Jump to content

Change Mode

Can't get rid of browser virus


Bayman
 Share

Recommended Posts

I must have a browser virus as when I click on a link a new tab appears for other sites....

 

Another tab popped up and it said:

 

"Attention Windows os user: your microsoft computer has been blocked.."

 

"Computer system alert! System has been infected due to an unexpected error"

 

"Please contact Microsoft Technicians 1-800-291-9660"

 

I ran PC Matic 5 times to try and get rid of this problem, rebooting after each and every clean.....I don't understand why PC Matic can't fix it....

 

 

Would appreciate your help..

Link to comment
Share on other sites

First, let's clear the browser's cache.


For Internet Explorer 7, 8, 9, 10, or 11, go to Start> Control Panel> Network and Internet> Internet Options> Browsing History> Delete and click the button to delete the temporary Internet Files, then click 'yes', 'close', 'OK'.


Next, try resetting your browser to defaults and manually uninstall any and all tool bars in Start>Control Panel>Programs and Features (or Add/Remove Programs). There are instructions at the link below to help with resetting the browser:




Reboot


:) Y

Link to comment
Share on other sites

BY4dvz9.pngAdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts.
  • Click A49sxPr.pngScan.
  • Upon completion, click 6cyn5v5.pngLogfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
  • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
  • Click MqHawIb.pngClean.
  • Follow the prompts and allow your computer to reboot.
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

 

~~~~~~~~~~~~~~~~~~`

 

Please download the Malwarebytes Anti-Malware setup file to your Desktop.

 

OR from this location Malwarebytes' Anti-Malware

  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs, followed by the first Scan Log.
  • Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

     

Link to comment
Share on other sites

# AdwCleaner v5.115 - Logfile created 04/05/2016 at 13:36:26

# Updated 01/05/2016 by Xplode

# Database : 2016-05-04.2 [server]

# Operating system : Windows 7 Professional Service Pack 1 (X64)

# Username : SamSmith - SAMSMITH-PC

# Running from : C:\1 Malware Removal\AdwCleaner\adwcleaner_5.115.exe

# Option : Clean



***** [ Services ] *****



***** [ Folders ] *****


[-] Folder Deleted : C:\ProgramData\LuckyBrowse

[#] Folder Deleted : C:\ProgramData\Application Data\LuckyBrowse

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse

[-] Folder Deleted : C:\Program Files (x86)\LuckyBrowse

[x] Folder Not Deleted : C:\Program Files (x86)\1ED023C0-1452561467-11DD-BB03-C86000BE45E4

[x] Folder Not Deleted : C:\Users\SamSmith\AppData\Roaming\RHEng

[x] Folder Not Deleted : C:\Users\SamSmith\Favorites\Search


***** [ Files ] *****


[x] File Not Deleted : C:\ods.exe.config

[x] File Not Deleted : C:\Windows\SysWOW64\lavasofttcpservice.dll

[x] File Not Deleted : C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini

[x] File Not Deleted : C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk

[x] File Not Deleted : C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\searchplugins\search-provided-by-yahoo.xml

[x] File Not Deleted : C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\searchplugins\default.xml

[x] File Not Deleted : C:\Windows\SysNative\LavasoftTcpService64.dll

[x] File Not Deleted : C:\Windows\SysNative\LavasoftTcpServiceOff.ini


***** [ DLLs ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****


[x] Shortcut Not Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk

[x] Shortcut Not Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk

[x] Shortcut Not Disinfected : C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 15 Premium.lnk

[x] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

[x] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[x] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 15 Premium\Paragon Hard Disk Manager™ 15 Premium.lnk

[x] Shortcut Not Disinfected : C:\Users\SamSmith\Desktop\Internet-Explorer (64-bit).lnk

[x] Shortcut Not Disinfected : C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[x] Shortcut Not Disinfected : C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk

[x] Shortcut Not Disinfected : C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet-Explorer (64-bit).lnk


***** [ Scheduled tasks ] *****


[x] Task Not Deleted : DNS Monitoring

[x] Task Not Deleted : DNS Monitoring


***** [ Registry ] *****


[x] Value Not Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]

[x] Value Not Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [DeskBar.exe]

[x] Value Not Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]

[x] Key Not Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}

[x] Key Not Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}

[x] Key Not Deleted : HKCU\Software\65d42177c9902515e4928001b5f4b06f

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\download.howtosimplified.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\download.televisionfanatic.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\free.videodownloadconverter.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\howtosimplified.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\howtosimplified.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myimageconverter.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safepcrepair.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\videodownloadconverter.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\videodownloadconverter.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Google\Chrome\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\pc-mechanic

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

[x] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}

[x] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}

[x] Key Not Deleted : HKCU\Software\CoinisRS

[x] Key Not Deleted : HKCU\Software\DAILYPCCLEAN

[x] Key Not Deleted : HKCU\Software\Microsoft\Tinstalls

[x] Key Not Deleted : HKCU\Software\OB

[x] Key Not Deleted : HKCU\Software\ParetoLogic

[x] Key Not Deleted : HKCU\Software\Probit Software

[x] Key Not Deleted : HKCU\Software\PRODUCTSETUP

[x] Key Not Deleted : HKCU\Software\System Healer

[x] Key Not Deleted : HKCU\Software\tstamptoken

[x] Key Not Deleted : HKCU\Software\WEBAPP

[x] Key Not Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

[x] Key Not Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\EasyDriverPro

[-] Key Deleted : [x64] HKLM\SOFTWARE\LuckyBrowse

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\ParetoLogic

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\SmartDNS

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Tutorials

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Uniblue

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\WebBar

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\DNSUnlocker

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\SrpnFiles

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Lavasoft\Web Companion

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DNSUnlocker.ns

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

[x] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\CoinisRS

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\DAILYPCCLEAN

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\Microsoft\Tinstalls

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\OB

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\ParetoLogic

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\Probit Software

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\PRODUCTSETUP

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\System Healer

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\tstamptoken

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\WEBAPP

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1015\Software\System Healer

[x] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

[x] Data Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

[x] Value Not Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D9DBF890-BD76-490E-B8B6-3C76E086F3CB}]

[x] Value Not Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7E605028-A586-4022-8203-3AC90F749EF2}]

[x] Value Not Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0F9D1E38-854F-4B79-BD0C-74942B2C70AD}]

[x] Value Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7DCD7CD8-CD00-4580-8627-4E069C70832C}

[x] Value Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

[x] Data Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

[x] Value Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]

[x] Key Not Deleted : HKU\S-1-5-21-159066257-559054521-1285519716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7DCD7CD8-CD00-4580-8627-4E069C70832C}

[x] Data Not Deleted : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{31BC85D1-C759-4BDB-A5AB-134EFD1D5521} [NameServer]

[x] Data Not Deleted : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6C969918-8846-444E-8A60-8853D390E983} [NameServer]

[x] Data Not Deleted : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7773803F-C582-4577-9E14-11FA2CCEBBA9} [NameServer]

[x] Data Not Deleted : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} [NameServer]

[x] Data Not Deleted : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} [NameServer]

[x] Data Not Deleted : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FACEF14E-4B81-4F9E-A4DE-691BBB6816EB} [NameServer]

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\home.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\howtosimplified.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myimageconverter.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safepcrepair.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\televisionfanatic.dl.tb.ask.com

[x] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\videodownloadconverter.dl.tb.ask.com

[x] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Web Companion


***** [ Web browsers ] *****


[-] [C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa


*************************


:: "Tracing" keys deleted

:: Winsock settings cleared


*************************


C:\AdwCleaner\AdwCleaner[C1].txt - [36072 bytes] - [28/04/2016 12:02:20]

C:\AdwCleaner\AdwCleaner[C2].txt - [10002 bytes] - [28/04/2016 12:12:28]

C:\AdwCleaner\AdwCleaner[C3].txt - [7189 bytes] - [04/05/2016 13:09:39]

C:\AdwCleaner\AdwCleaner[C4].txt - [12635 bytes] - [04/05/2016 13:36:26]

C:\AdwCleaner\AdwCleaner[s1].txt - [17566 bytes] - [28/04/2016 09:33:58]

C:\AdwCleaner\AdwCleaner[s2].txt - [17640 bytes] - [28/04/2016 09:52:47]

C:\AdwCleaner\AdwCleaner[s3].txt - [43030 bytes] - [28/04/2016 12:00:07]

C:\AdwCleaner\AdwCleaner[s4].txt - [5429 bytes] - [28/04/2016 12:09:00]

C:\AdwCleaner\AdwCleaner[s5].txt - [10266 bytes] - [01/05/2016 12:47:03]

C:\AdwCleaner\AdwCleaner[s6].txt - [8625 bytes] - [04/05/2016 12:49:28]

C:\AdwCleaner\AdwCleaner[s7].txt - [13415 bytes] - [04/05/2016 13:20:02]


########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [13225 bytes] ##########
Link to comment
Share on other sites

Here are the other logs:

 

mbam-log-2016-05-04 (13-48-34)

 

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>
-<header>
<date>2016/05/04 13:48:47 -0600</date>
<logfile>mbam-log-2016-05-04 (13-48-34).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.05.04.06</malware-database>
<rootkit-database>v2016.04.17.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<hostname>SAMSMITH-PC</hostname>
<ip>192.168.1.2</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>SamSmith</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>452676</objects>
<time>812</time>
<processes>0</processes>
<modules>0</modules>
<keys>27</keys>
<values>27</values>
<datas>7</datas>
<folders>9</folders>
<files>24</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<key>
<path>HKLM\SOFTWARE\CLASSES\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}</path>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<hash>974f80517d1c72c43e47907455ae956b</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>1bcb05cca3f668ce662c47892fd30af6</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\CLASSES\CLSID\{FD20C151-A061-4097-955D-682F317A7035}</path>
<vendor>PUP.Optional.DNSio</vendor>
<action>success</action>
<hash>d0166f627227c96d24875c73000249b7</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C98D5B61-B0EA-4D48-9839-1079D352D880}</path>
<vendor>PUP.Optional.MindSpark</vendor>
<action>success</action>
<hash>38ae626fdebbde588df03bbb21e1a15f</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\DNSUnlocker</path>
<vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor>
<action>success</action>
<hash>b72f0fc2d0c990a6d8a86d4deb1918e8</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\EasyDriverPro</path>
<vendor>PUP.Optional.EasyDriverPro</vendor>
<action>success</action>
<hash>12d410c171280f272700b7e943c151af</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>42a4c110bfda6acc5b58d8931ce807f9</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32</path>
<vendor>PUP.Optional.DeskBar</vendor>
<action>success</action>
<hash>3caa7958dbbe56e01e51b2ba4fb5916f</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS</path>
<vendor>PUP.Optional.DeskBar</vendor>
<action>success</action>
<hash>54929c357623d363472872fa7b89946c</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9A1DF9B1-8363-46C5-8FDD-729AF46D3778}</path>
<vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor>
<action>delete-on-reboot</action>
<hash>e402a130debbf145562c5c5ec83c9e62</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNS Monitoring</path>
<vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor>
<action>delete-on-reboot</action>
<hash>5e88ddf4c5d4d363e1a2a21844c06a96</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{11efa764}</path>
<vendor>PUP.Optional.MultiPlug</vendor>
<action>success</action>
<hash>35b19d34cdcc1d19113f183155af9868</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}</path>
<vendor>PUP.Optional.MySearch123</vendor>
<action>success</action>
<hash>24c27f52f2a736007f430f8c9a6a0ff1</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path>
<vendor>PUM.Optional.DisableChromeUpdates</vendor>
<action>success</action>
<hash>fee8fad7efaa83b316dc564309fbc53b</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\TUTORIALS</path>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<hash>9b4b04cddbbe56e01bb50e50ec18ef11</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\WebDnsio</path>
<vendor>PUP.Optional.DNSio</vendor>
<action>success</action>
<hash>b036943d2a6fca6c8c34d7cc38cc7e82</hash>
</key>
-<key>
<path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path>
<vendor>PUM.Optional.DisableChromeUpdates</vendor>
<action>success</action>
<hash>1acc2ba69ffac96d7a785643b3518a76</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\CoinisRS</path>
<vendor>PUP.Optional.InstallCore</vendor>
<action>success</action>
<hash>776f16bb0792ab8bc47f7af3df25ad53</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\ICSW1.14</path>
<vendor>PUP.Optional.InstallCore</vendor>
<action>success</action>
<hash>24c222af930686b08f006cd4dd272ed2</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jlcgehabolcakkjhgmgpkagpolbjlhfa</path>
<vendor>PUP.Optional.Searching</vendor>
<action>success</action>
<hash>6284e6eb0396310550bdaba6ae55d828</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7DCD7CD8-CD00-4580-8627-4E069C70832C}</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>d214bb16bddc36002e845417a95bcb35</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\OB</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>24c2bb163e5b65d164dd80ccd92b08f8</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\PRODUCTSETUP</path>
<vendor>PUP.Optional.ProductSetup</vendor>
<action>success</action>
<hash>a6407f524b4e89adf2fc6ae5c53fe11f</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\SYSTEM HEALER</path>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>569012bfd5c460d6d1e20992cc38c63a</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1015\SOFTWARE\SYSTEM HEALER</path>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>46a029a85c3dac8a22916f2c758f9868</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-500\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic</path>
<vendor>PUP.Optional.MindSpark</vendor>
<action>success</action>
<hash>1ec810c179202a0c862aef57867e6799</hash>
</key>
-<key>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-500\SOFTWARE\SYSTEM HEALER</path>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>a1457a57c4d55dd90ba852491de701ff</hash>
</key>
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>
<valuename>DoNotAskAgain</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<valuedata>searchinterneat-a.akamaihd.net</valuedata>
<hash>2abca829e1b88ea82e56b2bb1be9847c</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>42a4c110bfda6acc5b58d8931ce807f9</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9A1DF9B1-8363-46C5-8FDD-729AF46D3778}</path>
<valuename>Path</valuename>
<vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor>
<action>delete-on-reboot</action>
<valuedata>\DNS Monitoring</valuedata>
<hash>e402a130debbf145562c5c5ec83c9e62</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE</path>
<valuename>DisableAutoUpdateChecksCheckboxValue</valuename>
<vendor>PUM.Optional.DisableChromeUpdates</vendor>
<action>success</action>
<valuedata>1</valuedata>
<hash>fee8fad7efaa83b316dc564309fbc53b</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\TUTORIALS</path>
<valuename>HostGUID</valuename>
<vendor>PUP.Optional.Tuto4PC</vendor>
<action>success</action>
<valuedata>6CF2C271-6D69-4367-A53E-2950CB805DDB</valuedata>
<hash>9b4b04cddbbe56e01bb50e50ec18ef11</hash>
</value>
-<value>
<path>HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE</path>
<valuename>DisableAutoUpdateChecksCheckboxValue</valuename>
<vendor>PUM.Optional.DisableChromeUpdates</vendor>
<action>success</action>
<valuedata>1</valuedata>
<hash>1acc2ba69ffac96d7a785643b3518a76</hash>
</value>
-<value>
<path>HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES</path>
<valuename/>
<vendor>Hijack.AutoConfigURL.PrxySvrRST</vendor>
<action>success</action>
<hash>6e78dff20693c5714869fa4a897ad828</hash>
</value>
-<value>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path>
<valuename>{8E22DF00-E36B-4BA2-B43B-32825600B428}</valuename>
<vendor>PUP.Optional.SpringFiles</vendor>
<action>success</action>
<valuedata>v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SpringFiles\downloader.exe|Name=SpringFiles|</valuedata>
<hash>a4428b46aced69cd189b26937f85c937</hash>
</value>
-<value>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path>
<valuename>{FF9901DD-EA17-42BD-8BC3-5AA6F336EE58}</valuename>
<vendor>PUP.Optional.SpringFiles</vendor>
<action>success</action>
<valuedata>v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SpringFiles\downloader.exe|Name=SpringFiles|</valuedata>
<hash>09dd3d94debbf83e4a69e0d935cf9b65</hash>
</value>
-<value>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path>
<valuename>{D9DBF890-BD76-490E-B8B6-3C76E086F3CB}</valuename>
<vendor>PUP.Optional.LuckyBrowse</vendor>
<action>success</action>
<valuedata>v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|</valuedata>
<hash>f9ed2ba6c6d355e16454aa0513f1748c</hash>
</value>
-<value>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path>
<valuename>{7E605028-A586-4022-8203-3AC90F749EF2}</valuename>
<vendor>PUP.Optional.LuckyBrowse</vendor>
<action>success</action>
<valuedata>v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|</valuedata>
<hash>be28a62ba8f177bf38807f301ee6ee12</hash>
</value>
-<value>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES</path>
<valuename>{0F9D1E38-854F-4B79-BD0C-74942B2C70AD}</valuename>
<vendor>PUP.Optional.IDSCProduct</vendor>
<action>success</action>
<valuedata>v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Max Driver Updater\maxdu.exe|Name=MaxDriverUpdater|</valuedata>
<hash>d21410c113869f97fff3e7d407fd2bd5</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION</path>
<valuename>wb.exe</valuename>
<vendor>PUP.Optional.WebBar</vendor>
<action>success</action>
<valuedata>11000</valuedata>
<hash>7c6a527fb5e4e4524951edb7f70d45bb</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION</path>
<valuename>DeskBar.exe</valuename>
<vendor>PUP.Optional.DeskBar</vendor>
<action>success</action>
<valuedata>8888</valuedata>
<hash>b53198392f6af6405043149005ff857b</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>
<valuename>DoNotAskAgain</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<valuedata>searchinterneat-a.akamaihd.net</valuedata>
<hash>3da9626ff3a6ae8813b45517f311d828</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7DCD7CD8-CD00-4580-8627-4E069C70832C}</path>
<valuename>URL</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>d214bb16bddc36002e845417a95bcb35</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path>
<valuename>AutoConfigUrl</valuename>
<vendor>Hijack.AutoConfigURL.PrxySvrRST</vendor>
<action>success</action>
<hash>de08d1006b2e7db9387882c2fa091fe1</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\OB</path>
<valuename>monitype15</valuename>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<valuedata>9/20/15 13:37:37</valuedata>
<hash>24c2bb163e5b65d164dd80ccd92b08f8</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\OB</path>
<valuename>monitype6</valuename>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<valuedata>9/20/15 13:37:47</valuedata>
<hash>d80e10c10594280e5ae7c884f80cf808</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\OB</path>
<valuename>monitype12</valuename>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<valuedata>9/20/15 13:37:47</valuedata>
<hash>b33306cb960354e2390861eba85c2ad6</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\PRODUCTSETUP</path>
<valuename>tb</valuename>
<vendor>PUP.Optional.ProductSetup</vendor>
<action>success</action>
<valuedata>0Q1K1G1I1FtQyD</valuedata>
<hash>a6407f524b4e89adf2fc6ae5c53fe11f</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\SYSTEM HEALER</path>
<valuename>HomePage</valuename>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>569012bfd5c460d6d1e20992cc38c63a</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\SYSTEM HEALER</path>
<valuename>SupportPage</valuename>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>3ea8923fd6c33afcfbb87a2145bff50b</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1015\SOFTWARE\SYSTEM HEALER</path>
<valuename>HomePage</valuename>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>46a029a85c3dac8a22916f2c758f9868</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-1015\SOFTWARE\SYSTEM HEALER</path>
<valuename>SupportPage</valuename>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>697d5081a7f28da9169dff9c38ccdb25</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-500\SOFTWARE\SYSTEM HEALER</path>
<valuename>HomePage</valuename>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>a1457a57c4d55dd90ba852491de701ff</hash>
</value>
-<value>
<path>HKU\S-1-5-21-159066257-559054521-1285519716-500\SOFTWARE\SYSTEM HEALER</path>
<valuename>SupportPage</valuename>
<vendor>PUP.Optional.SystemHealer</vendor>
<action>success</action>
<hash>db0b2aa73f5af244961d5348e51f04fc</hash>
</value>
-<data>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>
<valuename>Start Page</valuename>
<vendor>PUP.Optional.Yontoo</vendor>
<action>replaced</action>
<gooddata>www.google.com</gooddata>
<hash>b4327d5424752c0ad51cff55e42135cb</hash>
</data>
-<data>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{31BC85D1-C759-4BDB-A5AB-134EFD1D5521}</path>
<valuename>NameServer</valuename>
<vendor>Trojan.DNSChanger</vendor>
<action>replaced</action>
<valuedata>208.87.151.28,208.87.151.29</valuedata>
<baddata>208.87.151.28,208.87.151.29</baddata>
<gooddata/>
<hash>22c410c1306914227422f75f788ddd23</hash>
</data>
-<data>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6C969918-8846-444E-8A60-8853D390E983}</path>
<valuename>NameServer</valuename>
<vendor>Trojan.DNSChanger</vendor>
<action>replaced</action>
<valuedata>208.87.151.28,208.87.151.29</valuedata>
<baddata>208.87.151.28,208.87.151.29</baddata>
<gooddata/>
<hash>b5310fc20990f5414a4cf066d1349a66</hash>
</data>
-<data>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7773803F-C582-4577-9E14-11FA2CCEBBA9}</path>
<valuename>NameServer</valuename>
<vendor>Trojan.DNSChanger</vendor>
<action>replaced</action>
<valuedata>208.87.151.28,208.87.151.29</valuedata>
<baddata>208.87.151.28,208.87.151.29</baddata>
<gooddata/>
<hash>9a4c4b86118871c51680520439cc42be</hash>
</data>
-<data>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9}</path>
<valuename>NameServer</valuename>
<vendor>Trojan.DNSChanger</vendor>
<action>replaced</action>
<valuedata>208.87.151.28,208.87.151.29</valuedata>
<baddata>208.87.151.28,208.87.151.29</baddata>
<gooddata/>
<hash>1fc77958d5c4fd39fc9af36326dfcc34</hash>
</data>
-<data>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8}</path>
<valuename>NameServer</valuename>
<vendor>Trojan.DNSChanger</vendor>
<action>replaced</action>
<valuedata>208.87.151.28,208.87.151.29</valuedata>
<baddata>208.87.151.28,208.87.151.29</baddata>
<gooddata/>
<hash>8c5ac30ebfdab0865f37144222e3e818</hash>
</data>
-<data>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{FACEF14E-4B81-4F9E-A4DE-691BBB6816EB}</path>
<valuename>NameServer</valuename>
<vendor>Trojan.DNSChanger</vendor>
<action>replaced</action>
<valuedata>208.87.151.28,208.87.151.29</valuedata>
<baddata>208.87.151.28,208.87.151.29</baddata>
<gooddata/>
<hash>a1455d747e1b9c9a890d560051b48080</hash>
</data>
-<folder>
<path>C:\Windows\System32\config\systemprofile\AppData\Local\WebBar</path>
<vendor>PUP.Optional.WebBar</vendor>
<action>success</action>
<hash>6284b31e6e2b6fc7624ae8796b99d927</hash>
</folder>
-<folder>
<path>C:\Users\SamSmith\AppData\Roaming\dclogs</path>
<vendor>Trojan.StolenData</vendor>
<action>success</action>
<hash>6e78be13e1b863d3f0b67d08da2a10f0</hash>
</folder>
-<folder>
<path>C:\Program Files (x86)\Evidence Eliminator</path>
<vendor>Rogue.EvidenceEliminator</vendor>
<action>success</action>
<hash>14d26c65d6c3ca6c754997702ad97090</hash>
</folder>
-<folder>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</folder>
-<folder>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</folder>
-<folder>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</folder>
-<folder>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</folder>
-<folder>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\_metadata</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</folder>
-<folder>
<path>C:\Program Files (x86)\WebDnsio</path>
<vendor>PUP.Optional.DNSio.BrwsrFlsh</vendor>
<action>success</action>
<hash>578fd6fbfb9eb4825ade013e72916a96</hash>
</folder>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\RHEng\38BC371ED2C74B7DB159ECFA49DB31AB\setup.exe.pcpquar</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>74724c858c0d3ff7c37b13ac45bc18e8</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\RHEng\B91141A73BB34B29ACBAABB50A0A14FD\WeatherBugSetup.exe</path>
<vendor>PUP.Optional.APNToolBar</vendor>
<action>success</action>
<hash>fee8617082176acce600a0af18e958a8</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\RHEng\F8551611B843421ABC7CC98532DE7D72\WWE_1.54.5.2.exe</path>
<vendor>PUP.Optional.Wajam</vendor>
<action>success</action>
<hash>489eb71a0a8f78beef3cd68c57a9659b</hash>
</file>
-<file>
<path>C:\$Recycle.Bin\S-1-5-21-159066257-559054521-1285519716-1000\$R56QF1Q.exe.pcpquar</path>
<vendor>PUP.Optional.MindSpark</vendor>
<action>success</action>
<hash>9353c40d7b1efe3872a67503bd48f709</hash>
</file>
-<file>
<path>C:\$Recycle.Bin\S-1-5-21-159066257-559054521-1285519716-1000\$R6NNRXF.exe.pcpquar</path>
<vendor>PUP.Optional.MindSpark</vendor>
<action>success</action>
<hash>ecfa8150742540f6f721ff799a6b23dd</hash>
</file>
-<file>
<path>C:\$Recycle.Bin\S-1-5-21-159066257-559054521-1285519716-1000\$RXN79ZG.exe.pcpquar</path>
<vendor>PUP.Optional.MindSpark</vendor>
<action>success</action>
<hash>f4f2626ffe9bae88f1275e1ad82d7987</hash>
</file>
-<file>
<path>C:\$Recycle.Bin\S-1-5-21-159066257-559054521-1285519716-1000\$RFNLQIZ.exe.pcpquar</path>
<vendor>PUP.Optional.MindSpark</vendor>
<action>success</action>
<hash>f0f620b17920e056ae6a94e464a1a55b</hash>
</file>
-<file>
<path>C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log</path>
<vendor>PUP.Optional.WebBar</vendor>
<action>success</action>
<hash>6284b31e6e2b6fc7624ae8796b99d927</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\searchplugins\search-provided-by-yahoo.xml</path>
<vendor>PUP.Optional.WinYahoo</vendor>
<action>success</action>
<hash>af376d642e6b66d09415e57ec143f010</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk</path>
<vendor>PUP.Optional.FakeIELaunch</vendor>
<action>success</action>
<hash>dd09d8f9b8e13ff767a9f97420e426da</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico</path>
<vendor>PUP.Optional.WinYahoo</vendor>
<action>success</action>
<hash>3fa731a04356fc3a1c9a2e4055af867a</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\dclogs\2015-01-08-5.dc</path>
<vendor>Trojan.StolenData</vendor>
<action>success</action>
<hash>6e78be13e1b863d3f0b67d08da2a10f0</hash>
</file>
-<file>
<path>C:\ods.exe.config</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>cb1b5c75b9e0d95d452bdec7aa5a6898</hash>
</file>
-<file>
<path>C:\Windows\System32\Tasks\DNS Monitoring</path>
<vendor>PUP.Optional.DNSUnlocker.ACMB2</vendor>
<action>success</action>
<hash>b333e4edf7a2181e89f59d1db450cb35</hash>
</file>
-<file>
<path>C:\Program Files (x86)\Evidence Eliminator\INSTALL.LOG</path>
<vendor>Rogue.EvidenceEliminator</vendor>
<action>success</action>
<hash>14d26c65d6c3ca6c754997702ad97090</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\favicon.png</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\manifest.json</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\newtab-hp.html</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js\background.js</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\newtab\js\newtab-hp.js</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa\1.5_0\_metadata\verified_contents.json</path>
<vendor>PUP.Optional.SearchModule</vendor>
<action>success</action>
<hash>757125ac2c6dfc3a196548eb27dcb24e</hash>
</file>
-<file>
<path>C:\prefs.js</path>
<vendor>PUP.Optional.Conduit</vendor>
<action>success</action>
<hash>f3f38051cfcaf0468397c4bcba4b6799</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\searchplugins\default.xml</path>
<vendor>PUP.Optional.Yontoo</vendor>
<action>success</action>
<hash>20c6cf029dfcc96d64aae99757aeef11</hash>
</file>
-<file>
<path>C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\sessionstore.js</path>
<vendor>PUP.Optional.ESurf.ShrtCln</vendor>
<action>replaced</action>
<baddata>esurf.biz</baddata>
<gooddata/>
<hash>05e1a52c673234025da1e59ea46110f0</hash>
</file>
</items>
</mbam-log>
2. protection-log-2016-05-04
<?xml version="1.0" encoding="UTF-8"?>
-<logs>
<record scanresult="completed" nonmalwaredetections="82" malwaredetections="12" duration="812" last_modified_tag="f50c80f1-b565-4116-a7a1-24494860009a" systemname="SAMSMITH-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2016-05-04T14:13:48.190376-06:00" starttime="2016-05-04T13:48:47-06:00" LoggingEventType="6" scantype="threat" severity="debug"/>
<record last_modified_tag="157bc942-8790-4062-bc7b-2e5409603f82" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:16:08.141503-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/>
<record last_modified_tag="68a5c1f1-cea4-463c-a1d9-42180f2cad88" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:16:08.157103-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/>
<record last_modified_tag="a2dab54a-9cf7-448b-aa88-a9193fa345df" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:16:08.235104-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
<record last_modified_tag="0dc4c092-a8cb-4d7e-aa38-86695dd2cadb" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:16:13.195912-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
<record last_modified_tag="d6912f42-36c2-4a4c-a28b-df1cad22b429" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:40.948361-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49175" malwaretype="Domain" ip="185.17.184.11" domain="healerweb.net" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="9f8d945b-a140-47b9-b6c2-9233f3f497c5" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.147965-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49175" malwaretype="Domain" ip="185.17.184.11" domain="healerweb.net" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="fa4cc3d1-6a02-45a3-84d4-7d4f63d49c2e" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.374370-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49176" malwaretype="Domain" ip="185.17.184.11" domain="sciencetechno.net" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="31e27057-6303-4395-8f86-4e630fb2ecac" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.438374-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49176" malwaretype="Domain" ip="185.17.184.11" domain="sciencetechno.net" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="6d59ab6c-fa87-42f4-a495-756ff4d7e707" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.500377-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49177" malwaretype="Domain" ip="185.17.184.11" domain="sethealer.net" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="cce3f358-fc57-47f8-8930-f94a69e038e0" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.563381-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49177" malwaretype="Domain" ip="185.17.184.11" domain="sethealer.net" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="c9ed381b-3758-4ea1-81be-6b9d39669c16" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.624384-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49178" malwaretype="Domain" ip="185.17.184.11" domain="enterpizesoft.info" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="b6eecff1-37e9-4c06-92e2-00bd1160f761" systemname="SAMSMITH-PC" username="SYSTEM" type="Detection" source="Protection" datetime="2016-05-04T14:16:43.688388-06:00" LoggingEventType="0" severity="debug" subtype="Malicious Website Protection" port="49178" malwaretype="Domain" ip="185.17.184.11" domain="enterpizesoft.info" direction="Outbound" process="C:\Windows\System32\svchost.exe"/>
<record last_modified_tag="94aec566-b053-4eb1-8ddd-8319aa51049c" systemname="SAMSMITH-PC" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-05-04T14:17:20.017117-06:00" LoggingEventType="1" severity="debug" toVersion="2016.5.4.1" name="Remediation Database" fromVersion="2016.4.29.1"/>
<record last_modified_tag="aa137dad-2354-4918-94c6-e24fb4e5e89d" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:17:20.032717-06:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
<record last_modified_tag="1a460cef-36cf-45cf-9e75-dd06400f87d1" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:17:20.048317-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
<record last_modified_tag="284174e4-3f43-4393-b70c-2a799d704166" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:17:20.235518-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
<record last_modified_tag="bdf685c5-c933-4ce4-ae71-89a957de76d4" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:17:25.211927-06:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
<record last_modified_tag="1d4d2320-9311-46fe-9191-7163dc43b80a" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:17:25.227527-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
<record last_modified_tag="ffd50cb0-3c14-41e0-b4e4-8b41e725d170" systemname="SAMSMITH-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2016-05-04T14:17:26.444329-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
<record last_modified_tag="e98ff290-19a8-4c8b-99fb-40511e99efb5" syst
Link to comment
Share on other sites

Note: after I ran Malwarebytes Anti-Malware there were a list of files that I quarantineed, as a result I was unable to connect to the internet, so I then went back into Malwarebytes Anti-Malware and unquaranteed those files, thus I was able to get back to this site and post the results of the two logs... I don't know which ones should be quaranteed or not....

Link to comment
Share on other sites

I don't see an icon for attaching files.....is there one?

 

Rather than using the quick reply box at the bottom of the page look toward the bottom right of that box and you'll see "More Reply Options", click that and in the new window that opens first click in the reply box and then scroll down about 2/3 of the way and you'll see "Attach Files", click the Browse button and select your file and after it loads go to the right and select "Add to post". ;)

 

 

 

 

:geezer:

Link to comment
Share on other sites

You have DNSChanger, browser hijack.

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  • rkill.exe
  • rkill.com
  • rkill.scr
  • rkill.pif
  • WiNlOgOn.exe
  • uSeRiNiT.exe
  • ~~~~~~~~~~~~~~~``

    Please remove any usb or external drives from the computer before you run this scan!

     

     

    Please download RogueKiller and save it to your desktop.

     

    You can check here if you're not sure if your computer is 32-bit or 64-bit

    • Download RogueKiller to your desktop.
    • Quit all running programs.
    • For Windows XP, double-click to start.
    • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
    • Read and accept the EULA (End User Licene Agreement)
    • Click Scan to scan the system.
    • When the scan completes Close the program > Don't Fix anything!
    • Don't run any other options, they're not all bad!!
    • Post back the report which should be located on your desktop.
Link to comment
Share on other sites

Running rkill.exe generated this info:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
Program started at: 05/04/2016 10:35:00 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* ALG [Missing Service]
* TBS [Missing Service]
Searching for Missing Digital Signatures:
Is this the results that are expected or do I need to run another rkill?
Link to comment
Share on other sites

Please download RogueKiller and save it to your desktop.

 

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Download RogueKiller to your desktop.
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
  • ~~~~~~~~~~~~~~~~~~~~~~```

     

    xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

     

*************

 

This set of instructions will produce 3 logs....I need to see all of them.

 

Is the computer better since the little bit we've already done?

Link to comment
Share on other sites

RogueKiller Scan Results

 

RogueKiller V12.1.5.0 [May 2 2016] (Free) by Adlice Software
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SamSmith [Administrator]
Started from : C:\1 Malware Removal\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/05/2016 22:30:41
¤¤¤ Processes : 1 ¤¤¤
[ZeroAccess] PCPitstopRTService.exe(2040) -- C:\Program Files (x86)\PCPitstop
\Super Shield\PCPitstopRTService.exe[x] -> Found
¤¤¤ Registry : 44 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\DNSUnlocker -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\EasyDriverPro -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\SmartDNS -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\TUTORIALS -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Uniblue -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\WebBar -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
-> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
-> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-159066257-559054521-1285519716-
1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
6adc6c51ec556157456f69b95746bd5d9059748 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-159066257-559054521-1285519716-
1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
6adc6c51ec556157456f69b95746bd5d9059748 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc
\Parameters\Internet\ManualProxies | (default) : 0http://unstops.net/wpad.dat?
6adc6c51ec556157456f69b95746bd5d9059748 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc
\Parameters\Internet\ManualProxies | (default) : 0http://unstops.net/wpad.dat?
6adc6c51ec556157456f69b95746bd5d9059748 -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
eq=U0EeCFZVBB8SRggReAwKWFoXExhHdlpZTA0XEwAOeAkNURRDEA0QcAsPVVhEEgwFIk0FA1ADB0VX
fVBdFElXTwhwJVhKAlE8TkdGC1dXFg== -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-159066257-559054521-1285519716-
1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve ->
Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-159066257-559054521-1285519716-
1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve ->
Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{31BC85D1-C759-4BDB-A5AB-134EFD1D5521} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{6C969918-8846-444E-8A60-8853D390E983} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{7773803F-C582-4577-9E14-11FA2CCEBBA9} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} | DhcpNameServer
: 10.101.0.1 ([]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} | DhcpNameServer
: 192.168.1.1 0.0.0.0 ([-][]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
\Parameters\Interfaces\{FACEF14E-4B81-4F9E-A4DE-691BBB6816EB} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{31BC85D1-C759-4BDB-A5AB-134EFD1D5521} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{6C969918-8846-444E-8A60-8853D390E983} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{7773803F-C582-4577-9E14-11FA2CCEBBA9} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} | DhcpNameServer
: 10.101.0.1 ([]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} | DhcpNameServer
: 192.168.1.1 0.0.0.0 ([-][]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
\Parameters\Interfaces\{FACEF14E-4B81-4F9E-A4DE-691BBB6816EB} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{31BC85D1-C759-4BDB-A5AB-134EFD1D5521} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{6C969918-8846-444E-8A60-8853D390E983} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{7773803F-C582-4577-9E14-11FA2CCEBBA9} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9} | DhcpNameServer
: 10.101.0.1 ([]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8} | DhcpNameServer
: 192.168.1.1 0.0.0.0 ([-][]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip
\Parameters\Interfaces\{FACEF14E-4B81-4F9E-A4DE-691BBB6816EB} | NameServer :
208.87.151.28,208.87.151.29 ([united States][united States]) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-159066257-559054521-1285519716-
1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-159066257-559054521-1285519716-
1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
Start_ShowMyGames : 0 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\Program Files (x86)\1ED023C0-1452561467-11DD-BB03-C86000BE45E4
-> Found
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][CHROME:Addon] Default : MetaProducts Offline Explorer integration
[pkijdmeepjhpenmighhaodgfoogncnlk] -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++
--- User ---
[MBR] 8accdbe4df2c41b81f39363320c9b61d
[bSP] d90074ef42a40366a89e7fd4ec82289c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953868 MB
[Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD2000JD-00HBB0 ATA Device +++++
--- User ---
[MBR] a730cef90f4b8dbadbdf6f2909c513af
[bSP] 77c87fc98be0f17a6a7fa9684477822a : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 190771 MB
[Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive6: Generic Mini SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive7: SAMSUNG HD103SI USB Device +++++
--- User ---
[MBR] 73c1cbefd4f6be534b263adae94ba6c5
[bSP] 48a2400cafde1347a945842a13738715 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
[Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive8: WD Ext HDD 1021 USB Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
Error reading LL2 MBR! ([32] The request is not supported. )
Link to comment
Share on other sites

FRST Text:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 02
Ran by SamSmith (administrator) on SAMSMITH-PC (05-05-2016 22:45:50)
Running from C:\1 Malware Removal\Farbar Recovery Scan Tool (FRST) Scan
Loaded Profiles: SamSmith & PCPitstopSVC (Available Profiles: SamSmith & PCPitstopSVC & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(XemiComputers ltd.) C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Pelmorex Media Inc.) C:\Users\SamSmith\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [egui] => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKLM-x32\...\Run: [sT7501] => [X]
HKLM-x32\...\Run: [VAST] => [X]
HKLM-x32\...\Run: [info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2144064 2016-02-16] (PC Pitstop LLC)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2015-01-07] (Siber Systems)
HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\Run: [Active Desktop Calendar] => C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe [7608832 2011-11-23] (XemiComputers ltd.)
HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\Run: [shadeYouGui] => C:\Program Files (x86)\ShadeYou\shadeyougui.exe [770560 2015-12-07] ()
HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6538568 2016-03-21] (Plex, Inc.)
HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\Run: [WeatherEye] => C:\Users\SamSmith\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe [310920 2012-08-30] (Pelmorex Media Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [s-1-5-21-159066257-559054521-1285519716-1000] => hxxp://unstops.net/wpad.dat?6adc6c51ec556157456f69b95746bd5d9059748
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{31BC85D1-C759-4BDB-A5AB-134EFD1D5521}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{6C969918-8846-444E-8A60-8853D390E983}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{7773803F-C582-4577-9E14-11FA2CCEBBA9}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{9FE18564-080E-4953-B3C9-4094A276A5B9}: [DhcpNameServer] 10.101.0.1
Tcpip\..\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8}: [NameServer] 208.87.151.28,208.87.151.29
Tcpip\..\Interfaces\{BF1E7586-EE2C-4D0A-9F5F-894185DEA8F8}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{FACEF14E-4B81-4F9E-A4DE-691BBB6816EB}: [NameServer] 208.87.151.28,208.87.151.29
ManualProxies: 0hxxp://unstops.net/wpad.dat?6adc6c51ec556157456f69b95746bd5d9059748
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggReAwKWFoXExhHdlpZTA0XEwAOeAkNURRDEA0QcAsPVVhEEgwFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlE8TkdGC1dXFg==
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsAVAtIQlMRbV0OAlhcFVMRdRQAUQxBDAcSeAoIUw5FQAAQeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsAVAtIQlMRbV0OAlhcFVMRdRQAUQxBDAcSeAoIUw5FQAAQeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
SearchScopes: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> {7DCD7CD8-CD00-4580-8627-4E069C70832C} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsAVAtIQlMRbV0OAlhcFVMRdRQAUQxBDAcSeAoIUw5FQAAQeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
BHO: uuniisaalees -> {034323c1-ad9b-46ca-9bb3-8de4da6b880c} -> C:\Program Files (x86)\uuniisaalees\VzYAPexaeNj53N.x64.dll => No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-07] (Siber Systems Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
BHO: youtubeadblocker -> {bde54070-7cb3-4fd6-942d-bc26c2b6b37c} -> C:\Program Files (x86)\youtubeadblocker\m0A1s7OFWFngSV.x64.dll => No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-07] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-01-07] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-01-07] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {64865E5A-E8D7-44C1-89E1-99A84F6E56D0} hxxp://192.168.1.100/VVTK_Plugin_Installer.exe
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default
FF DefaultSearchEngine: Default
FF SelectedSearchEngine: Default
FF NetworkProxy: "type", 0
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-01-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-01-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-159066257-559054521-1285519716-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-159066257-559054521-1285519716-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF SearchPlugin: C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\searchplugins\default.xml [2016-05-04]
FF SearchPlugin: C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\searchplugins\search-provided-by-yahoo.xml [2016-05-04]
FF Extension: Garmin Communicator - C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-06-21] [not signed]
FF Extension: No Name - C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\Extensions\staged-xpis [2015-09-09] [not signed]
FF Extension: BitComet Video Downloader - C:\Users\SamSmith\AppData\Roaming\Mozilla\Firefox\Profiles\u198dvnc.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-04-02] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [noreply@pcpitstop.com] - C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\pc_matic-1.01-sm+fx+an-windows
FF Extension: PC Matic - C:\Program Files (x86)\PCPitstop\PC Matic\AdBlockers\pc_matic-1.01-sm+fx+an-windows [2016-04-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-02-09] [not signed]
FF HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault&chext=v2&s=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Module Plus
CHR Profile: C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (Rapport) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-14]
CHR Extension: (YouTube) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Google Search) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-14]
CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2016-03-14]
CHR Extension: (Google Sheets) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2016-03-14]
CHR Profile: C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-18]
CHR Extension: (Google Docs) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-18]
CHR Extension: (Google Drive) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (Rapport) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-18]
CHR Extension: (YouTube) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Google Search) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2016-02-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-03-11]
CHR Extension: (Google Sheets) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-11]
CHR Extension: (Search Module Plus v2) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2016-02-18]
CHR Extension: (Skype) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-18]
CHR Extension: (Gmail) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Extension: (MetaProducts Offline Explorer integration) - C:\Users\SamSmith\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk [2016-03-11]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-159066257-559054521-1285519716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - C:\Program Files (x86)\Offline Explorer Enterprise\mpoe.crx [2014-09-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [669504 2016-02-16] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [198456 2016-03-07] (PC Pitstop LLC)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
S3 ShadeYou; C:\Program Files (x86)\ShadeYou\shadeyousvc.exe [70656 2015-12-07] () [File not signed]
S3 ShadeYouWatcher; C:\Program Files (x86)\ShadeYou\shadeyouwatcher.exe [65536 2015-12-07] () [File not signed]
S3 VAST Uranus Watch Dog; C:\Program Files (x86)\VIVOTEK Inc\VAST\Server\VMSUranusWatchDog.exe [288656 2014-03-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [X]
S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S3 athr; C:\Windows\System32\DRIVERS\Dathrx.sys [2750464 2011-05-24] (Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
R2 BrPar; C:\Windows\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries Ltd.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2016-04-03] (ESET)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-11-21] (AnchorFree Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609035.sys [1156456 2016-04-03] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-03-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-03-23] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-03-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523432 2016-03-23] (IBM Corp.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-11-21] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-05] ()
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-07-22] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-07-22] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-07-22] ()
R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-05 22:45 - 2016-05-05 22:45 - 00000000 ____D C:\FRST
2016-05-05 21:27 - 2016-05-05 22:13 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-05 17:38 - 2016-05-05 21:44 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-04 22:34 - 2016-05-04 22:35 - 00002102 _____ C:\Users\SamSmith\Desktop\Rkill.txt
2016-05-04 15:00 - 2016-05-04 15:00 - 00003734 _____ C:\Windows\System32\Tasks\DNS Monitoring
2016-05-04 15:00 - 2016-05-04 15:00 - 00000151 _____ C:\ods.exe.config
2016-05-04 15:00 - 2016-05-04 15:00 - 00000000 ____D C:\Program Files (x86)\WebDnsio
2016-05-04 15:00 - 2016-05-04 15:00 - 00000000 ____D C:\Program Files (x86)\Evidence Eliminator
2016-05-04 14:59 - 2016-05-04 14:59 - 00000264 _____ C:\prefs.js
2016-05-04 14:59 - 2016-05-04 14:59 - 00000000 ____D C:\Users\SamSmith\AppData\Roaming\dclogs
2016-05-04 14:11 - 2016-05-04 14:19 - 00000080 _____ C:\Users\Public\Desktop\Paragon Hard Disk ManagerT 15 Premium.lnk
2016-05-04 13:44 - 2016-05-05 20:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-04 13:44 - 2016-05-04 14:19 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-04 13:44 - 2016-05-04 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-04 13:44 - 2016-05-04 13:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-04 13:44 - 2016-05-04 13:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-04 13:44 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-04 13:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-04 13:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-04 13:15 - 2016-05-04 13:15 - 00000000 ____D C:\Users\SamSmith\AppData\Roaming\RHEng
2016-05-04 13:14 - 2016-05-04 13:14 - 00000000 ____D C:\Program Files (x86)\1ED023C0-1452561467-11DD-BB03-C86000BE45E4
2016-04-28 12:20 - 2016-05-05 22:38 - 00000000 ____D C:\1 Malware Removal
2016-04-28 10:27 - 2016-04-28 14:21 - 00005747 _____ C:\Users\SamSmith\Desktop\JRT.txt
2016-04-28 09:32 - 2016-05-04 13:36 - 00000000 ____D C:\AdwCleaner
2016-04-13 03:07 - 2016-03-17 17:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 03:07 - 2016-03-17 17:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 03:07 - 2016-03-17 17:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 03:07 - 2016-03-17 17:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 03:07 - 2016-03-17 17:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 03:07 - 2016-03-17 17:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 03:07 - 2016-03-17 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 03:07 - 2016-03-17 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 03:07 - 2016-03-17 16:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 03:07 - 2016-03-17 16:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 03:07 - 2016-03-17 16:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 03:07 - 2016-03-17 16:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 03:07 - 2016-03-17 16:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 03:07 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 03:07 - 2016-03-17 16:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 03:07 - 2016-03-17 16:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 03:07 - 2016-03-17 16:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 03:07 - 2016-03-17 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 03:07 - 2016-03-17 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 03:07 - 2016-03-17 16:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 03:07 - 2016-03-17 16:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 03:07 - 2016-03-17 16:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 03:07 - 2016-03-17 16:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 03:07 - 2016-03-17 16:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 03:07 - 2016-03-17 16:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 03:07 - 2016-03-17 16:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 03:07 - 2016-03-17 16:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 03:07 - 2016-03-17 16:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 03:07 - 2016-03-17 16:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 03:07 - 2016-03-17 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 03:07 - 2016-03-17 16:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 03:07 - 2016-03-17 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 03:07 - 2016-03-17 16:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 03:07 - 2016-03-17 16:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 03:07 - 2016-03-17 16:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 03:07 - 2016-03-17 16:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 03:07 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 03:07 - 2016-03-17 16:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 03:07 - 2016-03-17 16:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 03:07 - 2016-03-17 16:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 03:07 - 2016-03-17 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 03:07 - 2016-03-17 16:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 03:07 - 2016-03-17 16:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 15:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 03:07 - 2016-03-17 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 03:07 - 2016-03-17 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 03:07 - 2016-03-17 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 03:07 - 2016-03-17 15:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 03:07 - 2016-03-17 15:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 03:07 - 2016-03-17 15:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 03:07 - 2016-03-17 15:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 03:07 - 2016-03-17 15:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 03:07 - 2016-03-17 15:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 03:07 - 2016-03-17 15:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 03:07 - 2016-03-17 15:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 03:07 - 2016-03-17 15:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 03:07 - 2016-03-17 15:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 03:07 - 2016-03-17 15:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 03:07 - 2016-03-17 15:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 03:07 - 2016-03-17 15:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 03:07 - 2016-03-17 15:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 15:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 15:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 03:07 - 2016-03-17 15:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 03:07 - 2016-03-16 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 03:07 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 03:07 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 03:07 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 03:07 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 03:07 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 03:07 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 03:07 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 03:07 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 03:07 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 03:07 - 2016-02-02 12:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 03:07 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 03:06 - 2016-04-04 12:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 03:06 - 2016-04-04 12:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 03:06 - 2016-04-02 07:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 03:06 - 2016-03-31 13:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 03:06 - 2016-03-31 12:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 03:06 - 2016-03-30 18:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 03:06 - 2016-03-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 03:06 - 2016-03-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 03:06 - 2016-03-30 18:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 03:06 - 2016-03-30 18:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 03:06 - 2016-03-30 18:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 03:06 - 2016-03-30 18:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 03:06 - 2016-03-30 18:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 03:06 - 2016-03-30 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 03:06 - 2016-03-30 18:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 03:06 - 2016-03-30 18:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 03:06 - 2016-03-30 18:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 03:06 - 2016-03-30 18:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 03:06 - 2016-03-30 18:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 03:06 - 2016-03-30 18:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 03:06 - 2016-03-30 18:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 03:06 - 2016-03-30 18:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 03:06 - 2016-03-30 18:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 03:06 - 2016-03-30 18:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 03:06 - 2016-03-30 18:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 03:06 - 2016-03-30 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 03:06 - 2016-03-30 18:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 03:06 - 2016-03-30 17:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 03:06 - 2016-03-30 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 03:06 - 2016-03-30 17:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 03:06 - 2016-03-30 17:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 03:06 - 2016-03-30 17:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 03:06 - 2016-03-30 17:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 03:06 - 2016-03-30 17:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 03:06 - 2016-03-30 17:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 03:06 - 2016-03-30 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 03:06 - 2016-03-30 17:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 03:06 - 2016-03-30 17:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 03:06 - 2016-03-30 17:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 03:06 - 2016-03-30 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 03:06 - 2016-03-30 17:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 03:06 - 2016-03-30 17:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 03:06 - 2016-03-30 17:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 03:06 - 2016-03-30 17:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 03:06 - 2016-03-30 17:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 03:06 - 2016-03-30 17:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 03:06 - 2016-03-30 17:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 03:06 - 2016-03-30 17:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 03:06 - 2016-03-30 17:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 03:06 - 2016-03-30 17:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 03:06 - 2016-03-30 17:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 03:06 - 2016-03-30 17:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 03:06 - 2016-03-30 17:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 03:06 - 2016-03-30 17:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 03:06 - 2016-03-30 17:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 03:06 - 2016-03-30 17:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 03:06 - 2016-03-30 17:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 03:06 - 2016-03-30 17:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 03:06 - 2016-03-30 17:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 03:06 - 2016-03-30 17:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 03:06 - 2016-03-30 17:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 03:06 - 2016-03-30 17:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 03:06 - 2016-03-30 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 03:06 - 2016-03-30 17:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 03:06 - 2016-03-30 17:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 03:06 - 2016-03-30 17:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 03:06 - 2016-03-30 17:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 03:06 - 2016-03-30 17:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 03:06 - 2016-03-30 17:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 03:06 - 2016-03-29 11:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 03:06 - 2016-03-23 08:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 03:06 - 2016-03-17 12:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 03:06 - 2016-03-17 12:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 03:06 - 2016-03-17 12:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 03:06 - 2016-03-17 12:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 03:06 - 2016-03-15 18:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 03:06 - 2016-03-15 18:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 03:06 - 2016-03-15 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 03:06 - 2016-03-11 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 03:06 - 2016-03-11 12:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 03:06 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 10:09 - 2016-04-12 10:09 - 00000000 ____D C:\Users\SamSmith\AppData\Roaming\SolidDocuments
2016-04-09 08:32 - 2016-04-09 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-08 22:41 - 2016-05-05 21:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-08 22:41 - 2016-04-08 22:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 22:41 - 2016-04-08 22:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 22:41 - 2016-04-08 22:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 22:40 - 2016-04-08 22:40 - 05338816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-05 22:45 - 2016-04-02 18:07 - 00000000 ____D C:\ProgramData\PCPitstopDat
2016-05-05 22:08 - 2009-07-13 22:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632
Link to comment
Share on other sites

Please download RogueKiller and save it to your desktop.

 

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Download RogueKiller to your desktop.
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
  • ~~~~~~~~~~~~~~~~~~~~~~```

     

    xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

*************

 

This set of instructions will produce 3 logs....I need to see all of them.

 

Is the computer better since the little bit we've already done?

 

Yes the computer is better since the little bit we've done....

I take that back, after going to Canadian Tire website it started acting up again...

Edited by Bayman
Link to comment
Share on other sites

Addition Text:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 02
Ran by SamSmith (2016-05-05 22:46:45)
Running from C:\1 Malware Removal\Farbar Recovery Scan Tool (FRST) Scan
Windows 7 Professional Service Pack 1 (X64) (2015-01-07 05:23:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-159066257-559054521-1285519716-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-159066257-559054521-1285519716-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-159066257-559054521-1285519716-1002 - Limited - Enabled)
PCPitstopSVC (S-1-5-21-159066257-559054521-1285519716-1015 - Administrator - Enabled) => C:\Users\PCPitstopSVC
SamSmith (S-1-5-21-159066257-559054521-1285519716-1000 - Administrator - Enabled) => C:\Users\SamSmith
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: PC Matic Super Shield (Enabled - Up to date) {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
AS: PC Matic Super Shield (Enabled - Up to date) {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
Active Desktop Calendar 7.96 (HKLM-x32\...\Active Desktop Calendar_is1) (Version: - XemiComputers)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe CMM (HKLM-x32\...\Adobe_b7572144686c889e4039b734b60fbbd) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Document Converter 3.0.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.1.237 - Online Media Technologies Ltd.)
Beyond Compare Version 3.1.3 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
BitComet 1.40 (HKLM-x32\...\BitComet) (Version: 1.40 - CometNetwork)
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Brother HL-3045CN (HKLM-x32\...\{031152BB-2275-4110-A132-1F91CECFBDE6}) (Version: 1.00 - Brother)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{F2F3159D-0717-4E4E-909E-07D11ADF9D3E}) (Version: 17.2.0.688 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 17.2.688 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 17.2.688 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x32 Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x32 Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x32 Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (HKLM-x32\...\_{C5D9CECB-A66F-473F-B406-5C8C2DCA4DF0}) (Version: 17.2.0.688 - Corel Corporation)
CorelDRAW Graphics Suite X7 (x32 Version: 17.2 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Coyote Stencil Shop 3.0 (HKLM-x32\...\{7D18042B-FDC2-49E6-88C0-3156EC2DAD75}) (Version: 3.00.0000 - Carving Technologies, LLC)
DNS Unlocker (HKLM\...\DNSUnlocker.ns) (Version: - ) <==== ATTENTION
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
DVDFab 9.1.9.9 (28/04/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Elevated Installer (x32 Version: 4.0.21.0 - Garmin Ltd or its subsidiaries) Hidden
Enfocus PitStop Pro (x32 Version: 13.0 - Enfocus) Hidden
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.4.22 - Epubor Inc.)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
FM PDF To JPG Converter Pro 2.0 (HKLM-x32\...\FM PDF To JPG Converter Pro_is1) (Version: 2.0 - )
FontLab ScanFont 5 (HKLM-x32\...\{4424b048-5725-11dc-8314-0800200c9a66}) (Version: 5.0.0 - FontLab)
Fontlab Studio 5 (HKLM-x32\...\Studio 5.2_is1) (Version: 5.2 - FontLab)
Fontlab TransType4 (HKLM-x32\...\TransType4.0_is1) (Version: 4.0 - FontLab)
FontLab TypeTool 3 (HKLM-x32\...\{e4e53a40-2180-11db-a98b-0800200c9a66}) (Version: 3.0.0 - FontLab)
Foxit PhantomPDF Business (HKLM-x32\...\{8A601904-4113-40FE-9DCC-7A38CE1A8032}) (Version: 7.0.6.1126 - Foxit Software Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Garmin City Navigator North America NT 2015.40 (HKLM-x32\...\{502AF3EA-34FA-4BD9-BAEF-3F8D8C5E3CCC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{f12fdb52-c810-4ca6-a78c-032686527928}) (Version: 4.0.21.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.21.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.21.0 - Garmin Ltd or its subsidiaries) Hidden
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.00.000 - Runtime Software)
Google Chrome (HKLM-x32\...\{A29ED7D5-3D50-35AC-A6B7-1C5F735D926D}) (Version: 50.0.2661.94 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
ICA (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
IPM_PSP_COM64 (Version: 18.0.0.124 - Corel Corporation) Hidden
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Kindle PC Converter (HKLM-x32\...\KindleConverter) (Version: - hxxp://www.ebook-converter.com)
Licensing Service Install (HKLM-x32\...\{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}) (Version: 2.0.1.141 - Protexis Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
MetaProducts Offline Explorer Pro (HKLM-x32\...\MetaProducts Offline Explorer Pro) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
My Notes Keeper 3.7 (HKLM-x32\...\My Notes Keeper_is1) (Version: - Wpg Computing, Inc.)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
NirSoft WirelessNetView (HKLM-x32\...\NirSoft WirelessNetView) (Version: - )
Nitro Pro 10 (HKLM\...\{01396EAF-25FE-446F-A021-672FD38FE598}) (Version: 10.5.2.11 - Nitro)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 15 Premium (HKLM\...\{619A89DE-5F01-11E2-85E8-000C2982512D}) (Version: 90.00.0003 - Paragon Software)
PC Matic 1.1.0.67 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.67 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.60 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.60 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.18 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.18 - PC Pitstop LLC.)
PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.3.5 - Plex inc)
Plex Media Server (HKLM-x32\...\{858a1616-b2b2-4c74-abbe-ddbc8484b22f}) (Version: 0.9.1603 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1603 - Plex, Inc.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PSPPContent (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
PSPPro64 (Version: 18.0.0.124 - Corel Corporation) Hidden
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.3 - Ralink)
Rapid Resizer (HKLM-x32\...\Rapid Resizer_is1) (Version: - Patrick Roberts Software)
Rapport (x32 Version: 3.5.1609.47 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RoboForm 7-8-6-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-8-6-5 - Siber Systems)
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Setup (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
ShadeYouVPN.com Client v.2.0.1 (HKLM-x32\...\ShadeYouVPN.com Client_is1) (Version: - ShadeYouVPN.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.22.108 - Skype Technologies S.A.)
Snagit 11 (HKLM-x32\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation)
SystemText (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{11efa764}) (Version: - Software Publisher) <==== ATTENTION
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
TransType Pro (HKLM-x32\...\{762EBEC5-7ADC-48DC-ADDE-882616730050}) (Version: 3.0.2 - FontLab)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.47 - Trusteer)
UFile 2013 (HKLM-x32\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.06.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile 2014 (HKLM-x32\...\{BAF69D89-5F75-4872-8389-74157F5E3087}) (Version: 18.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile 2015 (HKLM-x32\...\{1FF95F73-AB46-472B-AF7A-D032400F1FFA}) (Version: 19.16.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2013 (HKLM-x32\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2014 (HKLM-x32\...\{85DEECC9-38D1-4BA9-A8DD-09282CFB97C8}) (Version: 10.12.0010 - Thomson Reuters DT Tax and Accounting Inc.)
UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIVOTEK VAST (HKLM-x32\...\VAST) (Version: 1.7.7.302 - VIVOTEK, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXtoVideo Ultimate 1 (HKLM-x32\...\{{ECDB800F-E1F0-48FE-B393-E12E40CD3A89}_is1) (Version: 1.6.0.3 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
We Batch Html to PDF Converter (HKLM-x32\...\{FE30F19D-B6CE-4FB8-9958-8761ED55A4F2}) (Version: 3.3.0.0 - iWesoft)
WeatherEye (HKU\S-1-5-21-159066257-559054521-1285519716-1000\...\WeatherEye) (Version: - )
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel Corporation (igfx) Display (05/26/2015 9.17.10.4229) (HKLM\...\B3A6B01BC6D642E96F648C5F44C2BD5AA6633CF2) (Version: 05/26/2015 9.17.10.4229 - Intel Corporation)
Windows Driver Package - Intel® Corporation (IntcDAud) MEDIA (09/09/2014 6.16.00.3154) (HKLM\...\D5F57E44ED87C8806CD52B84559BF473A9C7BB9F) (Version: 09/09/2014 6.16.00.3154 - Intel® Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/07/2015 6.0.1.7553) (HKLM\...\EC9712B4F91FAD8E1931924B832B59B438AF644B) (Version: 07/07/2015 6.0.1.7553 - Realtek Semiconductor Corp.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.11.20150923 - Xilisoft)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-159066257-559054521-1285519716-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SamSmith\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-159066257-559054521-1285519716-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-159066257-559054521-1285519716-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-159066257-559054521-1285519716-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {14E6104E-1FAE-4908-A864-171AEE1C6BEB} - System32\Tasks\{39AB4605-323C-4042-A7F6-0348F0B65946} => Chrome.exe
Task: {1C06494C-C96F-435E-9F5C-FA511CABED19} - System32\Tasks\ibVPN => C:\Program Files (x86)\ibVPN\ibVPN.com.exe
Task: {2A6ECD4B-D538-4CF7-9A80-6479088891FF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {30CFEB85-16C8-498B-8BFA-A6D76F43EDA1} - System32\Tasks\{44F0A137-1E09-42BF-BC96-60603C5047B6} => pcalua.exe -a C:\Export\Test\1.UnSupprtedAppStore\Windows\Plex_UnSupportedAppStore_Installer_Win.exe -d C:\Export\Test\1.UnSupprtedAppStore\Windows
Task: {31251AB5-7FA8-4BDD-AF3C-DC36D5CB4539} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.0\upgrade.exe [2015-09-09] (ESET)
Task: {690BC8F4-69CD-44C6-A0B6-02AA5D70BB8F} - System32\Tasks\{10240168-42D4-4EDB-9E12-BD9CECE93789} => Chrome.exe
Task: {6A1BF85E-8896-4D47-91AB-69C1C9CE7C54} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJGMLJJMOJLJNJPMCNJJKJJJNJCNLMOMLMMMCNOJJMOMLMCNIMJJIMNMJJLMPMLMPMLJJJNJJNJICMIMCNHMCNJMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMNMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMKOJCJMKCJGJLIHJJNKJCMJNNICMJNDJCMKJBJ"
Task: {6DE7F178-DD66-4F4E-9EC0-5700A2EBA9FF} - System32\Tasks\{5A70F4EC-D3DD-4E60-A69D-CCE563F64E70} => Chrome.exe
Task: {886A624E-E043-42A5-A843-E1F9DF352700} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-01-07] (Siber Systems)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B0C5585D-72FE-436D-9DBF-4B312079CDFC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FE5E9A09-6BAB-4555-8CAE-E4969402B784} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461028529&a=1046500&src=sh&uuid=50bef2a0-8f0e-49de-8694-cc9f0df73acd"
ShortcutWithArgument: C:\Users\Public\Desktop\Paragon Hard Disk Manager™ 15 Premium.lnk -> C:\Program Files\Paragon Software\Hard Disk Manager 15 Premium\program\launcher.exe (Paragon Software Group) -> "hxxp://trustedsurf.com/?ssid=1461028529&a=1046500&src=sh&uuid=50bef2a0-8f0e-49de-8694-cc9f0df73acd"
==================== Loaded Modules (Whitelisted) ==============
2016-03-16 04:17 - 2016-03-16 04:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-04-03 20:34 - 2014-04-15 12:02 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2016-04-02 20:26 - 2015-06-26 03:13 - 00184184 _____ () C:\ProgramData\PCPitstopDat\dat\libBase64.dll
2016-04-02 20:26 - 2015-06-26 03:13 - 00175992 _____ () C:\ProgramData\PCPitstopDat\dat\libMachoUniv.dll
2015-01-08 22:07 - 2011-11-23 15:59 - 00035840 _____ () C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\MouseHook.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00083784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00206664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00851784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00057672 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00097608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 01986376 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 01743688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2016-03-21 13:41 - 2016-03-21 13:41 - 00551984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libdcadec.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00501064 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00031048 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2016-04-03 20:34 - 2016-02-16 16:18 - 00187200 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00055112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00038728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00029512 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00045896 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00853832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00073544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00177480 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2016-03-21 13:42 - 2016-03-21 13:42 - 00204104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00026440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00092488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00122696 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2016-03-21 13:42 - 2016-03-21 13:42 - 00700744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-01-06 23:55 - 2012-01-20 12:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-05-02 14:44 - 2016-04-27 17:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-02 14:44 - 2016-04-27 17:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-05-02 14:44 - 2016-04-27 17:25 - 17536664 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [169]
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [229]
AlternateDataStreams: C:\ProgramData\TEMP:B4AF47A7 [115]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2016-02-18 11:21 - 00000748 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-159066257-559054521-1285519716-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SamSmith\AppData\Roaming\XEMICO~1\ACTIVE~1\Desktop\ACTIVE~1.BMP
DNS Servers: 208.87.151.28 - 208.87.151.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AE73404D-C14F-4E60-8050-13D4F7F56299}] => (Allow) C:\Users\SamSmith\AppData\Local\Temp\nsj7DF7.tmp\CnetInstaller-75754343.exe
FirewallRules: [{187D72EC-A97D-4BCC-B04F-D4B7C4034BD7}] => (Allow) C:\Users\SamSmith\AppData\Local\Temp\nsj7DF7.tmp\CnetInstaller-75754343.exe
FirewallRules: [{E0FC008E-9452-45CD-82F7-51391CE6802C}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{1C739B84-8339-47CF-8DAD-29EFDB748DAC}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{9D733A61-F9B5-4B06-AE89-17A076550F73}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{8FED473C-535A-457D-AFA4-AA93938FC8FD}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [TCP Query User{7025B930-095C-46C2-8201-D37BDB22871C}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [uDP Query User{F4DAD893-B744-4F5D-B0AC-8D939A4EC4B9}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [{60E998C1-F5B8-49F9-9944-7C5FD9A2FFFD}] => (Allow) LPort=7286
FirewallRules: [{0900A4E3-DAC4-4D05-B0CE-5194EF0823FF}] => (Allow) LPort=7286
FirewallRules: [TCP Query User{81422E87-6D10-4337-BDD4-17F05765B02C}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [uDP Query User{0EE14862-AFCA-486B-80AF-133CD2C559EA}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [{EB4B26BC-E6D7-43C8-8937-1B1CBF51CCDB}] => (Allow) C:\Users\SamSmith\AppData\Local\Temp\hma.exe
FirewallRules: [{D423283B-E929-4B3B-AE14-F27C589D74EF}] => (Allow) C:\Users\SamSmith\AppData\Local\Temp\hma.exe
FirewallRules: [{F3A8E8D9-EF7C-4FE4-A590-34E0AE5A9E52}] => (Allow) C:\Users\SamSmith\AppData\Local\Temp\hma.exe
FirewallRules: [{1B9900CD-6901-4D5A-828D-28E161ACB055}] => (Allow) C:\Users\SamSmith\AppData\Local\Temp\hma.exe
FirewallRules: [{DEE68C13-A5A2-4A5B-8AA8-8BCF9D07E617}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B8C5B76-0A18-451F-A12C-20A4308A5BDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{64F0C442-143A-4D12-8363-A1CE609E81E8}] => (Allow) LPort=7286
FirewallRules: [{D0386603-C3B8-45E9-ABA7-0212A3EBC059}] => (Allow) LPort=7286
FirewallRules: [TCP Query User{5C266122-29C0-4AC9-825D-DFC9FDB06C29}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{A296E03C-C2D6-4894-B270-69CD4E0E0A0F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8C10AAD8-751E-42DA-A8DC-0B122B861FA0}] => (Allow) LPort=7734
FirewallRules: [{CA6F0596-DA4F-48A6-8D65-EEAE167ECEC0}] => (Allow) LPort=7734
FirewallRules: [TCP Query User{1094CB79-ECAA-411B-9C1F-407E2D1E9E15}C:\program files (x86)\vivotek inc\installation wizard 2\iw2.exe] => (Allow) C:\program files (x86)\vivotek inc\installation wizard 2\iw2.exe
FirewallRules: [uDP Query User{D6957424-2591-47C4-BC05-AB9EB21C93E4}C:\program files (x86)\vivotek inc\installation wizard 2\iw2.exe] => (Allow) C:\program files (x86)\vivotek inc\installation wizard 2\iw2.exe
FirewallRules: [{5E3E6E66-F515-4308-975E-8FDAA8CA021C}] => (Block) C:\program files (x86)\vivotek inc\installation wizard 2\iw2.exe
FirewallRules: [{C4C8EC13-BC6F-469A-8EC4-D6B272D70C35}] => (Block) C:\program files (x86)\vivotek inc\installation wizard 2\iw2.exe
FirewallRules: [TCP Query User{82BBAF34-6298-4952-9E04-C396EC6A5D59}E:\calibrationtool.exe] => (Allow) E:\calibrationtool.exe
FirewallRules: [uDP Query User{7155284C-8563-439C-AE28-7EEE73627074}E:\calibrationtool.exe] => (Allow) E:\calibrationtool.exe
FirewallRules: [{C76DB1ED-3563-4F94-97D2-77DC21A07ED4}] => (Block) E:\calibrationtool.exe
FirewallRules: [{3E6C5291-D319-44F0-BCE1-9AF42E070956}] => (Block) E:\calibrationtool.exe
FirewallRules: [{14EA0FEF-9E55-4DC3-9396-6222FD21E28C}] => (Allow) LPort=9322
FirewallRules: [{42C1F92F-DA08-4CBD-8D39-249B7B13D46D}] => (Allow) LPort=5353
FirewallRules: [{7DADE874-B6E4-47C0-83EB-14F4C0890D88}] => (Allow) LPort=51001
FirewallRules: [{2418DFD8-8983-4CA9-A4B2-D32BE43F1329}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{4BE3641E-C284-4C4A-B6CE-BD4705A40A71}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{025F2E13-0D84-4211-91F1-C4A848965F3F}] => (Allow) C:\Program Files (x86)\MyNotesKeeper\MyNotesKeeper.exe
FirewallRules: [{C5251023-22ED-4141-AE2E-F3698196A5CA}] => (Allow) C:\Program Files (x86)\MyNotesKeeper\MyNotesKeeper.exe
FirewallRules: [{A69F2079-F2FF-42B2-9F4D-5E4F5B63576C}] => (Allow) C:\Program Files (x86)\MyNotesKeeper\MyNotesKeeper.exe
FirewallRules: [{8B1AA511-F4A0-46F3-B963-B086FAF88392}] => (Allow) C:\Program Files (x86)\MyNotesKeeper\MyNotesKeeper.exe
FirewallRules: [{92987F47-668A-419E-9473-D48B0093AED8}] => (Allow) C:\Downloads\My Notes Keeper v3.7 build 1921\mnk_setup.exe
FirewallRules: [{AF175516-A674-4F0D-B24B-786E5033CCF3}] => (Allow) C:\Downloads\My Notes Keeper v3.7 build 1921\mnk_setup.exe
FirewallRules: [{4D00C568-FE1D-4B0A-8A4B-B5BD133E6489}] => (Allow) C:\Downloads\My Notes Keeper v3.7 build 1921\mnk_setup.exe
FirewallRules: [{B71B8A50-6D9F-4AB0-9F6B-AACF7874A3C6}] => (Allow) C:\Downloads\My Notes Keeper v3.7 build 1921\mnk_setup.exe
FirewallRules: [{F70EF30E-4DE8-40F8-AB00-A4CD556DE6E7}] => (Allow) C:\Program Files (x86)\Garmin\Express\express.exe
FirewallRules: [{A1CB8A1F-380A-4EE4-9206-AD49F64B04DB}] => (Allow) C:\Program Files (x86)\Garmin\Express\express.exe
FirewallRules: [{6D2C665D-E1E9-462C-B142-D72E219FC2BC}] => (Allow) C:\Program Files (x86)\Garmin\Express\express.exe
FirewallRules: [{819B788F-D978-4A3F-AEC9-BD8840D32422}] => (Allow) C:\Program Files (x86)\Garmin\Express\express.exe
FirewallRules: [{CAB0FE9E-926E-4E21-BD7A-F90AD207B30A}] => (Allow) C:\Downloads\uTorrentPlus v3.4.2 Build 33023\uTorrent Plus v3.4.2 Build 33023 Stable\uTorrent Plus v3.4.2 Build 33023 Stable\uTorrent.exe
FirewallRules: [{479FC214-C14D-4F0E-901B-E5F08D829EF0}] => (Allow) C:\Downloads\uTorrentPlus v3.4.2 Build 33023\uTorrent Plus v3.4.2 Build 33023 Stable\uTorrent Plus v3.4.2 Build 33023 Stable\uTorrent.exe
FirewallRules: [TCP Query User{D8DF2988-BB44-4D36-8E94-0BB61E2D36CB}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [uDP Query User{5739479A-6B23-41DF-B357-3A1B425E26C1}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [{DED77DED-E113-47E2-8ADA-9585BBF710F1}] => (Block) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [{7ECFE40E-5E07-44C8-9EF6-988C007D5F76}] => (Block) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe
FirewallRules: [{6BEB0F0A-A401-47AC-8880-0394875755C1}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{2E5FE1B5-191F-4CED-8E81-C53A86254E86}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{5175DDCB-DDD3-44D0-8D20-E1CDA243B8F4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{49ADBBE2-56A9-4D9F-B4C6-0127DA634D9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{970073D3-E5D8-4A51-9B38-AC758F0DAD42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE8B97F5-DF31-492A-B114-6ECFFA186D0F}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe
FirewallRules: [{B4C4CBA9-8E77-4D90-BF56-6671DFDA6480}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe
FirewallRules: [{7B07C6C5-0726-4040-9DD1-05EC7F933503}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe
FirewallRules: [{7CC88540-9B99-4BAE-98A0-6F7BBF442C7C}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe
FirewallRules: [{CA4A23BB-6CAD-4DE6-BAD8-EC0278D00786}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe
FirewallRules: [{F8A18C87-9351-42DC-B751-DF473010F534}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe
FirewallRules: [{88ED3E7B-6826-43B0-A572-B503650E5916}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelPP.exe
FirewallRules: [{629EC2DF-3F26-4974-B292-03F4E668F760}] => (Block) c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Programs\CorelDrw.exe
FirewallRules: [{4E3E5C37-C642-497F-B5C7-E71E48B52FC1}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{B9778E88-B28B-4667-9933-483C772E92EB}] => (Block) %ProgramFiles%\Corel\Corel PaintShop Pro X8 (64-bit)\Corel PaintShop Pro.exe
FirewallRules: [{0C90FDAC-8901-4B03-9E30-423586EDDCA2}] => (Block) %ProgramFiles%\Common Files\Protexis\License Service\PsiService_2.exe
FirewallRules: [{E88F0967-CB7A-4119-8070-790B7488748C}] => (Block) %ProgramFiles% (x86)\Common Files\Protexis\License Service\PsiService_2.exe
FirewallRules: [{80F6E8BF-A19A-46D6-B8F7-FAF8068F70CF}] => (Allow) C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{7376631F-B72C-4B63-B9F2-A515F7845C30}] => (Block) %ProgramFiles%\Corel\Corel PaintShop Pro X8 (64-bit)\Corel PaintShop Pro.exe
FirewallRules: [{031EB82A-64CE-4956-A57C-A9A8EB83C38E}] => (Block) %ProgramFiles%\Corel\Corel PaintShop Pro X8 (64-bit)\PUA.EXE
FirewallRules: [{7EAA3437-5F7C-49FA-92FA-F6AFE59A8F57}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D5C93153-1CFF-455E-A76A-C915CB2777FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3A0A97E1-8F07-44B4-AE64-5ACB5A4BB82C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E487727A-2862-4FC5-B7A6-BC5DDBC04126}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ED902A24-6B52-4489-A67F-330F22DC57F4}] => (Allow) C:\Program Files\Acrylic Wi-Fi Free\Acrylic.exe
FirewallRules: [{217F6F6B-4948-461B-9711-2F016F44413D}] => (Allow) C:\Program Files\Acrylic Wi-Fi Free\Acrylic.exe
FirewallRules: [{3EE5276E-5241-49AF-9268-F6117110654E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{A4CEC470-3A37-4C5F-AC15-48E39F584A21}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{EF1ACE38-7FED-4B0F-B063-9603291306F3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{6F471C6E-888C-4BA7-907E-1E894E4675E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{529D45CE-C97F-441F-9296-C5DFCD95C2F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D9DBF890-BD76-490E-B8B6-3C76E086F3CB}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
FirewallRules: [{8E22DF00-E36B-4BA2-B43B-32825600B428}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{FF9901DD-EA17-42BD-8BC3-5AA6F336EE58}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{7E605028-A586-4022-8203-3AC90F749EF2}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe
FirewallRules: [{0F9D1E38-854F-4B79-BD0C-74942B2C70AD}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
==================== Restore Points =========================
03-05-2016 14:09:07 PC Pitstop Restore Point
03-05-2016 16:48:51 Removed Free DWG Viewer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/05/2016 09:58:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 04:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: snagiteditor.exe, version: 11.2.0.102, time stamp: 0x514b193c
Faulting module name: Wintab32.dll_unloaded, version: 0.0.0.0, time stamp: 0x52d41173
Exception code: 0xc0000005
Fault offset: 0x6a22a880
Faulting process id: 0xd48
Faulting application start time: 0xsnagiteditor.exe0
Faulting application path: snagiteditor.exe1
Faulting module path: snagiteditor.exe2
Report Id: snagiteditor.exe3
Error: (05/04/2016 04:06:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: snagiteditor.exe, version: 11.2.0.102, time stamp: 0x514b193c
Faulting module name: Wintab32.dll_unloaded, version: 0.0.0.0, time stamp: 0x52d41173
Exception code: 0xc0000005
Fault offset: 0x6a22a880
Faulting process id: 0x1110
Faulting application start time: 0xsnagiteditor.exe0
Faulting application path: snagiteditor.exe1
Faulting module path: snagiteditor.exe2
Report Id: snagiteditor.exe3
Error: (05/04/2016 04:03:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: snagiteditor.exe, version: 11.2.0.102, time stamp: 0x514b193c
Faulting module name: Wintab32.dll_unloaded, version: 0.0.0.0, time stamp: 0x52d41173
Exception code: 0xc0000005
Fault offset: 0x6a22a880
Faulting process id: 0x974
Faulting application start time: 0xsnagiteditor.exe0
Faulting application path: snagiteditor.exe1
Faulting module path: snagiteditor.exe2
Report Id: snagiteditor.exe3
Error: (05/04/2016 03:03:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 02:51:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 02:45:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 02:17:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 01:39:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2016 01:19:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/05/2016 10:13:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/05/2016 10:11:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/05/2016 09:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (05/05/2016 09:57:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESET Service service failed to start due to the following error:
%%2
Error: (05/05/2016 09:27:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/05/2016 09:26:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PCPitstop Scheduling service terminated unexpectedly. It has done this 1 time(s).
Error: (05/05/2016 09:26:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PCPitstop Realtime service terminated unexpectedly. It has done this 1 time(s).
Error: (05/04/2016 03:03:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (05/04/2016 03:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESET Service service failed to start due to the following error:
%%2
Error: (05/04/2016 02:51:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
==================== Memory info ===========================
Processor: Intel® Core i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16077.87 MB
Available physical RAM: 11871.66 MB
Total Virtual: 32153.93 MB
Available Virtual: 28756.14 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:761.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Sam's Old System Harddrive) (Fixed) (Total:186.3 GB) (Free:17.48 GB) NTFS
Drive k: (Elements) (Fixed) (Total:2794.52 GB) (Free:2128.19 GB) NTFS
Drive l: (IOMEGA - Woodworking) (Fixed) (Total:931.51 GB) (Free:650.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C188577D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 05C205C1)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0BFF6C1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 8.
==================== End of Addition.txt ============================
Link to comment
Share on other sites

Please go to add/remove programs, uninstall or delete

Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION

SystemText (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{11efa764}) (Version: - Software Publisher) <==== ATTENTION

 

 

Running from C:\1 Malware Removal\Farbar Recovery Scan Tool (FRST) Scan

 

It's best we move Farbar's to desktop.

 

Please go to C:\1 Malware Removal\Farbar Recovery Scan Tool (FRST) Scan, locate Farbar Recovery Scan Tool, right click and select CUT

Go to an open spot on your desktop, right click and select PASTE

You should now have Farbar Recovery Scan Tool on your desktop.

 

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

 

FRSTfix.JPG

 

 

start

CreateRestorePoint:

CloseProcesses:

HKLM-x32\...\Run: [sT7501] => [X]

HKLM-x32\...\Run: [VAST] => [X]

GroupPolicyScripts: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggReAwKWFoXExhHdlpZTA0XEwAOeAkNURRDEA0QcAsPVVhEEgwFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlE8TkdGC1dXFg==

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsAVAtIQlMRbV0OAlhcFVMRdRQAUQxBDAcSeAoIUw5FQAAQeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}

SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsAVAtIQlMRbV0OAlhcFVMRdRQAUQxBDAcSeAoIUw5FQAAQeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}

SearchScopes: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> OldSearch URL =

SearchScopes: HKU\S-1-5-21-159066257-559054521-1285519716-1000 -> {7DCD7CD8-CD00-4580-8627-4E069C70832C} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQsAVAtIQlMRbV0OAlhcFVMRdRQAUQxBDAcSeAoIUw5FQAAQeR9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}

BHO: uuniisaalees -> {034323c1-ad9b-46ca-9bb3-8de4da6b880c} -> C:\Program Files (x86)\uuniisaalees\VzYAPexaeNj53N.x64.dll => No File

BHO: youtubeadblocker -> {bde54070-7cb3-4fd6-942d-bc26c2b6b37c} -> C:\Program Files (x86)\youtubeadblocker\m0A1s7OFWFngSV.x64.dll => No File

CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

CustomCLSID: HKU\S-1-5-21-159066257-559054521-1285519716-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SamSmith\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

CustomCLSID: HKU\S-1-5-21-159066257-559054521-1285519716-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll => No File

Task: {2A6ECD4B-D538-4CF7-9A80-6479088891FF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION

Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION

ask: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION

Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

Task: {FE5E9A09-6BAB-4555-8CAE-E4969402B784} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION

ShortcutWithArgument: C:\Users\SamSmith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1461028529&a=1046500&src=sh&uuid=50bef2a0-8f0e-49de-8694-cc9f0df73acd"

ShortcutWithArgument: C:\Users\Public\Desktop\Paragon Hard Disk Manager 15 Premium.lnk -> C:\Program Files\Paragon Software\Hard Disk Manager 15 Premium\program\launcher.exe (Paragon Software Group) -> "hxxp://trustedsurf.com/?ssid=1461028529&a=1046500&src=sh&uuid=50bef2a0-8f0e-49de-8694-cc9f0df73acd"

AlternateDataStreams: C:\Windows:nlsPreferences [386]

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [169]

AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [229]

AlternateDataStreams: C:\ProgramData\TEMP:B4AF47A7 [115]

FirewallRules: [{D9DBF890-BD76-490E-B8B6-3C76E086F3CB}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

CMD: bitsadmin /reset /allusers

EmptyTemp:

Hosts:

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

 

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

End

Open FRST/FRST64 and press the > Fix < button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Post this log when finished and also give me an update on how the computer is now.

Edited by Juliet
Link to comment
Share on other sites

Quote: "Open FRST/FRST64 and press the > Fix < button just once and wait."

 

After I completed the above, my computer would and will not access the internet....

 

I tried to do a Restore and it said there are no restore points....

 

I am posting this from another computer as I cannot connect to the internet on SamSmith computer....

Link to comment
Share on other sites

Try these suggestions one at a time till you see which one works.

 

 

Please click the Microsoft Orb button, type inetcpl.cpl in the box.

A window will open, Click the Connections tab then click the LAN settings option.

Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.

Now check if the internet is working again.

 

OR

Click the Start menu and enter cmd into the Search field. Right click on Command Prompt and select Run As Administrator.

A dos Window will appear.

Type in the dos window: netsh winsock reset

Click on the enter key.

Then click on exit

 

Reboot your system to complete the process.

~~~~~~~~~~~~~~~~~~~~`

Click the Start menu and enter cmd into the Search field. Right click on Command Prompt and select Run As Administrator.

 

type

"ipconfig/release" enter

"ipconfig/renew""enter

 

reboot

~~~~~~~~~~~~~~~~~~~~~~~

If needed : type these in one line at a time, press enter after each line. See if it works after each.

 

Go to Start ... Run and type in cmd

netsh interface ipv4 reset

netsh interface ipv6 reset

ipconfig /flushdns

 

reboot

~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

Open command prompt as administrator and type these commands in and hit enter after each

ipconfig/flushdns

nbtstat -R

nbtstat -RR

netsh int ip reset c:\resetlog.txt

netsh winsock reset

 

 

 

http://www.pcworld.com/article/245506/how_to_fix_your_windows_7_network.html

Link to comment
Share on other sites

Tried all of the above and still can't access the internet....

 

Not sure if this will help, when I did:

~~~~~~~~~~~~~~~~~~~~`
Click the Start menu and enter cmd into the Search field. Right click on Command Prompt and select Run As Administrator.

type
"ipconfig/release" enter
"ipconfig/renew""enter

reboot
~~~~~~~~~~~~~~~~~~~~~~~

I got the following error message:

"No operation can be performed on Local Area Connection while it has its media disconnected"

Link to comment
Share on other sites

When you ran FRST it was to create a restore point then.

~~~`

try this

 

Click on Start and type cmd (without the quotations).

 

Right Click on the cmd icon and select Run as Administrator.

 

Now, copy and paste the commands one by one and hit Enter after each command

 

netsh winsock reset

 

netsh winsock reset catalog

 

netsh int ip stop

 

netsh int ip start

 

 

Restart the computer and check.

 

~~~~~~~~~~~~

The below might help if you connect by proxy

How to reset your Internet Explorer proxy settings.

https://support.microsoft.com/en-us/kb/2289942

 

~~~~~~~~~~~~~~~~~~~`

Do you have an USB we can use to transfer over a tool>

 

This repair may take some hours !!!

 

Tweaking.com - Windows Repair All-In-One (Portable)

 

- Download Windows Repair All-In-One (Portable Version) from here.

 

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

 

- Disable all your antivirus and antimalware software - see how to do that here.

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.

(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

 

- A window will appear. Click Step 2.

2f8o60N.png

 

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

 

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

 

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

 

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.

Ymy7crZ.png

 

- Go to Step 4, then click Do It.

zDtdN75.png

 

- Go to Step 5. Under System Restore click Create.

f7lEe1N.png

 

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.

PGv2vtD.png

 

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...