Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Possible Malware/Spyware HELP

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Tue May 10, 2016 5:22 pm    Post subject: Possible Malware/Spyware HELP Reply with quote

Everytime I get online, popups pretty much ravage all internet browsers.


On top of that, Steam gets popups all over from this issue, making it difficult to use steam store, let alone wanna deal with steam from it. it looks like it says DNSUnlocker, but I thought I got rid of it. Popups still exist though.

This issue is also causing what looks like command prompt to pop up randomly.

It affects my pc gaming as well as internet browsing.

Please help! System is Windows 8 on Asus desktop.

Logs Below!
=====================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by Claire (administrator) on CLAIRE_PC (10-05-2016 18:29:25)
Running from C:\Users\Claire\AppData\Local\Microsoft\Windows\INetCache\IE\7T8V6Y95
Loaded Profiles: Claire (Available Profiles: Claire)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Easy Update] => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [195200 2012-05-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Claire\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2695584637-112437835-466709805-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
Startup: C:\Users\Claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2015-08-06]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\WINDOWS\system32\iavlsp.dll No File
Winsock: Catalog9 02 C:\WINDOWS\system32\iavlsp.dll No File
Winsock: Catalog9 13 C:\WINDOWS\system32\iavlsp.dll No File
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\iavlsp64.dll [160256 2016-02-19] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\iavlsp64.dll [160256 2016-02-19] ()
Winsock: Catalog9-x64 13 C:\WINDOWS\system32\iavlsp64.dll [160256 2016-02-19] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytC0D0F0CtA0CtDyDtDtBtN0D0Tzu0CyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=303096300&ir=
HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE09&ocid=UE09DHP
SearchScopes: HKLM-x32 -> DefaultScope {67F70AB0-E858-4EBB-99F0-F43C39C4CD09} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-05-20] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-06-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2695584637-112437835-466709805-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-05-20] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll [2014-05-01] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-12-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-30] (Pando Networks)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2695584637-112437835-466709805-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-30] (Pando Networks)
FF Extension: MEGA - C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default\Extensions\firefox@mega.co.nz.xpi [2016-05-05]
FF Extension: Adblock Plus - C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-05]
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta338.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta338\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home330.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home330\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release6154.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6154\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha4997.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4997\ff => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-23] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\Claire\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx <not found>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Claire\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx <not found>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Claire\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\Claire\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Claire\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iemhklfiepgflchbeipcikpolbejimkg] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4997\ch\TrustMediaViewerV1alpha4997.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iihjchgmcoiehidideijplniggkdhbpp] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6154\ch\RichMediaViewV1release6154.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lijaobiefjnhiedbnihhkadnhpfbocml] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home330\ch\MediaWatchV1home330.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Claire\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pcooclmapipehomcphbpkgcjhbfofgnk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta338\ch\VideoPlayerV3beta338.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-17] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-05-01] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-01] (AVG Technologies)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-07-14] (LogMeIn Inc.)
S3 MarvinBus; C:\Windows\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] () [File not signed]
R1 RawDisk3; C:\WINDOWS\system32\drivers\rawdsk3.sys [41576 2016-02-19] (EldoS Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XENfiltv; C:\Windows\system32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-10 18:29 - 2016-05-10 18:29 - 00000000 ____D C:\FRST
2016-05-10 18:17 - 2016-05-10 18:17 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FC04321-AA1D-4ED2-904E-F52B684737FF}
2016-05-10 16:06 - 2016-04-10 00:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 16:06 - 2016-04-10 00:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 16:06 - 2016-04-09 21:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 16:06 - 2016-04-09 15:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 16:06 - 2016-03-15 18:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-10 16:06 - 2016-03-15 18:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-10 16:06 - 2016-03-14 09:50 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-10 16:06 - 2016-03-11 17:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-10 16:06 - 2016-03-11 17:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-10 16:06 - 2016-03-11 17:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-10 16:06 - 2016-03-10 09:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-10 16:06 - 2016-03-10 09:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-10 16:06 - 2016-03-10 09:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-10 16:06 - 2016-03-05 10:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 16:06 - 2016-03-05 10:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 16:06 - 2016-02-27 11:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-10 16:06 - 2016-02-27 10:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-10 16:06 - 2016-02-27 10:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-10 16:06 - 2016-02-27 09:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-10 16:05 - 2016-04-10 23:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-10 16:05 - 2016-04-09 22:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 16:05 - 2016-04-09 16:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-10 01:19 - 2016-05-10 01:19 - 00000000 ____D C:\ProgramData\4242c533-6753-1
2016-05-10 01:19 - 2016-05-10 01:19 - 00000000 ____D C:\ProgramData\4242c533-6353-0
2016-05-09 19:19 - 2016-05-09 19:19 - 00000000 ____D C:\ProgramData\4242c533-2051-0
2016-05-09 19:19 - 2016-05-09 19:19 - 00000000 ____D C:\ProgramData\4242c533-1a15-1
2016-05-08 19:19 - 2016-05-08 19:19 - 00000000 ____D C:\ProgramData\4242c533-6c81-1
2016-05-08 19:19 - 2016-05-08 19:19 - 00000000 ____D C:\ProgramData\4242c533-0a91-0
2016-05-08 01:19 - 2016-05-08 01:19 - 00000000 ____D C:\ProgramData\4242c533-5663-1
2016-05-08 01:19 - 2016-05-08 01:19 - 00000000 ____D C:\ProgramData\4242c533-2c71-0
2016-05-07 19:19 - 2016-05-07 19:19 - 00000000 ____D C:\ProgramData\4242c533-6513-0
2016-05-07 19:19 - 2016-05-07 19:19 - 00000000 ____D C:\ProgramData\4242c533-1f77-1
2016-05-07 18:16 - 2016-05-08 05:32 - 00000000 ____D C:\Users\Claire\AppData\Local\dxhr
2016-05-07 18:15 - 2016-05-07 18:15 - 00000000 ____D C:\Users\Claire\AppData\Local\238010
2016-05-07 01:19 - 2016-05-07 01:19 - 00000000 ____D C:\ProgramData\4242c533-6b91-1
2016-05-07 01:19 - 2016-05-07 01:19 - 00000000 ____D C:\ProgramData\4242c533-1355-0
2016-05-06 05:46 - 2016-05-10 18:13 - 00000408 _____ C:\WINDOWS\SysWOW64\iolo.ini
2016-05-06 05:46 - 2016-05-10 18:13 - 00000408 _____ C:\WINDOWS\system32\iolo.ini
2016-05-06 01:19 - 2016-05-06 01:19 - 00000000 ____D C:\ProgramData\4242c533-7093-0
2016-05-06 01:19 - 2016-05-06 01:19 - 00000000 ____D C:\ProgramData\4242c533-0d31-1
2016-05-05 20:22 - 2016-05-05 20:22 - 00000406 _____ C:\WINDOWS\system32\ioloBootDefrag.cfg
2016-05-05 20:21 - 2016-05-10 18:13 - 00000392 _____ C:\WINDOWS\SysWOW64\iolo.ini.txt
2016-05-05 20:19 - 2016-05-05 20:19 - 00000000 ____D C:\ProgramData\Commtouch
2016-05-05 20:19 - 2016-05-05 20:19 - 00000000 ____D C:\Program Files\Common Files\Commtouch
2016-05-05 20:19 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\ampse.sys
2016-05-05 20:19 - 2014-03-25 15:59 - 00174856 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\amp.sys
2016-05-05 20:18 - 2016-05-05 20:18 - 00003144 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor
2016-05-05 20:18 - 2016-05-05 20:18 - 00001504 _____ C:\Users\Public\Desktop\System Mechanic Professional.lnk
2016-05-05 20:18 - 2016-05-05 20:18 - 00000000 ____D C:\Users\Claire\AppData\Roaming\ioloGovernor
2016-05-05 20:18 - 2016-05-05 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2016-05-05 20:18 - 2016-05-05 20:18 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-05-05 20:18 - 2016-05-05 20:18 - 00000000 ____D C:\Program Files (x86)\iolo
2016-05-05 20:18 - 2016-02-19 07:30 - 00066392 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iolobtdfg.exe
2016-05-05 20:18 - 2016-02-19 07:30 - 00034736 _____ (iolo technologies, LLC) C:\WINDOWS\system32\smrgdf.exe
2016-05-05 20:18 - 2016-02-19 07:20 - 02182248 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll
2016-05-05 20:18 - 2016-02-19 07:20 - 02123552 _____ (iolo technologies, LLC) C:\WINDOWS\SysWOW64\Incinerator32.dll
2016-05-05 20:18 - 2016-02-19 07:15 - 00160256 _____ C:\WINDOWS\system32\iavlsp64.dll
2016-05-05 20:18 - 2016-02-19 07:15 - 00118784 _____ (iolo technologies, LLC) C:\WINDOWS\SysWOW64\iavlsp.dll
2016-05-05 20:17 - 2016-05-05 20:17 - 00074703 _____ C:\WINDOWS\SysWOW64\mfc45.dat
2016-05-05 20:17 - 2016-05-05 20:16 - 104079312 _____ C:\Users\Claire\Desktop\SystemMechanicPro.exe
2016-05-05 20:17 - 2016-02-19 07:17 - 00041576 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rawdsk3.sys
2016-05-05 20:14 - 2016-05-10 02:32 - 00000000 ____D C:\ProgramData\iolo
2016-05-05 20:14 - 2016-05-10 02:30 - 00000000 ____D C:\Users\Claire\AppData\Roaming\iolo
2016-05-05 20:14 - 2016-05-05 20:14 - 00426352 _____ C:\Users\Claire\Downloads\smpro_dm.exe
2016-05-05 19:34 - 2016-05-05 20:02 - 00000000 ____D C:\Users\Claire\AppData\Local\Steam
2016-05-05 19:19 - 2016-05-05 19:30 - 00000000 ____D C:\ProgramData\4242c533-63a7-1
2016-05-05 19:19 - 2016-05-05 19:30 - 00000000 ____D C:\ProgramData\4242c533-2e27-0
2016-05-05 06:30 - 2016-05-05 06:30 - 00000000 ____D C:\Users\Claire\Documents\Idea Factory
2016-05-02 01:19 - 2016-05-02 01:19 - 00000000 ____D C:\ProgramData\4242c533-3395-0
2016-05-02 01:19 - 2016-05-02 01:19 - 00000000 ____D C:\ProgramData\4242c533-1785-1
2016-05-01 01:19 - 2016-05-01 01:19 - 00000000 ____D C:\ProgramData\4242c533-6cf1-0
2016-05-01 01:19 - 2016-05-01 01:19 - 00000000 ____D C:\ProgramData\4242c533-6ae5-1
2016-04-30 01:19 - 2016-04-30 01:19 - 00000000 ____D C:\ProgramData\4242c533-7201-1
2016-04-30 01:19 - 2016-04-30 01:19 - 00000000 ____D C:\ProgramData\4242c533-4e67-0
2016-04-29 01:19 - 2016-04-29 01:19 - 00000000 ____D C:\ProgramData\4242c533-7e41-1
2016-04-29 01:19 - 2016-04-29 01:19 - 00000000 ____D C:\ProgramData\4242c533-3735-0
2016-04-28 01:19 - 2016-04-28 01:19 - 00000000 ____D C:\ProgramData\4242c533-4dc1-0
2016-04-28 01:19 - 2016-04-28 01:19 - 00000000 ____D C:\ProgramData\4242c533-3e23-1
2016-04-27 01:19 - 2016-04-27 01:19 - 00000000 ____D C:\ProgramData\4242c533-5c85-0
2016-04-27 01:19 - 2016-04-27 01:19 - 00000000 ____D C:\ProgramData\4242c533-13e3-1
2016-04-26 01:19 - 2016-04-26 01:19 - 00000000 ____D C:\ProgramData\4242c533-6f81-1
2016-04-26 01:19 - 2016-04-26 01:19 - 00000000 ____D C:\ProgramData\4242c533-4415-0
2016-04-25 01:19 - 2016-04-25 01:20 - 00000000 ____D C:\ProgramData\4242c533-34c1-1
2016-04-25 01:19 - 2016-04-25 01:20 - 00000000 ____D C:\ProgramData\4242c533-07d1-0
2016-04-24 01:19 - 2016-04-24 01:19 - 00000000 ____D C:\ProgramData\4242c533-7fc3-1
2016-04-24 01:19 - 2016-04-24 01:19 - 00000000 ____D C:\ProgramData\4242c533-3971-0
2016-04-20 19:19 - 2016-04-20 19:19 - 00000000 ____D C:\ProgramData\4242c533-7585-0
2016-04-20 19:19 - 2016-04-20 19:19 - 00000000 ____D C:\ProgramData\4242c533-2b75-1
2016-04-19 01:19 - 2016-04-19 01:19 - 00000000 ____D C:\ProgramData\4242c533-6977-0
2016-04-19 01:19 - 2016-04-19 01:19 - 00000000 ____D C:\ProgramData\4242c533-3193-1
2016-04-18 01:19 - 2016-04-18 01:19 - 00000000 ____D C:\ProgramData\4242c533-46f1-1
2016-04-18 01:19 - 2016-04-18 01:19 - 00000000 ____D C:\ProgramData\4242c533-19d3-0
2016-04-17 01:19 - 2016-04-17 01:19 - 00000000 ____D C:\ProgramData\4242c533-7a91-1
2016-04-17 01:19 - 2016-04-17 01:19 - 00000000 ____D C:\ProgramData\4242c533-1485-0
2016-04-16 01:19 - 2016-04-16 01:19 - 00000000 ____D C:\ProgramData\4242c533-4d75-1
2016-04-16 01:19 - 2016-04-16 01:19 - 00000000 ____D C:\ProgramData\4242c533-1995-0
2016-04-15 01:19 - 2016-04-15 01:19 - 00000000 ____D C:\ProgramData\4242c533-5f71-1
2016-04-15 01:19 - 2016-04-15 01:19 - 00000000 ____D C:\ProgramData\4242c533-4b55-0
2016-04-14 23:42 - 2016-05-10 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-13 13:19 - 2016-04-13 21:54 - 00000000 ____D C:\ProgramData\4242c533-66b3-0
2016-04-13 13:19 - 2016-04-13 13:20 - 00000000 ____D C:\ProgramData\4242c533-1373-1
2016-04-12 19:19 - 2016-04-12 19:19 - 00000000 ____D C:\ProgramData\4242c533-61b7-1
2016-04-12 19:19 - 2016-04-12 19:19 - 00000000 ____D C:\ProgramData\4242c533-56f5-0
2016-04-12 17:13 - 2016-03-30 17:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 17:13 - 2016-03-30 17:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-12 17:13 - 2016-03-30 17:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-12 17:13 - 2016-03-30 17:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-12 17:13 - 2016-03-30 17:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-12 17:13 - 2016-03-30 17:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 17:13 - 2016-03-30 16:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-12 17:13 - 2016-03-30 16:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-12 17:13 - 2016-03-30 16:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-12 17:13 - 2016-03-30 16:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-12 17:13 - 2016-03-30 16:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-12 17:13 - 2016-03-30 16:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-12 17:13 - 2016-03-30 16:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-12 17:13 - 2016-03-30 16:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-12 17:13 - 2016-03-30 16:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-12 17:13 - 2016-03-30 16:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-12 17:13 - 2016-03-30 16:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-12 17:13 - 2016-03-30 16:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-12 17:13 - 2016-03-30 16:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 17:13 - 2016-03-30 16:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-12 17:13 - 2016-03-30 16:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 17:13 - 2016-03-30 16:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-12 17:13 - 2016-03-30 16:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-12 17:13 - 2016-03-30 16:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-12 17:13 - 2016-03-30 16:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-12 17:13 - 2016-03-30 16:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-12 17:13 - 2016-03-30 16:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-12 17:13 - 2016-03-30 16:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-12 17:13 - 2016-03-30 16:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 17:13 - 2016-03-30 16:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 17:13 - 2016-03-30 16:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-12 17:13 - 2016-03-30 16:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 17:13 - 2016-03-30 16:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 17:13 - 2016-03-30 16:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-12 17:13 - 2016-02-02 11:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-12 17:12 - 2016-04-03 23:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-12 17:12 - 2016-04-02 06:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-12 17:12 - 2016-04-02 06:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-12 17:12 - 2016-03-28 06:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-12 17:12 - 2016-03-28 06:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-12 17:12 - 2016-03-28 06:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-12 17:12 - 2016-03-28 06:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-12 17:12 - 2016-03-28 06:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-12 17:12 - 2016-03-15 16:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 17:12 - 2016-03-15 07:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 17:12 - 2016-03-11 07:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 17:12 - 2016-03-10 11:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-12 17:12 - 2016-03-10 11:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-12 17:12 - 2016-03-10 11:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-12 17:12 - 2016-03-10 10:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-12 17:12 - 2016-03-10 10:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-12 17:12 - 2016-03-10 10:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 17:12 - 2016-03-10 09:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 17:12 - 2016-03-03 09:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 17:12 - 2016-03-03 09:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 17:12 - 2016-03-02 18:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-12 17:12 - 2016-03-02 18:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-12 17:12 - 2016-02-08 18:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-12 17:12 - 2016-02-08 10:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 17:12 - 2016-02-08 09:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-12 17:12 - 2016-02-05 07:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-12 17:12 - 2016-02-03 08:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-12 17:12 - 2016-02-02 10:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-12 17:12 - 2016-02-02 10:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-12 17:12 - 2016-02-02 10:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-12 17:12 - 2016-02-02 09:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-12 17:12 - 2016-02-02 09:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-12 17:12 - 2016-02-02 09:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-12 17:12 - 2016-02-02 09:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-12 17:12 - 2016-02-02 09:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-12 17:12 - 2016-01-27 08:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-12 17:12 - 2016-01-21 12:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-12 17:12 - 2016-01-21 11:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-12 17:11 - 2016-02-08 18:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-12 17:11 - 2016-02-08 18:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-12 17:11 - 2016-02-08 18:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-12 17:11 - 2016-02-08 18:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 17:11 - 2016-02-08 13:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-12 17:11 - 2016-02-08 13:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-12 17:11 - 2016-02-08 13:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-12 17:11 - 2016-02-08 12:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 17:11 - 2016-02-08 12:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-12 17:11 - 2016-02-08 12:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-12 17:11 - 2016-02-08 12:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-12 17:11 - 2016-02-08 12:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-12 17:11 - 2016-02-08 12:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-12 17:11 - 2016-02-08 12:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-12 17:11 - 2016-02-08 12:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-12 17:11 - 2016-02-08 11:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-12 17:11 - 2016-02-08 10:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-12 17:11 - 2016-02-08 10:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-12 17:11 - 2016-02-08 10:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-12 17:11 - 2016-02-08 10:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-12 17:11 - 2016-02-08 09:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-12 17:11 - 2016-02-08 09:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-12 17:11 - 2016-02-08 09:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 17:11 - 2016-02-08 09:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-12 17:11 - 2016-02-08 09:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-12 17:11 - 2016-02-08 09:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-12 17:11 - 2016-02-08 09:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-12 17:11 - 2016-02-08 09:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 17:11 - 2016-02-03 08:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-12 17:11 - 2016-02-02 10:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-12 17:11 - 2014-11-07 19:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-12 17:11 - 2014-11-07 19:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-12 17:10 - 2016-03-10 12:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 17:10 - 2016-03-10 12:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 17:10 - 2016-03-10 12:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 17:10 - 2016-03-10 12:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 17:10 - 2016-03-10 12:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 17:10 - 2016-03-10 12:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-12 17:10 - 2016-03-10 10:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-12 17:10 - 2016-03-10 10:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 17:10 - 2016-03-10 09:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 17:10 - 2016-03-10 09:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 17:10 - 2016-03-03 09:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 17:10 - 2016-02-06 16:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-12 17:10 - 2016-02-05 12:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-12 17:10 - 2016-02-05 08:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 17:10 - 2016-02-05 08:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 17:10 - 2016-02-05 08:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 17:10 - 2016-02-05 08:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 17:10 - 2016-02-04 11:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-12 17:10 - 2016-02-04 10:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-12 17:10 - 2016-02-04 09:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-12 17:10 - 2016-02-04 09:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-12 17:10 - 2016-02-02 10:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-12 17:10 - 2016-01-31 10:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-12 17:10 - 2016-01-26 12:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-12 17:10 - 2016-01-21 22:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-12 17:10 - 2016-01-21 22:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-12 17:10 - 2016-01-20 15:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-10 18:21 - 2013-04-17 15:41 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2695584637-112437835-466709805-1001
2016-05-10 18:17 - 2014-09-24 00:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-10 18:17 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-10 18:16 - 2015-01-10 01:52 - 00000000 __RDO C:\Users\Claire\OneDrive
2016-05-10 18:12 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-10 18:12 - 2013-08-22 07:44 - 02566464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-10 18:08 - 2013-08-05 09:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-10 18:01 - 2013-04-18 17:22 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 18:01 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-10 17:53 - 2016-03-28 21:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-10 17:47 - 2013-04-17 15:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-10 17:36 - 2013-04-29 19:30 - 00000000 ____D C:\ProgramData\Skype
2016-05-08 16:27 - 2014-10-17 17:30 - 00000000 ____D C:\Users\Claire
2016-05-07 18:18 - 2015-05-03 03:30 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-07 18:18 - 2015-05-03 03:30 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-07 18:18 - 2014-12-24 18:39 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-06 05:24 - 2016-02-27 19:14 - 00000000 ____D C:\ProgramData\{2aff896a-512c-0}
2016-05-06 05:24 - 2016-02-27 19:14 - 00000000 ____D C:\ProgramData\{0b7df002-312c-1}
2016-05-06 05:24 - 2016-02-27 19:14 - 00000000 ____D C:\ProgramData\{05894879-212c-0}
2016-05-06 05:24 - 2016-01-09 13:33 - 00000000 __SHD C:\found.000
2016-05-06 05:24 - 2015-12-22 22:47 - 00000000 ____D C:\Users\Claire\Downloads\Download Prog
2016-05-06 05:24 - 2015-11-17 18:51 - 00000000 ____D C:\Users\Claire\AppData\Local\Fallout4
2016-05-06 05:24 - 2013-10-05 03:04 - 00000000 ____D C:\Users\Claire\AppData\Local\Akamai
2016-05-06 05:24 - 2013-05-11 22:13 - 00000000 ____D C:\Users\Claire\AppData\Roaming\uTorrent
2016-05-06 02:56 - 2013-07-01 16:33 - 00000000 ____D C:\Users\Claire\AppData\Local\Windows Live
2016-05-05 20:37 - 2013-08-22 08:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-05 20:37 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-05-05 20:18 - 2013-08-22 08:36 - 00000000 __RSD C:\WINDOWS\Media
2016-05-03 23:17 - 2013-04-29 19:31 - 00000000 ____D C:\Users\Claire\AppData\Roaming\Skype
2016-05-02 18:15 - 2016-03-19 16:10 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-02 18:15 - 2016-03-19 16:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-30 00:33 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-30 00:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-22 00:57 - 2013-04-21 18:58 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-19 03:25 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-15 20:34 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-02-09 00:32 - 2015-02-09 00:32 - 0000020 _____ () C:\Users\Claire\AppData\Roaming\appdataFr3.bin
2015-12-13 16:00 - 2015-12-13 16:01 - 0001259 _____ () C:\Users\Claire\AppData\Roaming\Bubble Dock.boostrap.log
2015-12-13 16:00 - 2015-12-13 16:01 - 0005719 _____ () C:\Users\Claire\AppData\Roaming\Bubble Dock.installation.log
2013-08-07 19:24 - 2013-08-07 19:24 - 0000196 _____ () C:\Users\Claire\AppData\Roaming\CLAIRE_PC.MTBF.txt
2015-12-13 16:00 - 2015-12-13 16:00 - 0000097 _____ () C:\Users\Claire\AppData\Roaming\WindApp.boostrap.log
2013-08-07 19:24 - 2013-08-07 19:24 - 0000898 _____ () C:\Users\Claire\AppData\Roaming\__AvidCloudManager.log
2013-10-05 03:34 - 2013-10-05 03:34 - 0001575 _____ () C:\Users\Claire\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-06 01:08

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Claire (2016-05-10 18:30:22)
Running from C:\Users\Claire\AppData\Local\Microsoft\Windows\INetCache\IE\7T8V6Y95
Windows 8.1 (X64) (2014-10-18 00:53:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2695584637-112437835-466709805-500 - Administrator - Disabled)
Claire (S-1-5-21-2695584637-112437835-466709805-1001 - Administrator - Enabled) => C:\Users\Claire
Guest (S-1-5-21-2695584637-112437835-466709805-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2695584637-112437835-466709805-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-2695584637-112437835-466709805-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: System Shield (Enabled - Up to date) {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
AS: System Shield (Enabled - Up to date) {EAC013B5-54EC-F474-23D9-D0938EA81F22}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.30 alpha (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AKIBA'S TRIP: Undead & Undressed (HKLM-x32\...\Steam App 333980) (Version: - ACQUIRE Corp.)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.28 - ASUSTeK Computer Inc)
ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG)
ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Rising 2: Off the Record (HKLM-x32\...\Steam App 45770) (Version: - Capcom Vancouver)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
Earth Defense Force: Insect Armageddon (HKLM-x32\...\Steam App 23530) (Version: - Vicious Cycle Software, Inc.)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.01 - ASUSTeK Computer Inc.)
ExtractNow (HKLM-x32\...\ExtractNow) (Version: - Nathan Moinvaziri)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FINAL FANTASY XIV - A Realm Reborn (Beta Version) (HKLM-x32\...\{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}) (Version: 0.9.1000 - SQUARE ENIX CO., LTD.)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
HuniePop (HKLM-x32\...\Steam App 339800) (Version: - HuniePot)
Hyperdevotion Noire: Goddess Black Heart (HKLM\...\Steam App 415480) (Version: - Idea Factory)
Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 15.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version: - TT Games)
LG VZW United Drivers (HKLM-x32\...\{C4D14138-D4FD-411E-BB81-A34AAA16737F}) (Version: 2.12.0 - LG Electronics)
Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version: - Tribute Games Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{2AC099EA-CC1C-4E4E-BDFC-0353DCF13DD0}) (Version: 12.5.00400 - Nero AG)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 3.50 - Philipp Winterber
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Tue May 10, 2016 5:36 pm    Post subject: Reply with quote

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Sound Blaster Tactic(3D) Alpha (HKLM-x32\...\{2226247D-9846-4370-A1EF-FAA6958F7632}) (Version: 1.0 - Creative Technology Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Mechanic 15 Professional (x32 Version: 15.5.0 - ) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The LEGO® Movie - Videogame (HKLM-x32\...\Steam App 267530) (Version: - TT Fusion)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A0C7ED9-06F6-41F4-A247-61A10CDE4865} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2016-02-19] (iolo technologies, LLC)
Task: {201AB5CA-55C2-4199-8031-6F5884E37E7F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation)
Task: {2B7A3FE7-9E06-41EF-8C3D-89FDA56CB44F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {35DC8BB6-D58A-4F0D-8142-8ACD5468088D} - System32\Tasks\{E31766EB-38AF-47CA-863D-BA7C6ABC9560} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=install baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4631.1004 culture=en-us productstoremove=ProPlusRetail_en-us_x-none
Task: {4A946E59-0F4E-4178-A662-3D357E568333} - System32\Tasks\{25657DF8-0650-410A-ABE5-8330EC3FF80D} => pcalua.exe -a "C:\Program Files (x86)\Wajam\uninstall.exe"
Task: {4DAC7768-04EA-4936-9A91-1D98B27752F4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {5122FED0-6529-428F-AE6C-64078ABFB5F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {6A719C2E-EAED-4508-8642-4330EB149274} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7EA4C776-FD4E-44C0-972E-0D69F39BF10C} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {8DF5BE04-5FD1-4D90-A28A-6A6B0414FB5A} - System32\Tasks\{369A7134-B47C-0AE4-33C5-4242D30A1337} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\edda7706\c29d1bff.dll" <==== ATTENTION
Task: {908B8E06-EBF1-4EE7-AB2D-523398E2F3BE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A1C9DC71-5E1F-4D89-B292-8F3387B9CC8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A27859C2-C046-429C-93E5-36C7BF2F7A70} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CADBE98F-7CB7-4B62-9106-D2A0609584D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {CBF2C52C-429D-4523-B47C-4D2916D0C81C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E43B9CCE-C546-41A3-B114-4547BA1982FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {FB9C3F32-4B7A-4D02-AF60-A2B56629214B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-05 20:18 - 2016-02-19 07:15 - 00160256 _____ () C:\WINDOWS\system32\iavlsp64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-05 13:30 - 2012-06-01 02:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-05-01 14:07 - 2014-05-01 14:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2014-07-12 14:49 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-05 13:30 - 2016-05-10 18:12 - 00021504 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2012-12-05 13:30 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-05-01 14:07 - 2014-05-01 14:07 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2013-02-17 21:58 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CatWSw8 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2695584637-112437835-466709805-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Claire\Pictures\Free Company Transaction History\ffxiv_04242016_011016.png
DNS Servers: 82.163.142.7 - 95.211.158.134
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "OtShot"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CF923CC-DBC4-4C18-8AEE-F76045668C11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Earth Defense Force Insect Armageddon\EDF-IA.exe
FirewallRules: [{7DA3A51C-CA70-429C-8279-CC65CD03B922}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Earth Defense Force Insect Armageddon\EDF-IA.exe
FirewallRules: [{6287CC16-0128-469F-AF3D-A7E65227A1F6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2358161A-80D0-4346-898E-FF9B8D6F4DD9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{299B64B1-4652-475B-96EA-23C095824395}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{675F21A9-C47B-4F44-A9A1-8847FB45DF60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{BEBC0231-ADAF-49BD-9B00-3A0943A21147}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [{2AD0CF5A-8E73-4519-AC1A-687D9816A74A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\mercenary_kings\MercenaryKings.exe
FirewallRules: [UDP Query User{90B9B8D6-D224-45DF-BD65-71416179328C}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [TCP Query User{F36E545E-9221-404D-B94A-260C26A8B30C}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [{9C5CA1AF-15AC-4367-A21A-33306932EBC6}] => (Allow) C:\Users\Claire\Downloads\uTorrent (1).exe
FirewallRules: [{CBC5303A-C2FF-4922-B967-05F9AC9B73A6}] => (Allow) C:\Users\Claire\Downloads\uTorrent (1).exe
FirewallRules: [{9F938709-36B9-47CA-A41F-6C51796F956C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{F9DF2ABE-2F13-4821-BC5A-F05A8FBB0029}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe] => (Block) C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{86DD7469-DB31-472D-8D5E-B43B59C9C7B6}C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe] => (Block) C:\program files (x86)\steam\steamapps\common\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{E2839373-FFA4-4D59-9FE7-0EDE33DCD42F}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{5D250F3E-F14B-41D0-826E-D161CB4443E1}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{11D9BA5F-2A9A-469B-B323-ED30E998DAD2}C:\users\claire\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\claire\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2730306C-2CEF-41A3-8AA9-914EF3E5D3F3}C:\users\claire\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\claire\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C64F326F-87B0-45F6-84F1-8995C076FE59}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{4BB500AC-F0AB-464B-9BCD-FBB73AA3B154}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{CB6CC0BF-A84C-4C4D-AACE-B1577189D114}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{EE345F90-B311-47C6-9D67-14CBC5FCF029}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{364DAD3D-0FF2-4231-950F-52C19A6108C0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7EEEE40E-7E1F-4BA6-9B17-7A2DB5EAC0F0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1E8A2D11-67CC-4908-99E3-5B359AE6BEDD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{7643A42D-FB53-435E-8C95-590E8C716D2E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7DD35153-B238-4DF5-8F76-8D1ED4CB569A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9F7EC11A-1BFD-4872-936D-AA1D1B186333}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [UDP Query User{FF2FBDE0-7594-43A8-BA26-660D911A43AB}C:\users\claire\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\claire\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{86C45B5B-DAF5-4415-B988-4F30CCF646D2}C:\users\claire\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\claire\appdata\local\akamai\netsession_win.exe
FirewallRules: [{D0750FFB-462E-4B31-905F-7D0C7BEC72A2}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{D24F7F87-8EAB-4F24-BF6C-29A4B3382F30}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{B3C7CE0A-B5AB-4053-A384-99D559BB7753}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{5CB736E4-B78C-492C-A531-530949985EC9}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{55A950DF-842D-4B30-A95D-03D0EB8F7A8A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{1196CBC1-6347-4E19-B564-9F5604424EFC}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [UDP Query User{EE38ED86-48E9-4C99-A092-B5EF3FFD0EBC}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [TCP Query User{B8FDACA3-F0E8-4A94-B691-C3679983C707}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{2DC44320-C0E4-427C-8A02-C4E43FEEB93D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{DF07139B-4B40-462C-B438-186CF847A086}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{0EEC4DC2-27E3-4186-B101-E3199EFD3DCE}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{70A2A914-A9FF-4B87-9EA5-BCDDC0F95F72}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{469F9458-EDA7-4B20-B9C8-2E9A91DC9907}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{519B9E28-F26C-45A5-886E-0209223059F4}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{3C192341-BDE9-47C2-ACFE-A5DEA12B7F14}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{BC816A49-3B80-4446-9A8B-94BA0ED3837D}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{37D5F0A9-0A60-4E77-A6A8-A4F433E4EB38}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{C3064E90-B633-478F-A818-00DEFD1424F5}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\UMI.exe
FirewallRules: [{560F1117-C80B-4F98-BD2E-1C1146E2179A}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{F557098D-BA84-4919-886A-22BF1F29D949}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\NGStudio.exe
FirewallRules: [{F73EACCE-857B-4678-85AB-7F998C1434D2}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [{FB36D503-9A6C-4B6F-A3F6-6F5DEA6AA718}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 16\programs\RM.exe
FirewallRules: [UDP Query User{D45B7F75-2A64-400A-B6B4-13C3FB5A116A}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6D0E9DBB-6926-4F2A-AFEC-3B14BFAAAF10}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{C6985D54-D961-4777-B9EE-2B12D18D3FA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{D811498F-92D9-4631-BD38-ACA89B821321}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{61C1FED5-65A1-461F-B98C-8FF77016B516}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe
FirewallRules: [{5368CF47-01B7-4252-B933-32C4D12E6B8C}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivlauncher.exe
FirewallRules: [{33DE17A3-CDB9-49BF-8FCE-3D961850C741}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe
FirewallRules: [{EA8A076B-B54F-4356-ADCE-8B1118A72896}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn (Beta Version)\boot\ffxivboot.exe
FirewallRules: [{33A15020-0971-4092-9867-45DCA2823EC9}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{7491B500-FAAE-4C83-A150-2B45216669FC}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [UDP Query User{9417E60C-16B6-40FD-A24C-4E9FE38C2A17}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{689BF1CC-9303-4E49-9D97-ACDBEFD4B725}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{BFD14351-797A-41AC-BBC6-9B13E5063719}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5339E6FC-973E-4F02-B2A5-157A73ADD0F0}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{5843544E-99DA-44C4-9BDA-E08F83FDDD39}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{817E8B7F-D1BF-475F-AA37-7F03A15D92F1}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{893DC82A-AEA4-42F7-B910-589A5D03D674}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [UDP Query User{C85F72C1-F2D4-4E44-81F3-7BBDF771C17E}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [TCP Query User{8BE1B768-E75D-4A7D-9DBB-8BCEA436FED6}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe
FirewallRules: [UDP Query User{7F94E70D-FD70-4B22-A70B-17FEBFD90D25}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{3BF54DAA-6EBF-4E2C-96B4-A4A50EE87837}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{9C00545E-42C2-45ED-9E8B-3949A7B68EE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\maidofhearts\garrysmod\hl2.exe
FirewallRules: [{4E83CEA8-046E-4C86-B051-42428A5E904E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\maidofhearts\garrysmod\hl2.exe
FirewallRules: [{5778C135-343C-4165-A53A-6CD90DA6D51C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9CC7A1BA-4125-44C7-B392-3A97B4F53285}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{6BE21BCD-288E-4B09-8486-2D87DEC98B77}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{64E86BC8-B844-47D3-A2BA-2999548AFAF9}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{3246BA17-97CD-427F-98EF-636975E877FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{32E30601-86A0-4393-BE46-A41E42EF4BC1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5F093DB6-F380-4851-90A2-F958EA4DC905}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D27A805B-169A-476F-9B1E-09F5A4A6C1A4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{48967D2D-5F9B-4202-9567-BE0EB44D03D8}] => (Allow) LPort=1900
FirewallRules: [{F31EB244-8F4A-44A6-8A3C-195629EBB016}] => (Allow) LPort=2869
FirewallRules: [{E09BC9C9-A4B3-4B41-A747-C6EC386AA345}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83A41F76-AF13-491D-BFE7-D8993DB6D53D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{1AEA219D-9DCF-47E6-8EAA-B39D88B55680}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{CA2ED4F4-A73C-45E3-BA2D-D383388D0A49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{A5C5EC22-033B-4AB0-9546-944AD7709591}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{AADD138F-4E9B-4F32-A8B2-3A0899A2291E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{C52355AE-FE2C-494C-89FC-01F5B4F2E8BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{049FB070-721A-486E-BDE5-364B841DC298}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{4987B6BC-D594-4DED-B502-2195FF46E372}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{5CE4C049-B026-414C-928C-89659350C48D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LEGO Harry Potter\LEGOHarryPotter.exe
FirewallRules: [{BB0069BA-6955-4902-A8D0-AC11C77419DB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LEGO Harry Potter\LEGOHarryPotter.exe
FirewallRules: [{A2183453-5AD9-49A2-8584-E6E95A3B9FA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{43F1958C-D07D-4E04-B094-D9751C18FB18}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{4F8A9379-1A64-4CDC-B5DA-F7086D9870EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{5362CB55-846D-43E0-8C5E-F25CFD1B14D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{A18DCDC8-CB90-4681-823F-B9EBA0BC37A7}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{9C42FA63-8F0C-4AA1-9943-B20B7B1A407B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{358F3DF5-FBA3-4791-9CD2-AED8F5A992FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9B522792-FBFD-4833-9D0E-9309DD01CDF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{C81F6721-DC13-4EE6-AF99-8820D21B358E}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe
FirewallRules: [UDP Query User{942F4018-4239-4F86-A9FA-D65F0A53B8F1}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe
FirewallRules: [{F0AA2723-931F-40F4-B12C-C4E707C85DD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Rising 2 Off the Record\deadrising2otr.exe
FirewallRules: [{A6C15BB4-910F-4B1E-890F-F6DA616BB757}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dead Rising 2 Off the Record\deadrising2otr.exe
FirewallRules: [{0A87B3E0-C198-4760-AC3A-9D688808ED67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{6311299F-447B-4B22-9081-FE66C27AAD73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{940EC35E-388D-4BB8-8467-6632656F58D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{552DCF62-4999-4AFE-8717-950AC9F95E64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{79FD1F48-DCC1-456A-8567-B0E4EE5CA1EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{1DE62D88-9DA9-4307-B9AA-B7193A1A0A92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{7AE0B140-A36B-4FBF-8BFC-2C5CD9D8EB72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{69C3E949-3A07-4960-B9AE-B5C77778AF72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{1143CB58-511A-4707-A7BC-86E005A4B623}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Akiba's Trip Undead & Undressed\AkibaUU.exe
FirewallRules: [{3ECFAB2F-9B74-4E9F-BFB1-89F1DD610A2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Akiba's Trip Undead & Undressed\AkibaUU.exe
FirewallRules: [{26F4E862-3E6B-45F1-B8ED-10861B9F7487}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{9E1A8E25-C492-4AA7-8D6B-9C702C53B14F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{459024CC-8C0F-4682-BA15-CA04B2C33417}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{5F0049EF-36B0-4F0B-8F6E-A70D06120FED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{1374BFB0-380A-4CA1-8CE3-81C04D6F5E8A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7134BF5-FB29-4398-8EB6-8F51F55BA090}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{22520BC8-008E-4950-B4B3-1EBC34A7C9B2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA126B60-1BA0-4C49-96C3-2525D46AACE2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{82DFCF44-9039-41CF-99EE-DA2D9A7417A4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C1AAA832-3B61-40D7-9FE7-03D62D95A077}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{BB3CC612-0210-47F3-90CF-22095151FF34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{55005CA0-2C4F-4751-84B1-F07F2021DA90}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{7B15FC65-F805-4511-B4EF-9C6777476DAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{A7D7BD76-1C4B-40B4-9656-92BAC5E3C65D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{64088E7E-11E3-4F03-BB99-09A6B790F81E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{85D3EC0F-D01A-47B8-A509-8B0B4C754AC2}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe
FirewallRules: [UDP Query User{D8D98502-A74E-403A-B804-4092E9499255}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe
FirewallRules: [{DB4EEFD2-3632-4676-96B3-D1C85D029436}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{57A65C3A-8828-4D4E-97B8-A6FD4697D777}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{DEB8A870-A1D8-4DD4-9E52-FD6793152A0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hyperdevotion Noire\Noire.exe
FirewallRules: [{C6899BC1-B816-41AE-B7FD-DB917268279F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hyperdevotion Noire\Noire.exe
FirewallRules: [{FBFEB9CA-68A1-4495-93DE-A175643509D0}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{C121F27C-9E56-4227-8FFB-97B8B778ACA1}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe

==================== Restore Points =========================

18-04-2016 23:02:43 Windows Update
07-05-2016 05:55:37 Windows Update
10-05-2016 17:36:17 Removed Skype™ 7.21

==================== Faulty Device Manager Devices =============

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2016 05:41:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b34

Start Time: 01d1ab1dd2820e5c

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 1b9b0c3b-1711-11e6-8008-60a44c2545f0

Faulting package full name:

Faulting package-relative application ID:

Error: (05/10/2016 05:41:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9bc

Start Time: 01d1ab1d73d129e8

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 0e39e387-1711-11e6-8008-60a44c2545f0

Faulting package full name:

Faulting package-relative application ID:

Error: (05/10/2016 05:36:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (05/10/2016 05:36:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
The parameter is incorrect.
.

Error: (05/07/2016 06:00:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5453

Error: (05/07/2016 06:00:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5453

Error: (05/07/2016 06:00:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/07/2016 06:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4375

Error: (05/07/2016 06:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4375

Error: (05/07/2016 06:00:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/10/2016 06:29:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/10/2016 06:25:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (05/10/2016 06:17:08 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%1009

Error: (05/10/2016 06:15:10 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%1009

Error: (05/10/2016 06:13:09 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%1009

Error: (05/10/2016 06:12:53 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%1009

Error: (05/10/2016 06:12:52 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%1009

Error: (05/10/2016 06:08:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3153704).

Error: (05/10/2016 06:08:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Cumulative Security Update for Internet Explorer 11 for Windows 8.1 for x64-based Systems (KB3154070).

Error: (05/10/2016 06:08:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Security Update for Windows 8.1 for x64-based Systems (KB3151058).


CodeIntegrity:
===================================
Date: 2016-05-03 22:45:58.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:58.065
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:57.878
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:57.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:57.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:57.346
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:56.862
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:56.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-03 22:45:56.424
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-12 17:36:49.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 16%
Total physical RAM: 16336.22 MB
Available physical RAM: 13591.96 MB
Total Virtual: 18768.22 MB
Available Virtual: 15869.52 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:915.91 GB) (Free:523.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5CFF753B)

Partition: GPT.

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Tue May 10, 2016 9:15 pm    Post subject: Reply with quote

Looking over your logs, this may take me a while, but I'll be back to you as soon as possible.

In the meantime, to save time, can you please do the following for me ...

Please download AdwCleaner and save it to your desktop.


  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.


AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND


_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Tue May 10, 2016 10:38 pm    Post subject: Reply with quote

# AdwCleaner v5.116 - Logfile created 10/05/2016 at 23:37:20
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 8.1 (X64)
# Username : Claire - CLAIRE_PC
# Running from : C:\Users\Claire\Desktop\adwcleaner_5.116.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : vToolbarUpdater18.1.0

***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\VisualBee
Folder Found : C:\ProgramData\4242c533-0495-1
Folder Found : C:\ProgramData\4242c533-05c3-0
Folder Found : C:\ProgramData\4242c533-07d1-0
Folder Found : C:\ProgramData\4242c533-08b7-0
Folder Found : C:\ProgramData\4242c533-09b5-0
Folder Found : C:\ProgramData\4242c533-0a91-0
Folder Found : C:\ProgramData\4242c533-0d31-1
Folder Found : C:\ProgramData\4242c533-0e03-0
Folder Found : C:\ProgramData\4242c533-10c5-0
Folder Found : C:\ProgramData\4242c533-1355-0
Folder Found : C:\ProgramData\4242c533-1373-1
Folder Found : C:\ProgramData\4242c533-13e3-1
Folder Found : C:\ProgramData\4242c533-13f7-0
Folder Found : C:\ProgramData\4242c533-1485-0
Folder Found : C:\ProgramData\4242c533-1785-1
Folder Found : C:\ProgramData\4242c533-1995-0
Folder Found : C:\ProgramData\4242c533-19d3-0
Folder Found : C:\ProgramData\4242c533-1a15-1
Folder Found : C:\ProgramData\4242c533-1bb7-1
Folder Found : C:\ProgramData\4242c533-1cf1-1
Folder Found : C:\ProgramData\4242c533-1f77-1
Folder Found : C:\ProgramData\4242c533-2051-0
Folder Found : C:\ProgramData\4242c533-23d5-0
Folder Found : C:\ProgramData\4242c533-2b75-1
Folder Found : C:\ProgramData\4242c533-2c71-0
Folder Found : C:\ProgramData\4242c533-2d41-1
Folder Found : C:\ProgramData\4242c533-2d55-0
Folder Found : C:\ProgramData\4242c533-2e27-0
Folder Found : C:\ProgramData\4242c533-3193-1
Folder Found : C:\ProgramData\4242c533-3285-0
Folder Found : C:\ProgramData\4242c533-3395-0
Folder Found : C:\ProgramData\4242c533-34c1-1
Folder Found : C:\ProgramData\4242c533-3613-1
Folder Found : C:\ProgramData\4242c533-3735-0
Folder Found : C:\ProgramData\4242c533-3971-0
Folder Found : C:\ProgramData\4242c533-39c3-1
Folder Found : C:\ProgramData\4242c533-3ba1-1
Folder Found : C:\ProgramData\4242c533-3d05-0
Folder Found : C:\ProgramData\4242c533-3e23-1
Folder Found : C:\ProgramData\4242c533-4415-0
Folder Found : C:\ProgramData\4242c533-46f1-1
Folder Found : C:\ProgramData\4242c533-4b55-0
Folder Found : C:\ProgramData\4242c533-4d75-1
Folder Found : C:\ProgramData\4242c533-4dc1-0
Folder Found : C:\ProgramData\4242c533-4e67-0
Folder Found : C:\ProgramData\4242c533-5047-1
Folder Found : C:\ProgramData\4242c533-5663-1
Folder Found : C:\ProgramData\4242c533-56f5-0
Folder Found : C:\ProgramData\4242c533-5775-0
Folder Found : C:\ProgramData\4242c533-5893-0
Folder Found : C:\ProgramData\4242c533-5ba5-0
Folder Found : C:\ProgramData\4242c533-5c85-0
Folder Found : C:\ProgramData\4242c533-5de3-0
Folder Found : C:\ProgramData\4242c533-5f71-1
Folder Found : C:\ProgramData\4242c533-61b7-1
Folder Found : C:\ProgramData\4242c533-6353-0
Folder Found : C:\ProgramData\4242c533-63a7-1
Folder Found : C:\ProgramData\4242c533-6513-0
Folder Found : C:\ProgramData\4242c533-6537-0
Folder Found : C:\ProgramData\4242c533-65e5-1
Folder Found : C:\ProgramData\4242c533-66b3-0
Folder Found : C:\ProgramData\4242c533-6753-1
Folder Found : C:\ProgramData\4242c533-6911-1
Folder Found : C:\ProgramData\4242c533-6977-0
Folder Found : C:\ProgramData\4242c533-6ae5-1
Folder Found : C:\ProgramData\4242c533-6b91-1
Folder Found : C:\ProgramData\4242c533-6c81-1
Folder Found : C:\ProgramData\4242c533-6cf1-0
Folder Found : C:\ProgramData\4242c533-6e25-1
Folder Found : C:\ProgramData\4242c533-6f81-1
Folder Found : C:\ProgramData\4242c533-6f97-1
Folder Found : C:\ProgramData\4242c533-7093-0
Folder Found : C:\ProgramData\4242c533-7201-1
Folder Found : C:\ProgramData\4242c533-7585-0
Folder Found : C:\ProgramData\4242c533-7865-1
Folder Found : C:\ProgramData\4242c533-78a7-1
Folder Found : C:\ProgramData\4242c533-79a3-0
Folder Found : C:\ProgramData\4242c533-7a91-1
Folder Found : C:\ProgramData\4242c533-7b03-1
Folder Found : C:\ProgramData\4242c533-7c77-0
Folder Found : C:\ProgramData\4242c533-7e41-1
Folder Found : C:\ProgramData\4242c533-7fc3-1
Folder Found : C:\ProgramData\dc9e73020000122e
Folder Found : C:\ProgramData\ecd4661a-0333-0
Folder Found : C:\ProgramData\ecd4661a-40c5-1
Folder Found : C:\ProgramData\edda7706
Folder Found : C:\ProgramData\SuperManCoupon
Folder Found : C:\ProgramData\{05894879-212c-0}
Folder Found : C:\ProgramData\{0b7df002-312c-1}
Folder Found : C:\ProgramData\{2aff896a-512c-0}
Folder Found : C:\ProgramData\{43E9AB2A-136B-7AAC-A2ED-0A2E726FD9A0}
Folder Found : C:\ProgramData\Application Data\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\Application Data\AVG Secure Search
Folder Found : C:\ProgramData\Application Data\Babylon
Folder Found : C:\ProgramData\Application Data\Tarma Installer
Folder Found : C:\ProgramData\Application Data\VisualBee
Folder Found : C:\ProgramData\Application Data\4242c533-0495-1
Folder Found : C:\ProgramData\Application Data\4242c533-05c3-0
Folder Found : C:\ProgramData\Application Data\4242c533-07d1-0
Folder Found : C:\ProgramData\Application Data\4242c533-08b7-0
Folder Found : C:\ProgramData\Application Data\4242c533-09b5-0
Folder Found : C:\ProgramData\Application Data\4242c533-0a91-0
Folder Found : C:\ProgramData\Application Data\4242c533-0d31-1
Folder Found : C:\ProgramData\Application Data\4242c533-0e03-0
Folder Found : C:\ProgramData\Application Data\4242c533-10c5-0
Folder Found : C:\ProgramData\Application Data\4242c533-1355-0
Folder Found : C:\ProgramData\Application Data\4242c533-1373-1
Folder Found : C:\ProgramData\Application Data\4242c533-13e3-1
Folder Found : C:\ProgramData\Application Data\4242c533-13f7-0
Folder Found : C:\ProgramData\Application Data\4242c533-1485-0
Folder Found : C:\ProgramData\Application Data\4242c533-1785-1
Folder Found : C:\ProgramData\Application Data\4242c533-1995-0
Folder Found : C:\ProgramData\Application Data\4242c533-19d3-0
Folder Found : C:\ProgramData\Application Data\4242c533-1a15-1
Folder Found : C:\ProgramData\Application Data\4242c533-1bb7-1
Folder Found : C:\ProgramData\Application Data\4242c533-1cf1-1
Folder Found : C:\ProgramData\Application Data\4242c533-1f77-1
Folder Found : C:\ProgramData\Application Data\4242c533-2051-0
Folder Found : C:\ProgramData\Application Data\4242c533-23d5-0
Folder Found : C:\ProgramData\Application Data\4242c533-2b75-1
Folder Found : C:\ProgramData\Application Data\4242c533-2c71-0
Folder Found : C:\ProgramData\Application Data\4242c533-2d41-1
Folder Found : C:\ProgramData\Application Data\4242c533-2d55-0
Folder Found : C:\ProgramData\Application Data\4242c533-2e27-0
Folder Found : C:\ProgramData\Application Data\4242c533-3193-1
Folder Found : C:\ProgramData\Application Data\4242c533-3285-0
Folder Found : C:\ProgramData\Application Data\4242c533-3395-0
Folder Found : C:\ProgramData\Application Data\4242c533-34c1-1
Folder Found : C:\ProgramData\Application Data\4242c533-3613-1
Folder Found : C:\ProgramData\Application Data\4242c533-3735-0
Folder Found : C:\ProgramData\Application Data\4242c533-3971-0
Folder Found : C:\ProgramData\Application Data\4242c533-39c3-1
Folder Found : C:\ProgramData\Application Data\4242c533-3ba1-1
Folder Found : C:\ProgramData\Application Data\4242c533-3d05-0
Folder Found : C:\ProgramData\Application Data\4242c533-3e23-1
Folder Found : C:\ProgramData\Application Data\4242c533-4415-0
Folder Found : C:\ProgramData\Application Data\4242c533-46f1-1
Folder Found : C:\ProgramData\Application Data\4242c533-4b55-0
Folder Found : C:\ProgramData\Application Data\4242c533-4d75-1
Folder Found : C:\ProgramData\Application Data\4242c533-4dc1-0
Folder Found : C:\ProgramData\Application Data\4242c533-4e67-0
Folder Found : C:\ProgramData\Application Data\4242c533-5047-1
Folder Found : C:\ProgramData\Application Data\4242c533-5663-1
Folder Found : C:\ProgramData\Application Data\4242c533-56f5-0
Folder Found : C:\ProgramData\Application Data\4242c533-5775-0
Folder Found : C:\ProgramData\Application Data\4242c533-5893-0
Folder Found : C:\ProgramData\Application Data\4242c533-5ba5-0
Folder Found : C:\ProgramData\Application Data\4242c533-5c85-0
Folder Found : C:\ProgramData\Application Data\4242c533-5de3-0
Folder Found : C:\ProgramData\Application Data\4242c533-5f71-1
Folder Found : C:\ProgramData\Application Data\4242c533-61b7-1
Folder Found : C:\ProgramData\Application Data\4242c533-6353-0
Folder Found : C:\ProgramData\Application Data\4242c533-63a7-1
Folder Found : C:\ProgramData\Application Data\4242c533-6513-0
Folder Found : C:\ProgramData\Application Data\4242c533-6537-0
Folder Found : C:\ProgramData\Application Data\4242c533-65e5-1
Folder Found : C:\ProgramData\Application Data\4242c533-66b3-0
Folder Found : C:\ProgramData\Application Data\4242c533-6753-1
Folder Found : C:\ProgramData\Application Data\4242c533-6911-1
Folder Found : C:\ProgramData\Application Data\4242c533-6977-0
Folder Found : C:\ProgramData\Application Data\4242c533-6ae5-1
Folder Found : C:\ProgramData\Application Data\4242c533-6b91-1
Folder Found : C:\ProgramData\Application Data\4242c533-6c81-1
Folder Found : C:\ProgramData\Application Data\4242c533-6cf1-0
Folder Found : C:\ProgramData\Application Data\4242c533-6e25-1
Folder Found : C:\ProgramData\Application Data\4242c533-6f81-1
Folder Found : C:\ProgramData\Application Data\4242c533-6f97-1
Folder Found : C:\ProgramData\Application Data\4242c533-7093-0
Folder Found : C:\ProgramData\Application Data\4242c533-7201-1
Folder Found : C:\ProgramData\Application Data\4242c533-7585-0
Folder Found : C:\ProgramData\Application Data\4242c533-7865-1
Folder Found : C:\ProgramData\Application Data\4242c533-78a7-1
Folder Found : C:\ProgramData\Application Data\4242c533-79a3-0
Folder Found : C:\ProgramData\Application Data\4242c533-7a91-1
Folder Found : C:\ProgramData\Application Data\4242c533-7b03-1
Folder Found : C:\ProgramData\Application Data\4242c533-7c77-0
Folder Found : C:\ProgramData\Application Data\4242c533-7e41-1
Folder Found : C:\ProgramData\Application Data\4242c533-7fc3-1
Folder Found : C:\ProgramData\Application Data\dc9e73020000122e
Folder Found : C:\ProgramData\Application Data\ecd4661a-0333-0
Folder Found : C:\ProgramData\Application Data\ecd4661a-40c5-1
Folder Found : C:\ProgramData\Application Data\edda7706
Folder Found : C:\ProgramData\Application Data\SuperManCoupon
Folder Found : C:\ProgramData\Application Data\{05894879-212c-0}
Folder Found : C:\ProgramData\Application Data\{0b7df002-312c-1}
Folder Found : C:\ProgramData\Application Data\{2aff896a-512c-0}
Folder Found : C:\ProgramData\Application Data\{43E9AB2A-136B-7AAC-A2ED-0A2E726FD9A0}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Itibiti Soft Phone
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\TurboStrength
Folder Found : C:\Program Files (x86)\SpringFiles
Folder Found : C:\Program Files (x86)\dply_en_015020173
Folder Found : C:\Program Files (x86)\MaxDrivrUpdater_v153.10831
Folder Found : C:\Program Files (x86)\Oasis Space
Folder Found : C:\Program Files (x86)\dply_en_015020173
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\WINDOWS\SysWOW64\ARFC
Folder Found : C:\WINDOWS\SysWOW64\jmdp
Folder Found : C:\WINDOWS\SysWOW64\WNLT
Folder Found : C:\Users\Claire\AppData\Local\BrowserAir
Folder Found : C:\Users\Claire\AppData\Local\Conduit
Folder Found : C:\Users\Claire\AppData\Local\DownloadTerms
Folder Found : C:\Users\Claire\AppData\Local\emaze
Folder Found : C:\Users\Claire\AppData\Local\jZip
Folder Found : C:\Users\Claire\AppData\Local\SearchModule
Folder Found : C:\Users\Claire\AppData\Local\SearchProtect
Folder Found : C:\Users\Claire\AppData\Local\SwvUpdater
Folder Found : C:\Users\Claire\AppData\Local\VisualBeeExe
Folder Found : C:\Users\Claire\AppData\Local\Wajam
Folder Found : C:\Users\Claire\AppData\Local\dply_en_015020173
Folder Found : C:\Users\Claire\AppData\Local\dply_en_015020173
Folder Found : C:\Users\Claire\AppData\LocalLow\Conduit
Folder Found : C:\Users\Claire\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Claire\AppData\Roaming\Babylon
Folder Found : C:\Users\Claire\AppData\Roaming\Common\LuaRT
Folder Found : C:\Users\Claire\AppData\Roaming\eDownload
Folder Found : C:\Users\Claire\AppData\Roaming\FunFeedr
Folder Found : C:\Users\Claire\AppData\Roaming\Genius
Folder Found : C:\Users\Claire\AppData\Roaming\Nosibay
Folder Found : C:\Users\Claire\AppData\Roaming\Seventh
Folder Found : C:\Users\Claire\AppData\Roaming\System Healer
Folder Found : C:\Users\Claire\AppData\Roaming\SpringFiles
Folder Found : C:\Users\Claire\Favorites\StumbleUpon
Folder Found : C:\Users\Claire\Documents\Add-in Express
Folder Found : C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default\funfeedr_storage
Folder Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
Folder Found : C:\WINDOWS\SysNative\ljkb

***** [ Files ] *****

File Found : C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe
File Found : C:\WINDOWS\SysWOW64\installd.exe
File Found : C:\Users\Claire\AppData\LocalLow\SkwConfig.bin
File Found : C:\Users\Claire\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\Claire\AppData\Roaming\Bubble Dock.installation.log
File Found : C:\Users\Claire\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_rvzr-a.akamaihd.net_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_rvzr-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Found : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{edda7706}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Found : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\WNLT
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Linksicle
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : HKLM\SOFTWARE\Video Player
Key Found : HKLM\SOFTWARE\VideoPlayerV3
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKU\.DEFAULT\Software\IM
Key Found : HKU\.DEFAULT\Software\ImInstaller
Key Found : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Conduit
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\IM
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\ImInstaller
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\InstallCore
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\SweetIM
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\WEDLMNGR
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\WNLT
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\AppDataLow\Software\PriceGong
Key Found : HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\IM
Key Found : HKU\S-1-5-18\Software\ImInstaller
Key Found : HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytC0D0F0CtA0CtDyDtDtBtN0D0Tzu0CyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=303096300&ir=
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2DC44320-C0E4-427C-8A02-C4E43FEEB93D}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DF07139B-4B40-462C-B438-186CF847A086}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0EEC4DC2-27E3-4186-B101-E3199EFD3DCE}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{70A2A914-A9FF-4B87-9EA5-BCDDC0F95F72}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{469F9458-EDA7-4B20-B9C8-2E9A91DC9907}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{519B9E28-F26C-45A5-886E-0209223059F4}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3C192341-BDE9-47C2-ACFE-A5DEA12B7F14}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BC816A49-3B80-4446-9A8B-94BA0ED3837D}]
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA} [NameServer] - 82.163.142.7 95.211.158.134
Data Found : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE} [NameServer] - 82.163.142.7 95.211.158.134
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utop.it

***** [ Web browsers ] *****

[C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default\prefs.js] Found : user_pref("f2.pingUrl", "hxxp://api.funfeedr.com/ping.php?ch=funfeedr");
[C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.cassiopessa.com/?f=7&a=csp_tuto10_15_50&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtByDyEyD0FtDtDyDtDtBtN0D0Tzu0StCyEyEtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtA0FtB0AzytAyBtGtBtD0DtCtG0F0D0D0BtGtAtB0E0AtG0BtC0BtBtBtA0CzyzztByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Azz0FtC0Ezz0AtG0D0AtAyBtGyEtCzz0DtG0ByE0BzztGtDtB0EyD0C0AtAtB0Ezz0FtD2QtN0A0LzuyE&cr=1630197586&ir=&uref=chmm
[C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Extension] Found : jlcgehabolcakkjhgmgpkagpolbjlhfa
[C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.cassiopessa.com/?f=1&a=csp_tuto10_15_50&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtByDyEyD0FtDtDyDtDtBtN0D0Tzu0StCyEyEtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtA0FtB0AzytAyBtGtBtD0DtCtG0F0D0D0BtGtAtB0E0AtG0BtC0BtBtBtA0CzyzztByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Azz0FtC0Ezz0AtG0D0AtAyBtGyEtCzz0DtG0ByE0BzztGtDtB0EyD0C0AtAtB0Ezz0FtD2QtN0A0LzuyE&cr=1630197586&ir=&uref=chmm

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [29478 bytes] - [10/05/2016 23:37:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [29552 bytes] ##########
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Wed May 11, 2016 12:00 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Claire

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:

  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.



Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, I've looked over your logs, and we've got quite a bit to do to get your computer completely clean, so let's get started shall we ....

First ....


  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


Next ....


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).


Code:
GroupPolicy: Restriction - Chrome <======= ATTENTION
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}: [DhcpNameServer] 82.163.142.7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytC0D0F0CtA0CtDyDtDtBtN0D0Tzu0CyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=303096300&ir=
SearchScopes: HKLM-x32 -> DefaultScope {67F70AB0-E858-4EBB-99F0-F43C39C4CD09} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-2695584637-112437835-466709805-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-23] <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta338.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta338\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home330.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home330\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release6154.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6154\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha4997.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4997\ff => not found
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\Claire\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx <not found>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Claire\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx <not found>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Claire\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\Claire\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Claire\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iemhklfiepgflchbeipcikpolbejimkg] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4997\ch\TrustMediaViewerV1alpha4997.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iihjchgmcoiehidideijplniggkdhbpp] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6154\ch\RichMediaViewV1release6154.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lijaobiefjnhiedbnihhkadnhpfbocml] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home330\ch\MediaWatchV1home330.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Claire\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pcooclmapipehomcphbpkgcjhbfofgnk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta338\ch\VideoPlayerV3beta338.crx <not found>
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-05-01] (AVG Secure Search)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Task: {8DF5BE04-5FD1-4D90-A28A-6A6B0414FB5A} - System32\Tasks\{369A7134-B47C-0AE4-33C5-4242D30A1337} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\edda7706\c29d1bff.dll" <==== ATTENTION
2014-05-01 14:07 - 2014-05-01 14:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\sony.com -> sony.com
FirewallRules: [{9C5CA1AF-15AC-4367-A21A-33306932EBC6}] => (Allow) C:\Users\Claire\Downloads\uTorrent (1).exe
FirewallRules: [{CBC5303A-C2FF-4922-B967-05F9AC9B73A6}] => (Allow) C:\Users\Claire\Downloads\uTorrent (1).exe
FirewallRules: [TCP Query User{85D3EC0F-D01A-47B8-A509-8B0B4C754AC2}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe
FirewallRules: [UDP Query User{D8D98502-A74E-403A-B804-4092E9499255}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe
C:\Users\Claire\AppData\Roaming\uTorrent
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



Summary of the logs I need from you in your next post:

  • ADWCleaner log
  • Fixlog.txt
  • Please let me know how your computer is running now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Wed May 11, 2016 12:53 am    Post subject: Reply with quote

# AdwCleaner v5.116 - Logfile created 11/05/2016 at 01:47:01
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 8.1 (X64)
# Username : Claire - CLAIRE_PC
# Running from : C:\Users\Claire\Desktop\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater18.1.0

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\VisualBee
[-] Folder Deleted : C:\ProgramData\4242c533-0495-1
[-] Folder Deleted : C:\ProgramData\4242c533-05c3-0
[-] Folder Deleted : C:\ProgramData\4242c533-07d1-0
[-] Folder Deleted : C:\ProgramData\4242c533-08b7-0
[-] Folder Deleted : C:\ProgramData\4242c533-09b5-0
[-] Folder Deleted : C:\ProgramData\4242c533-0a91-0
[-] Folder Deleted : C:\ProgramData\4242c533-0d31-1
[-] Folder Deleted : C:\ProgramData\4242c533-0e03-0
[-] Folder Deleted : C:\ProgramData\4242c533-10c5-0
[-] Folder Deleted : C:\ProgramData\4242c533-1355-0
[-] Folder Deleted : C:\ProgramData\4242c533-1373-1
[-] Folder Deleted : C:\ProgramData\4242c533-13e3-1
[-] Folder Deleted : C:\ProgramData\4242c533-13f7-0
[-] Folder Deleted : C:\ProgramData\4242c533-1485-0
[-] Folder Deleted : C:\ProgramData\4242c533-1785-1
[-] Folder Deleted : C:\ProgramData\4242c533-1995-0
[-] Folder Deleted : C:\ProgramData\4242c533-19d3-0
[-] Folder Deleted : C:\ProgramData\4242c533-1a15-1
[-] Folder Deleted : C:\ProgramData\4242c533-1bb7-1
[-] Folder Deleted : C:\ProgramData\4242c533-1cf1-1
[-] Folder Deleted : C:\ProgramData\4242c533-1f77-1
[-] Folder Deleted : C:\ProgramData\4242c533-2051-0
[-] Folder Deleted : C:\ProgramData\4242c533-23d5-0
[-] Folder Deleted : C:\ProgramData\4242c533-2b75-1
[-] Folder Deleted : C:\ProgramData\4242c533-2c71-0
[-] Folder Deleted : C:\ProgramData\4242c533-2d41-1
[-] Folder Deleted : C:\ProgramData\4242c533-2d55-0
[-] Folder Deleted : C:\ProgramData\4242c533-2e27-0
[-] Folder Deleted : C:\ProgramData\4242c533-3193-1
[-] Folder Deleted : C:\ProgramData\4242c533-3285-0
[-] Folder Deleted : C:\ProgramData\4242c533-3395-0
[-] Folder Deleted : C:\ProgramData\4242c533-34c1-1
[-] Folder Deleted : C:\ProgramData\4242c533-3613-1
[-] Folder Deleted : C:\ProgramData\4242c533-3735-0
[-] Folder Deleted : C:\ProgramData\4242c533-3971-0
[-] Folder Deleted : C:\ProgramData\4242c533-39c3-1
[-] Folder Deleted : C:\ProgramData\4242c533-3ba1-1
[-] Folder Deleted : C:\ProgramData\4242c533-3d05-0
[-] Folder Deleted : C:\ProgramData\4242c533-3e23-1
[-] Folder Deleted : C:\ProgramData\4242c533-4415-0
[-] Folder Deleted : C:\ProgramData\4242c533-46f1-1
[-] Folder Deleted : C:\ProgramData\4242c533-4b55-0
[-] Folder Deleted : C:\ProgramData\4242c533-4d75-1
[-] Folder Deleted : C:\ProgramData\4242c533-4dc1-0
[-] Folder Deleted : C:\ProgramData\4242c533-4e67-0
[-] Folder Deleted : C:\ProgramData\4242c533-5047-1
[-] Folder Deleted : C:\ProgramData\4242c533-5663-1
[-] Folder Deleted : C:\ProgramData\4242c533-56f5-0
[-] Folder Deleted : C:\ProgramData\4242c533-5775-0
[-] Folder Deleted : C:\ProgramData\4242c533-5893-0
[-] Folder Deleted : C:\ProgramData\4242c533-5ba5-0
[-] Folder Deleted : C:\ProgramData\4242c533-5c85-0
[-] Folder Deleted : C:\ProgramData\4242c533-5de3-0
[-] Folder Deleted : C:\ProgramData\4242c533-5f71-1
[-] Folder Deleted : C:\ProgramData\4242c533-61b7-1
[-] Folder Deleted : C:\ProgramData\4242c533-6353-0
[-] Folder Deleted : C:\ProgramData\4242c533-63a7-1
[-] Folder Deleted : C:\ProgramData\4242c533-6513-0
[-] Folder Deleted : C:\ProgramData\4242c533-6537-0
[-] Folder Deleted : C:\ProgramData\4242c533-65e5-1
[-] Folder Deleted : C:\ProgramData\4242c533-66b3-0
[-] Folder Deleted : C:\ProgramData\4242c533-6753-1
[-] Folder Deleted : C:\ProgramData\4242c533-6911-1
[-] Folder Deleted : C:\ProgramData\4242c533-6977-0
[-] Folder Deleted : C:\ProgramData\4242c533-6ae5-1
[-] Folder Deleted : C:\ProgramData\4242c533-6b91-1
[-] Folder Deleted : C:\ProgramData\4242c533-6c81-1
[-] Folder Deleted : C:\ProgramData\4242c533-6cf1-0
[-] Folder Deleted : C:\ProgramData\4242c533-6e25-1
[-] Folder Deleted : C:\ProgramData\4242c533-6f81-1
[-] Folder Deleted : C:\ProgramData\4242c533-6f97-1
[-] Folder Deleted : C:\ProgramData\4242c533-7093-0
[-] Folder Deleted : C:\ProgramData\4242c533-7201-1
[-] Folder Deleted : C:\ProgramData\4242c533-7585-0
[-] Folder Deleted : C:\ProgramData\4242c533-7865-1
[-] Folder Deleted : C:\ProgramData\4242c533-78a7-1
[-] Folder Deleted : C:\ProgramData\4242c533-79a3-0
[-] Folder Deleted : C:\ProgramData\4242c533-7a91-1
[-] Folder Deleted : C:\ProgramData\4242c533-7b03-1
[-] Folder Deleted : C:\ProgramData\4242c533-7c77-0
[-] Folder Deleted : C:\ProgramData\4242c533-7e41-1
[-] Folder Deleted : C:\ProgramData\4242c533-7fc3-1
[-] Folder Deleted : C:\ProgramData\dc9e73020000122e
[-] Folder Deleted : C:\ProgramData\ecd4661a-0333-0
[-] Folder Deleted : C:\ProgramData\ecd4661a-40c5-1
[-] Folder Deleted : C:\ProgramData\edda7706
[-] Folder Deleted : C:\ProgramData\SuperManCoupon
[-] Folder Deleted : C:\ProgramData\{05894879-212c-0}
[-] Folder Deleted : C:\ProgramData\{0b7df002-312c-1}
[-] Folder Deleted : C:\ProgramData\{2aff896a-512c-0}
[-] Folder Deleted : C:\ProgramData\{43E9AB2A-136B-7AAC-A2ED-0A2E726FD9A0}
[#] Folder Deleted : C:\ProgramData\Application Data\AVG SafeGuard toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\Babylon
[#] Folder Deleted : C:\ProgramData\Application Data\Tarma Installer
[#] Folder Deleted : C:\ProgramData\Application Data\VisualBee
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-0495-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-05c3-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-07d1-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-08b7-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-09b5-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-0a91-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-0d31-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-0e03-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-10c5-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1355-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1373-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-13e3-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-13f7-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1485-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1785-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1995-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-19d3-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1a15-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1bb7-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1cf1-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-1f77-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-2051-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-23d5-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-2b75-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-2c71-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-2d41-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-2d55-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-2e27-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3193-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3285-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3395-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-34c1-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3613-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3735-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3971-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-39c3-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3ba1-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3d05-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-3e23-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-4415-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-46f1-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-4b55-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-4d75-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-4dc1-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-4e67-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5047-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5663-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-56f5-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5775-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5893-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5ba5-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5c85-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5de3-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-5f71-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-61b7-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6353-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-63a7-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6513-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6537-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-65e5-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-66b3-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6753-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6911-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6977-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6ae5-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6b91-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6c81-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6cf1-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6e25-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6f81-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-6f97-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7093-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7201-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7585-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7865-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-78a7-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-79a3-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7a91-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7b03-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7c77-0
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7e41-1
[#] Folder Deleted : C:\ProgramData\Application Data\4242c533-7fc3-1
[#] Folder Deleted : C:\ProgramData\Application Data\dc9e73020000122e
[#] Folder Deleted : C:\ProgramData\Application Data\ecd4661a-0333-0
[#] Folder Deleted : C:\ProgramData\Application Data\ecd4661a-40c5-1
[#] Folder Deleted : C:\ProgramData\Application Data\edda7706
[#] Folder Deleted : C:\ProgramData\Application Data\SuperManCoupon
[#] Folder Deleted : C:\ProgramData\Application Data\{05894879-212c-0}
[#] Folder Deleted : C:\ProgramData\Application Data\{0b7df002-312c-1}
[#] Folder Deleted : C:\ProgramData\Application Data\{2aff896a-512c-0}
[#] Folder Deleted : C:\ProgramData\Application Data\{43E9AB2A-136B-7AAC-A2ED-0A2E726FD9A0}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\TurboStrength
[-] Folder Deleted : C:\Program Files (x86)\SpringFiles
[-] Folder Deleted : C:\Program Files (x86)\dply_en_015020173
[-] Folder Deleted : C:\Program Files (x86)\MaxDrivrUpdater_v153.10831
[-] Folder Deleted : C:\Program Files (x86)\Oasis Space
[#] Folder Deleted : C:\Program Files (x86)\dply_en_015020173
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\WINDOWS\SysWOW64\ARFC
[-] Folder Deleted : C:\WINDOWS\SysWOW64\jmdp
[-] Folder Deleted : C:\WINDOWS\SysWOW64\WNLT
[-] Folder Deleted : C:\Users\Claire\AppData\Local\BrowserAir
[-] Folder Deleted : C:\Users\Claire\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Claire\AppData\Local\DownloadTerms
[-] Folder Deleted : C:\Users\Claire\AppData\Local\emaze
[-] Folder Deleted : C:\Users\Claire\AppData\Local\jZip
[-] Folder Deleted : C:\Users\Claire\AppData\Local\SearchModule
[-] Folder Deleted : C:\Users\Claire\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\Claire\AppData\Local\SwvUpdater
[-] Folder Deleted : C:\Users\Claire\AppData\Local\VisualBeeExe
[-] Folder Deleted : C:\Users\Claire\AppData\Local\Wajam
[-] Folder Deleted : C:\Users\Claire\AppData\Local\dply_en_015020173
[#] Folder Deleted : C:\Users\Claire\AppData\Local\dply_en_015020173
[-] Folder Deleted : C:\Users\Claire\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Claire\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\Common\LuaRT
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\eDownload
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\FunFeedr
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\Genius
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\Nosibay
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\Seventh
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\System Healer
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\SpringFiles
[-] Folder Deleted : C:\Users\Claire\Favorites\StumbleUpon
[-] Folder Deleted : C:\Users\Claire\Documents\Add-in Express
[-] Folder Deleted : C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default\funfeedr_storage
[-] Folder Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] Folder Deleted : C:\WINDOWS\SysNative\ljkb

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Common Files\config\uninstinethnfd.exe
[-] File Deleted : C:\WINDOWS\SysWOW64\installd.exe
[-] File Deleted : C:\Users\Claire\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\Claire\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\Claire\AppData\Roaming\Bubble Dock.installation.log
[-] File Deleted : C:\Users\Claire\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_rvzr-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_rvzr-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_twitter.conduitapps.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
[-] File Deleted : C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{edda7706}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\WEDLMNGR
[-] Key Deleted : HKCU\Software\WNLT
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\Linksicle
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\VBMZ
[-] Key Deleted : HKLM\SOFTWARE\Video Player
[-] Key Deleted : HKLM\SOFTWARE\VideoPlayerV3
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2DC44320-C0E4-427C-8A02-C4E43FEEB93D}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DF07139B-4B40-462C-B438-186CF847A086}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0EEC4DC2-27E3-4186-B101-E3199EFD3DCE}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{70A2A914-A9FF-4B87-9EA5-BCDDC0F95F72}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{469F9458-EDA7-4B20-B9C8-2E9A91DC9907}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{519B9E28-F26C-45A5-886E-0209223059F4}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{3C192341-BDE9-47C2-ACFE-A5DEA12B7F14}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BC816A49-3B80-4446-9A8B-94BA0ED3837D}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE} [NameServer]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\coupontime.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.coupontime00.coupontime.co

***** [ Web browsers ] *****

[-] [C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\yjt7vxra.default\prefs.js] Deleted : user_pref("f2.pingUrl", "hxxp://api.funfeedr.com/ping.php?ch=funfeedr");
[-] [C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.cassiopessa.com/?f=7&a=csp_tuto10_15_50&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtByDyEyD0FtDtDyDtDtBtN0D0Tzu0StCyEyEtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtA0FtB0AzytAyBtGtBtD0DtCtG0F0D0D0BtGtAtB0E0AtG0BtC0BtBtBtA0CzyzztByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Azz0FtC0Ezz0AtG0D0AtAyBtGyEtCzz0DtG0ByE0BzztGtDtB0EyD0C0AtAtB0Ezz0FtD2QtN0A0LzuyE&cr=1630197586&ir=&uref=chmm
[-] [C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Extension] Deleted : jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\Claire\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.cassiopessa.com/?f=1&a=csp_tuto10_15_50&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtByDyEyD0FtDtDyDtDtBtN0D0Tzu0StCyEyEtBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtA0FtB0AzytAyBtGtBtD0DtCtG0F0D0D0BtGtAtB0E0AtG0BtC0BtBtBtA0CzyzztByB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Azz0FtC0Ezz0AtG0D0AtAyBtGyEtCzz0DtG0ByE0BzztGtDtB0EyD0C0AtAtB0Ezz0FtD2QtN0A0LzuyE&cr=1630197586&ir=&uref=chmm

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [29913 bytes] - [11/05/2016 01:47:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [29652 bytes] - [10/05/2016 23:37:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [29438 bytes] - [11/05/2016 01:43:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [30135 bytes] ##########
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Wed May 11, 2016 1:04 am    Post subject: Reply with quote

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Claire (2016-05-11 01:59:37) Run:2
Running from C:\Users\Claire\Downloads
Loaded Profiles: Claire (Available Profiles: Claire)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy: Restriction - Chrome <======= ATTENTION
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}: [DhcpNameServer] 82.163.142.7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytC0D0F0CtA0CtDyDtDtBtN0D0Tzu0CyBtAyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=303096300&ir=
SearchScopes: HKLM-x32 -> DefaultScope {67F70AB0-E858-4EBB-99F0-F43C39C4CD09} URL =
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKU\S-1-5-21-2695584637-112437835-466709805-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-08-23] <==== ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta338.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta338\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home330.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home330\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release6154.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6154\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha4997.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4997\ff => not found
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\Claire\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx <not found>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Claire\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx <not found>
CHR HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Claire\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [acohkacenjkkllhbfgfflibmenakobco] - C:\Users\Claire\AppData\Local\CRE\acohkacenjkkllhbfgfflibmenakobco.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Users\Claire\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iemhklfiepgflchbeipcikpolbejimkg] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4997\ch\TrustMediaViewerV1alpha4997.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iihjchgmcoiehidideijplniggkdhbpp] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release6154\ch\RichMediaViewV1release6154.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lijaobiefjnhiedbnihhkadnhpfbocml] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home330\ch\MediaWatchV1home330.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\Claire\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pcooclmapipehomcphbpkgcjhbfofgnk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta338\ch\VideoPlayerV3beta338.crx <not found>
R2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-05-01] (AVG Secure Search)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
Task: {8DF5BE04-5FD1-4D90-A28A-6A6B0414FB5A} - System32\Tasks\{369A7134-B47C-0AE4-33C5-4242D30A1337} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\edda7706\c29d1bff.dll" <==== ATTENTION
2014-05-01 14:07 - 2014-05-01 14:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2695584637-112437835-466709805-1001\...\sony.com -> sony.com
FirewallRules: [{9C5CA1AF-15AC-4367-A21A-33306932EBC6}] => (Allow) C:\Users\Claire\Downloads\uTorrent (1).exe
FirewallRules: [{CBC5303A-C2FF-4922-B967-05F9AC9B73A6}] => (Allow) C:\Users\Claire\Downloads\uTorrent (1).exe
FirewallRules: [TCP Query User{85D3EC0F-D01A-47B8-A509-8B0B4C754AC2}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe
FirewallRules: [UDP Query User{D8D98502-A74E-403A-B804-4092E9499255}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe
C:\Users\Claire\AppData\Roaming\uTorrent
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36596010-9C41-4F38-B4E8-5756F0963958}\\DhcpNameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A8F65DEA-89AE-499C-AE4A-EF1FCB1826DA}\\DhcpNameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B5D23BF3-A181-43D1-A24A-794FF8D6E9FE}\\DhcpNameServer => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => key not found.
HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
"C:\Program Files (x86)\mozilla firefox\firefox.cfg" => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\linksicle@linksicle.com => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@VideoPlayerV3beta338.net => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaWatchV1home330.net => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@RichMediaViewV1release6154.net => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@TrustMediaViewerV1alpha4997.net => value not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee => key not found.
HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\acohkacenjkkllhbfgfflibmenakobco => key not found.
HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff => key not found.
HKU\S-1-5-21-2695584637-112437835-466709805-1001\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\acohkacenjkkllhbfgfflibmenakobco => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iemhklfiepgflchbeipcikpolbejimkg => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iihjchgmcoiehidideijplniggkdhbpp => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lijaobiefjnhiedbnihhkadnhpfbocml => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pcooclmapipehomcphbpkgcjhbfofgnk => key not found.
vToolbarUpdater18.1.0 => service not found.
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DF5BE04-5FD1-4D90-A28A-6A6B0414FB5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DF5BE04-5FD1-4D90-A28A-6A6B0414FB5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\{369A7134-B47C-0AE4-33C5-4242D30A1337} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{369A7134-B47C-0AE4-33C5-4242D30A1337}" => key removed successfully
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe" => not found.
"HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-21-2695584637-112437835-466709805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C5CA1AF-15AC-4367-A21A-33306932EBC6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBC5303A-C2FF-4922-B967-05F9AC9B73A6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{85D3EC0F-D01A-47B8-A509-8B0B4C754AC2}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D8D98502-A74E-403A-B804-4092E9499255}C:\users\claire\appdata\roaming\utorrent\updates\3.4.5_41712.exe => value removed successfully
C:\Users\Claire\AppData\Roaming\uTorrent => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 224.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 02:00:32 ====
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Wed May 11, 2016 1:09 am    Post subject: Reply with quote

Update:

So far popups stopped on internet.

As for Steam, No popups so far. I have been able to browse the store with no irritating popups or ads. Surprised

I will add most of the previous stuff always said DNSUnlocker.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Wed May 11, 2016 3:36 am    Post subject: Reply with quote

OK, the scans we've run so far have pretty much been specific to the infection I saw indicated on your FRST logs, and what I need you to do now, is to run a more general scan of your computer, which should pick up anything that we may have overlooked.

This scan can take hours to complete, but it is very thorough, and usually finds any "fellow travellers" that may have hitched a ride with your main infection.

So .....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on Online one time Scan

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....

    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop

  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Wed May 11, 2016 10:43 pm    Post subject: Reply with quote

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\ProgramData\4242c533-6b91-1\4242c533-6b91-1.d.vir a variant of Win32/Adware.Adposhel.E application
C:\AdwCleaner\FileQuarantine\C\ProgramData\edda7706\c29d1bff.dll.vir a variant of Win32/Adware.Adposhel.B application
C:\AdwCleaner\FileQuarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\ljkb\lmrn.dll.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\ljkb\stij.exe.vir a variant of Win64/Toolbar.Perion.D potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysWOW64\installd.exe.vir a variant of Win32/Amonetize.AZ potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysWOW64\jmdp\lmrn.dll.vir a variant of Win32/Toolbar.Perion.P potentially unwanted application
C:\AdwCleaner\FileQuarantine\C\WINDOWS\SysWOW64\jmdp\stij.exe.vir a variant of Win32/Toolbar.Perion.P potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Claire\AppData\Local\bvxvyxxvcy\pbqrmvbub a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Claire\Downloads\Download Prog\Setup.exe Win32/Adware.HotBar.Q application
C:\Users\Claire\Downloads\Download Prog\uTorrent (1).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Claire\Downloads\Download Prog\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Claire\Downloads\Download Prog\WinZip175.exe a variant of Win32/OpenInstall potentially unwanted application
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Wed May 11, 2016 11:56 pm    Post subject: Reply with quote

OK the quarantined ADWCleaner files we can leave for the time being, since we'll remove them at the end, when we remove ADWCleaner, and any other tools we might use.

So ....


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (don't include Code:).


Code:
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Claire\AppData\Local\bvxvyxxvcy\pbqrmvbub
C:\Users\Claire\AppData\Local\bvxvyxxvcy
C:\Users\Claire\Downloads\Download Prog\Setup.exe
C:\Users\Claire\Downloads\Download Prog\uTorrent (1).exe
C:\Users\Claire\Downloads\Download Prog\utorrent.exe
C:\Users\Claire\Downloads\Download Prog\WinZip175.exe
EmptyTemp:



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



Also, please let me know if you're still having any problems with your computer.





.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Thu May 12, 2016 12:18 am    Post subject: Reply with quote

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Claire (2016-05-12 01:12:15) Run:3
Running from C:\Users\Claire\Downloads
Loaded Profiles: Claire (Available Profiles: Claire)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe
C:\Users\Claire\AppData\Local\bvxvyxxvcy\pbqrmvbub
C:\Users\Claire\AppData\Local\bvxvyxxvcy
C:\Users\Claire\Downloads\Download Prog\Setup.exe
C:\Users\Claire\Downloads\Download Prog\uTorrent (1).exe
C:\Users\Claire\Downloads\Download Prog\utorrent.exe
C:\Users\Claire\Downloads\Download Prog\WinZip175.exe
EmptyTemp:

*****************

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe => moved successfully
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe => moved successfully
C:\Users\Claire\AppData\Local\bvxvyxxvcy\pbqrmvbub => moved successfully
C:\Users\Claire\AppData\Local\bvxvyxxvcy => moved successfully
C:\Users\Claire\Downloads\Download Prog\Setup.exe => moved successfully
C:\Users\Claire\Downloads\Download Prog\uTorrent (1).exe => moved successfully
C:\Users\Claire\Downloads\Download Prog\utorrent.exe => moved successfully
C:\Users\Claire\Downloads\Download Prog\WinZip175.exe => moved successfully
EmptyTemp: => 74.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 01:12:25 ====



-------------



I am having no more popups appear on any browsers, thank fully. Only problem is with Final Fantasy XIV have odd black box glitch as if graphics didn't finish loading, but I doubt that is from my computer and might be game itself.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Thu May 12, 2016 1:25 am    Post subject: Reply with quote

I'm afraid your Final Fantasy XIV problem is beyond the scope of this forum, and you'll probably need to get assistance with it from one of its support forums ... http://forum.square-enix.com/ffxiv/forums/627-Technical-Support?s=744cf6f4a287a66033310307b70b6764

As far as your malware problems go, I think we've pretty much finished cleaning up your machine, and there's just a bit of housekeeping left to do.

First ...


  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
  • AdwCleaner will close and uninstall itself


Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.

Next ...

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes ...
    • Remove disinfection tools
    • Purge system restore

    ... then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.


Next ...

I notice you have an out of date version of Java installed ...

Quote:
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)


... old versions of Java can be exploited (and usually are).

Most people don't actually need Java to be installed on their machine, and can happily get by without it. I have not got it installed on my computer, and I can't remember the last time I was ever flagged by a site to install it. Do not mistake it for Javascript, which nearly websites use, it is not the same thing at all. Javascript translators are built into all modern browsers by default.

My advice is that you uninstall it, and see if you can get along without it.

If you find you can't, then you absolutely must ensure that you always have the most recent version installed ... http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html ... Java is one of the programs most frequently exploited by Malware writers, so keeping it up to date is vital.

Finally ...

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
AudrisCelene
Newbie


Joined: 10 May 2016
Last Visit: 12 May 2016
Posts: 9

PostPosted: Thu May 12, 2016 1:52 am    Post subject: Reply with quote

# DelFix v1.013 - Logfile created 12/05/2016 at 02:50:16
# Updated 17/04/2016 by Xplode
# Username : Claire - CLAIRE_PC
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\RegBackup
Deleted : C:\Users\Claire\Downloads\Fixlog.txt
Deleted : C:\Users\Claire\Downloads\FRST64.exe

~ Cleaning system restore ...

Deleted : RP #71 [Windows Update | 04/19/2016 06:02:43]
Deleted : RP #73 [Windows Update | 05/07/2016 12:55:37]
Deleted : RP #75 [Removed Skype™ 7.21 | 05/11/2016 00:36:17]

New restore point created !

########## - EOF - ##########



--------

I appreciate all the help you have given me honestly. I don't really care if game has the issue. I can redownload it. As for computer, I am grateful you took time to help me.

I also just decided to uninstall Java as honestly I never use it.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 21 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Thu May 12, 2016 2:31 am    Post subject: Reply with quote

You're welcome, glad we could help. Very Happy

Keep safe.

As everything now appears to have been dealt with ...

This topic is closed
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group