2016 03
Ran by Dick Bryden (2016-05-07 15:31:46) Run:2
Running from C:\Users\Dick Bryden\Desktop
Loaded Profiles: Dick Bryden (Available Profiles: Dick Bryden)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
AutoConfigURL: [S-1-5-21-1132959120-1673921071-3958761770-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-11] (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1427867108&from=smt&uid=SAMSUNGXHM250HI_S20TJ9FZ521148"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll => No File
S2 f68c1dcb; "C:\windows\system32\rundll32.exe" "c:\Program Files\TerminusTurbo\TerminusTurbo.dll",serv
c:\Program Files\TerminusTurbo\TerminusTurbo.dll
C:\Users\Dick Bryden\AppData\Local\Temp\avgnt.exe
C:\Users\Dick Bryden\AppData\Local\Temp\ose00001.exe
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.28.17\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dick Bryden\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {7542A7E1-9CE5-41CB-B28A-4C7AF1CBD015} - System32\Tasks\DSite => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7669A732-7080-483D-81DE-3277D389CEC1} - System32\Tasks\{49BF4408-CF8C-409B-AA8C-A0205DD15299} => pcalua.exe -a "C:\Users\Dick Bryden\AppData\Roaming\istartsurf\UninstallManager.exe" -c -ptid=smt
Task: {EEBAB4BC-17AE-45E1-AB83-B3BD6163A1E0} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\DSite.job => C:\Users\DICKBR~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\windows\system32\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\BEIyc_Rz:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\download (1):$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Eyes of the Dead.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Game Over.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Machine Head - Ghosts Will Haunt My Bones.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe:$CmdZnID [26]
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKCR\PROTOCOLS\Handler\linkscanner => key not found.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
Chrome HomePage => removed successfully.
Chrome StartupUrls => removed successfully.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => not found.
C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll => not found.
f68c1dcb => service not found.
"c:\Program Files\TerminusTurbo\TerminusTurbo.dll" => not found.
"C:\Users\Dick Bryden\AppData\Local\Temp\avgnt.exe" => not found.
"C:\Users\Dick Bryden\AppData\Local\Temp\ose00001.exe" => not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key not found.
HKU\S-1-5-21-1132959120-1673921071-3958761770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7542A7E1-9CE5-41CB-B28A-4C7AF1CBD015} => key not found.
C:\Windows\System32\Tasks\DSite => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7669A732-7080-483D-81DE-3277D389CEC1} => key not found.
C:\Windows\System32\Tasks\{49BF4408-CF8C-409B-AA8C-A0205DD15299} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49BF4408-CF8C-409B-AA8C-A0205DD15299} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEBAB4BC-17AE-45E1-AB83-B3BD6163A1E0} => key not found.
C:\Windows\System32\Tasks\AutoKMSDaily => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily => key not found.
C:\windows\Tasks\DSite.job => not found.
"C:\windows\system32\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\00_LIVE+AUSSIE+TV+STREAM+-+MOTOR-SPORT-RACES-MATCHES+-+PLAY+WITH+VLC.xspf.torrent" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\avira_en_av_571cebf95be80__ws.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\BEIyc_Rz" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\BEIyc_Rz" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\download" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\download (1)" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Eyes of the Dead.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2 (1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Firefox Setup Stub 45.0.2.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Game Over.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\lps-gb-vt-x86.msi" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Machine Head - Ghosts Will Haunt My Bones.mp3" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\MEGAsyncSetup.exe" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Setupsexmessenger (1).exe" => ":$CmdZnID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe" => ":$CmdTcID" ADS not found.
"C:\Users\Dick Bryden\Downloads\Windows7UpgradeAdvisorSetup.exe" => ":$CmdZnID" ADS not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

There's no user specified settings to be reset.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

EmptyTemp: => 28 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:36:06 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Starter x86
Ran by Dick Bryden (Administrator) on Sat 07/05/2016 at 16:58:04.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 14

Successfully deleted: C:\Users\Dick Bryden\Appdata\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com (File)
Successfully deleted: C:\windows\System32\Tasks\EasySpeedUpManager (Task)
Successfully deleted: C:\windows\wininit.ini (File)
Successfully deleted: C:\Users\Dick Bryden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V49AWZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dick Bryden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P212SS4O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dick Bryden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCXMBHPJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dick Bryden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYJJHGY8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dick Bryden\AppData\Roaming\appdataFr3.bin (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-2297EB70.pf (File)
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-2DD0DFA7.pf (File)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V49AWZ7 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P212SS4O (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCXMBHPJ (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYJJHGY8 (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/05/2016 at 17:03:10.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 14:44:17
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 7 Starter Service Pack 1 (X86)
# Username : Dick Bryden - JOOB
# Running from : C:\Users\Dick Bryden\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[x] Folder Not Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\abf6e53400007b4a
[-] Folder Deleted : C:\ProgramData\Application Data\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\abf6e53400007b4a
[-] Folder Deleted : C:\Users\Dick Bryden\AppData\Roaming\DSite
[-] Folder Deleted : C:\Users\Dick Bryden\AppData\Roaming\image editor packages

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : QtraxPlayer

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\2e641c77-e777-045d-a51b-ca8a73e309ff
[-] Key Deleted : HKLM\SOFTWARE\585588deb36fbe49
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKCU\Software\AVG Nation toolbar
[-] Key Deleted : HKCU\Software\qtrax
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Image Editor Packages
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1132959120-1673921071-3958761770-1000\Software\SweetIM
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com

***** [ Web browsers ] *****

[x] [C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Not Deleted : hxxp://www.istartsurf.com/?type=hppp&ts=1427867108&from=smt&uid=SAMSUNGXHM250HI_S20TJ9FZ521148
[x] [C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Not Deleted : hxxp://www.istartsurf.com/webfavicon.ico
[x] [C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Not Deleted : ogminpmldncgcmokldnmmapddoccmhfl
[x] [C:\Users\Dick Bryden\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Not Deleted : hxxp://www.istartsurf.com/?type=hppp&ts=1427867108&from=smt&uid=SAMSUNGXHM250HI_S20TJ9FZ521148

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3620 bytes] - [07/05/2016 14:44:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [3982 bytes] - [07/05/2016 14:17:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3766 bytes] ##########

i also have another infected computer, my brothers netbook

Juliet

2016-05-07, 15:20

i also have another infected computer, my brothers netbook

We can deal with this one later when we complete the one we're working on now.

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php)

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, a good trusted scanner, reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://i.imgur.com/KN1w2nv.png and click http://i.imgur.com/SzOC1p0.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

~~~~~~~~~~~~~~~~`

Please post these 2 logs when finished.

JooB87

2016-05-07, 21:02

malwarebytes says it didnt find anything...

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/05/2016
Scan Time: 1:55 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.07.03
Rootkit Database: v2016.05.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Dick Bryden

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 252581
Time Elapsed: 1 hr, 8 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

and the ESET scan...

C:\Users\Dick Bryden\AppData\LocalLow\Sun\Java\jre1.8.0_31\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application

Juliet

2016-05-07, 22:50

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).
or these 2 other sites.
http://rocketgrannie.spywareinfoforum.org/SecurityCheck.exe
http://www.bleepingcomputer.com/download/securitycheck/

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

JooB87

2016-05-08, 07:44

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 8 Update 40
Java version 32-bit out of Date!
Adobe Flash Player 21.0.0.213
Adobe Reader XI
Google Chrome (49.0.2623.112)
Google Chrome (50.0.2661.94)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

i also couldnt find any image editor packages to uninstall, the only thing i could find was an image converter program which i have uninstalled. the only thing i can think of it being is blender 3D modelling program because thats the only image editing i do, maybe do some in ms paint and transfer those to blender

Juliet

2016-05-08, 14:55

couldnt find any image editor packages
It's been removed
AdwCleaner v5.115 - Logfile created 07/05/2016 at 14:44:17
[-] Folder Deleted : C:\Users\Dick Bryden\AppData\Roaming\image editor packages

********************

If you do need to keep Java then download JavaRa (https://singularlabs.com/software/javara/javara-download/)
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime Download and install Latest version.

JooB87

2016-05-08, 16:21

Juliet

2016-05-08, 19:38

I'm not even sure what java is used for or if i actually need to keep it.. i would be ok to uninstall? I'd rather just not have it if i dont need it, especially with the security holes. what does java actually do?

Java is a programming language that developers use to create applications
If you had needed Java in the past you would know it.
Go ahead and uninstall it. IF a tool or program in the future needs it, you'll be asked to download and install it then. Most likely be directed to the download that has the most recent version.

I think we're about ready to remove tools and quarantine folders?

JooB87

2016-05-08, 20:12

java is gone.. i dunno, you tell me lol. i'm guessing you've told me everything i need to do to remove all the threats?

Juliet

2016-05-08, 21:41

Leave the computer like it is now, if you need it for something it will tell you.

Your good to go!

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

********************

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

JooB87

2016-05-10, 07:28

all done. i have an avira chrome add on that tells me when i try to connect to malicious sites, is it the same as the web of trust add on?

Juliet

2016-05-10, 12:26

all done. i have an avira chrome add on that tells me when i try to connect to malicious sites, is it the same as the web of trust add on?

No. These are 2 totally different applications and I would use both.

If there are no more issues, Your good to go.

JooB87

2016-05-10, 15:39

Juliet

2016-05-10, 19:41

pretty sure thats it. my cpu is running at numbers i havent seen that low in months lol, now its just malwarebytes and avast antivirus using most of it. i honestly cant thank you enough, thank you soooo so so much lol. lessons learned and i know to be a lot more careful now. i assume you've helped me do what tech support wanted hundreds of dollars to do? and again, thank you! :cool:

I truly don't know what tech support charges, or how they go about cleaning these types of infections.

We are glad to help.

I'll post some tips and tricks to help keep your computer protected.

~~~~~~~~~`

DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~~~~``

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Juliet

2016-05-12, 16:17

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.