Computer hi jack off and online

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by User (administrator) on CASHTRADERS (05-07-2016 21:31:55)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User & barry & Michael)
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

Code:
==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
(Kaspersky Lab ZAO) C:\Users\User\AppData\Local\Temp\{DF8C6191-A4F8-4903-A065-E74B5D134F71}\{D1929069-BD95-4C77-904E-4686D13FD27E}.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [168152 2015-07-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [mbot_gb_62] => [X]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] (Qualcomm®Atheros®)
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [AutoHideMouseCursor] => "C:\Users\User\AppData\Local\Temp\Temp1_AutoHideMouseCursor (1).zip\AutoHideMouseCursor.exe" -bg <===== ATTENTION
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {01271CDF-E110-4F3A-AFA6-5A9EA8B176C2} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {01271CDF-E110-4F3A-AFA6-5A9EA8B176C2} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1            d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EEEB8153-09E6-4770-A624-BE46C4626F0F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{EEEB8153-09E6-4770-A624-BE46C4626F0F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"]www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome[/URL]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=WD8&Tid=00033BB0&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DN360%26pvid%3D21.1.0.18&OSP=
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/?type=502468&fr=spigot-yhp-ie
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL]
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"]www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1[/URL]
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"]www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1[/URL]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {706C3937-4161-4756-B6D5-B970A3FD84EE} URL = 
SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {C370EE6D-BD0F-4C2C-A2B8-1A391B10F9C2} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: TidyNetwork -> {C2260217-D66E-347E-E803-75AB650D31FC} -> C:\Program Files (x86)\TidyNetwork\petn64.dll => No File
BHO: FreeFLVConverter -> {DC7CE5D0-3608-4FD0-8853-D5822E02135D} -> C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll [2014-01-31] (Free FLV Converter)
BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\User\AppData\LocalLow\IE-BHO\bho.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll => No File
BHO-x32: TidyNetwork -> {C2260217-D66E-347E-E803-75AB650D31FC} -> C:\Program Files (x86)\TidyNetwork\petn.dll => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll => No File
BHO-x32: FreeFLVConverter -> {DC7CE5D0-3608-4FD0-8853-D5822E02135D} -> C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter.dll [2014-01-31] (Free FLV Converter)
Toolbar: HKLM - FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll No File
Toolbar: HKLM-x32 - FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport.dll No File
Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll No File
Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @tnt2ghost.com/Plugin -> C:\Users\User\AppData\Local\TNT2\2.0.0.1702\npTNT2ghost.dll [No File]
FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @tnt2npapi.com/Plugin -> C:\Users\User\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found
FF HKLM-x32\...\Firefox\Extensions: [extension@Free_FLV_Converter.com] - C:\Program Files (x86)\Free FLV Converter\extension@Free_FLV_Converter.com
FF Extension: FreeFLVConverter - C:\Program Files (x86)\Free FLV Converter\extension@Free_FLV_Converter.com [2014-02-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox => not found
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default
CHR Extension: (VLC for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\acdmpikaaapgadcocbfobfmkeloofnfb [2014-10-14]
CHR Extension: (ajpgkpeckebdhofmmjfgcjjiiejpodla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-09-26]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-10-25]
CHR Extension: (videos+Media+Players) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\hadldngabdmgfehgdojfmcmgnhlcckgp [2014-10-03] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/64969.xml] <==== ATTENTION
CHR Extension: (Browsers+_App+_Pro+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago [2014-09-25] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/65055.xml] <==== ATTENTION
CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-25]
CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb [2014-10-25] [UpdateUrl: hxxp://wwwbrowsesmartne-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Wajam) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-11-05]
CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2014-10-25]
CHR Extension: (videos_MediaPlayers_v1.1) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-10-23]
CHR Extension: (CinPl-2.5cV23.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-11-07]
CHR Extension: (RelevantKnowledge) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2014-10-25]
CHR Extension: (neebplgakaahbhdphmkckjjcegoiijjo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-09-27]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-10-25]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-09-21]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-03]
CHR Extension: (CinemaPro-ShopT1.3V29.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-29]
CHR Extension: (HC-PRO1.2V29.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pmepfkpjangbajhmnkaghmajcncgekdp [2014-09-29]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-04-23]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2016-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Adblock Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-01] (Samsung Electronics CO., LTD.)
S4 FreeFLVConverterUpdt; C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [252928 2014-01-31] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3014488 2015-03-24] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\TunesOver\DriverInstall.exe [103104 2015-09-17] (Wondershare)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-10] ()
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2015-07-11] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-06-17] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-17] (Qualcomm Atheros)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-29] (Symantec Corporation)
R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-11] (REALiX(tm))
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-07-11] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]
S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-05 21:31 - 2016-07-05 21:32 - 00025316 _____ C:\Users\User\Downloads\FRST.txt
2016-07-05 21:27 - 2016-07-05 21:31 - 00000000 ____D C:\FRST
2016-07-05 21:25 - 2016-07-05 21:25 - 02390016 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-07-05 20:42 - 2016-07-05 20:44 - 00222874 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_20.42.31_log.txt
2016-07-05 20:41 - 2016-07-05 20:42 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2016-07-05 20:31 - 2016-07-05 20:31 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-07-05 20:00 - 2016-07-05 20:00 - 00019961 _____ C:\Users\User\Downloads\AutoHideMouseCursor (1).zip
2016-06-22 19:24 - 2016-06-14 18:13 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-22 19:24 - 2016-06-14 18:13 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-22 15:17 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-06-22 15:17 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-06-22 14:03 - 2016-03-31 07:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-06-22 14:03 - 2016-03-31 04:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-06-22 14:02 - 2016-05-12 19:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-22 14:02 - 2016-05-12 18:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2016-06-22 14:02 - 2016-05-12 17:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-22 14:02 - 2016-05-12 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-22 14:02 - 2016-05-12 17:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-22 14:02 - 2016-05-12 16:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-22 14:02 - 2016-05-12 16:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-22 14:02 - 2016-05-12 16:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-22 14:02 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-06-22 14:02 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-06-22 14:02 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-06-22 14:02 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-06-22 14:02 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-06-22 14:02 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-06-22 14:02 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-06-22 14:02 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-06-22 14:02 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-06-22 14:01 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-06-22 14:01 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-06-22 14:01 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2016-06-22 14:01 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-06-22 14:01 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-06-22 14:00 - 2016-05-06 16:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-22 14:00 - 2016-05-06 16:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-22 14:00 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-06-22 14:00 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-06-22 14:00 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-06-22 13:59 - 2016-04-06 22:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-06-22 13:59 - 2016-04-06 18:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-06-22 13:59 - 2016-04-06 17:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-06-22 13:59 - 2016-04-06 16:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-06-22 13:59 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-22 13:59 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-22 13:59 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-06-22 13:59 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-06-22 13:59 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-06-22 13:59 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-06-22 13:58 - 2016-03-11 15:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-06-22 13:58 - 2016-03-10 18:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-06-22 13:58 - 2016-03-10 17:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-06-22 13:57 - 2016-04-09 22:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-06-22 13:57 - 2016-04-09 22:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-06-22 13:57 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-06-22 13:57 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-06-22 13:57 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-06-22 13:57 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-06-22 13:57 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-06-22 13:57 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-06-22 13:57 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-06-22 13:57 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-06-22 13:57 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-06-22 13:57 - 2015-12-03 18:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-06-22 13:57 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-06-22 13:57 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-06-22 13:57 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-06-22 13:57 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-06-22 13:57 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-06-22 13:57 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-06-22 13:57 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-06-22 13:56 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-06-22 13:56 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-06-22 13:56 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-06-22 13:56 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-06-22 13:55 - 2016-05-14 00:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-06-22 13:55 - 2016-03-03 02:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-22 13:55 - 2016-03-03 02:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-22 13:55 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-06-22 13:55 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-06-22 13:55 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-22 13:55 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-06-22 13:54 - 2016-04-10 05:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-06-22 13:54 - 2016-04-10 05:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-06-22 13:54 - 2016-03-03 17:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-06-22 13:54 - 2016-03-03 17:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-06-22 13:54 - 2015-07-16 01:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2016-06-22 13:54 - 2015-07-10 18:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2016-06-22 13:52 - 2016-05-09 22:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-06-22 13:52 - 2016-05-09 21:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-06-22 13:52 - 2016-05-09 21:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-22 13:52 - 2016-05-09 21:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-22 13:52 - 2015-12-11 01:13 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-22 13:52 - 2015-12-11 01:13 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-22 13:52 - 2015-12-11 01:13 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-22 13:52 - 2015-12-11 01:13 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-06-22 13:52 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-06-22 13:52 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-06-22 13:52 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-06-22 13:52 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-06-22 13:51 - 2016-05-16 22:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-22 13:51 - 2016-05-16 22:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-22 13:51 - 2016-05-16 22:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-22 13:51 - 2016-05-16 22:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-22 13:51 - 2016-05-14 00:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-22 13:51 - 2016-05-14 00:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-22 13:51 - 2016-05-14 00:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-22 13:51 - 2016-05-13 23:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-06-22 13:51 - 2016-05-13 22:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-06-22 13:51 - 2016-04-06 19:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-06-22 13:51 - 2016-04-06 19:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-06-22 13:51 - 2016-04-06 19:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-06-22 13:51 - 2016-04-06 17:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-06-22 13:51 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-22 13:51 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-06-22 13:51 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-06-22 13:51 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-06-22 13:51 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-06-22 13:51 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-06-22 13:51 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-06-22 13:51 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-06-22 13:51 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-06-22 13:51 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-06-22 13:51 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-06-22 13:51 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-06-22 13:51 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-06-22 13:51 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2016-06-22 13:50 - 2016-03-29 02:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-22 13:50 - 2016-02-11 21:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-06-22 13:50 - 2016-02-11 21:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-06-22 13:50 - 2016-02-11 21:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-06-22 13:50 - 2016-02-11 21:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-06-22 13:50 - 2016-02-11 21:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-06-22 13:50 - 2016-02-11 21:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-06-22 13:50 - 2016-02-09 19:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-06-22 13:48 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-22 13:48 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-22 13:48 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-06-22 13:48 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-06-22 13:48 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-06-22 13:48 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-06-22 13:48 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-06-22 13:48 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-06-22 13:48 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-06-22 13:48 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-06-22 13:48 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-06-22 13:48 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-06-22 13:48 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-06-22 13:48 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2016-06-22 13:48 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-06-22 13:48 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-06-22 13:47 - 2016-05-18 06:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-22 13:47 - 2016-05-18 06:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-22 13:47 - 2016-05-14 00:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-22 13:47 - 2016-05-13 23:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-22 13:47 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-06-22 13:47 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-06-22 13:47 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-06-22 13:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-06-22 13:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-06-22 13:47 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-06-22 13:47 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2016-06-22 13:47 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2016-06-22 13:47 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-22 13:47 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-22 13:47 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-06-22 13:47 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-06-22 13:47 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-06-22 13:47 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-06-22 13:47 - 2015-07-07 10:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2016-06-22 13:47 - 2015-07-07 10:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2016-06-22 13:47 - 2015-07-07 10:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2016-06-22 13:47 - 2015-07-01 23:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-06-22 13:47 - 2015-07-01 23:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-06-22 13:47 - 2015-07-01 22:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-06-22 13:47 - 2015-07-01 22:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-06-22 13:46 - 2016-04-10 08:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-06-22 13:46 - 2016-04-10 08:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-06-22 13:43 - 2016-05-20 22:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-06-22 13:43 - 2016-05-20 22:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-06-22 13:43 - 2016-04-22 20:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-06-22 13:43 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-06-22 13:43 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-06-22 13:43 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
2016-06-22 13:43 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
2016-06-22 13:43 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-06-22 13:43 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-06-22 13:43 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-06-22 13:43 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-06-22 13:43 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-06-22 13:43 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-06-22 13:43 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-06-22 13:43 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-06-22 13:43 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-06-22 13:43 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-06-22 13:43 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-06-22 13:43 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-06-22 13:43 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2016-06-22 13:43 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2016-06-22 13:42 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-22 13:42 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-22 13:42 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-22 13:42 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-22 13:42 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-22 13:42 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-22 13:42 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-06-22 13:42 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-06-22 13:42 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-22 13:42 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-06-22 13:42 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-22 13:42 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-06-22 13:42 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-06-22 13:42 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-06-22 13:42 - 2016-05-20 22:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-06-22 13:42 - 2016-05-20 22:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-06-22 13:42 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-22 13:42 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-06-22 13:42 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-22 13:42 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-06-22 13:42 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-22 13:42 - 2016-05-20 22:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-06-22 13:42 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-06-22 13:42 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-22 13:42 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-06-22 13:42 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-22 13:42 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-22 13:42 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-22 13:42 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-06-22 13:42 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-22 13:42 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-06-22 13:42 - 2016-04-22 19:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-06-22 13:42 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-06-22 13:42 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2016-06-22 13:42 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2016-06-22 13:42 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2016-06-22 13:42 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2016-06-22 13:42 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2016-06-22 13:42 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2016-06-22 13:42 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2016-06-22 13:42 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2016-06-22 13:42 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2016-06-22 13:41 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-06-22 13:41 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2016-06-22 13:41 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2016-06-22 13:41 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2016-06-22 13:39 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-06-22 13:39 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-06-22 13:39 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2016-06-22 13:39 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2016-06-22 13:39 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-06-22 13:39 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2016-06-22 13:39 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2016-06-22 13:39 - 2015-07-14 04:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-06-22 13:39 - 2015-07-14 04:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-06-22 13:38 - 2016-04-11 07:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-06-22 13:38 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-06-22 13:38 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-06-22 13:38 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-06-22 13:38 - 2015-07-10 19:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2016-06-22 13:38 - 2015-07-10 18:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2016-06-22 13:38 - 2015-07-10 18:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-06-22 13:38 - 2015-07-10 17:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-06-22 13:37 - 2016-04-10 06:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-22 13:36 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2016-06-22 13:35 - 2016-05-19 00:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-22 13:35 - 2016-05-18 21:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-22 13:35 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-06-22 13:35 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-06-22 13:35 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-06-22 13:35 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-06-22 13:34 - 2016-05-14 21:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-22 13:34 - 2016-05-14 21:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-22 13:34 - 2016-05-14 00:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-22 13:34 - 2016-05-13 22:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-22 13:34 - 2016-05-13 22:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-22 13:34 - 2016-05-13 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-22 13:34 - 2016-05-13 22:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-22 13:34 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2016-06-22 13:34 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2016-06-22 13:34 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-06-22 13:34 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-06-22 13:34 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-06-22 13:34 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-06-22 13:34 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-06-22 13:34 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-06-22 13:34 - 2015-07-13 20:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-06-22 13:34 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2016-06-22 13:33 - 2016-03-03 17:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-06-22 13:33 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-06-22 13:33 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-06-18 12:44 - 2016-06-18 17:01 - 787646714 _____ C:\Users\User\Downloads\0268_contract_flw.wmv
2016-06-18 08:37 - 2016-06-18 08:37 - 00003184 _____ C:\WINDOWS\System32\Tasks\{F803D07D-53B6-44A6-9B4E-F993646F5F47}
2016-06-13 10:55 - 2016-06-13 10:56 - 16016336 _____ (Ventis Media Inc. ) C:\Users\User\Downloads\MediaMonkey_4.1.12.1798.exe
2016-06-09 09:24 - 2016-06-09 12:27 - 563919525 _____ C:\Users\User\Downloads\0265_catsuit_dom_prh.wmv
2016-06-08 12:41 - 2016-06-08 16:57 - 785022505 _____ C:\Users\User\Downloads\34346.wmv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-05 20:52 - 2016-04-23 17:41 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-05 20:30 - 2016-04-23 17:41 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-05 20:30 - 2015-04-03 13:05 - 00000000 ___RD C:\Users\User\OneDrive
2016-07-05 20:30 - 2014-10-22 12:40 - 00000482 _____ C:\WINDOWS\Tasks\RegCure Pro Startup.job
2016-07-05 20:30 - 2013-05-16 07:52 - 00000000 ____D C:\ProgramData\Samsung
2016-07-05 20:26 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-05 20:10 - 2015-11-17 13:05 - 00730464 _____ C:\WINDOWS\ntbtlog.txt
2016-07-05 19:47 - 2015-11-09 16:05 - 00000000 ____D C:\Users\User\AppData\Roaming\MediaMonkey
2016-07-05 08:47 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-04 11:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-22 21:54 - 2013-12-17 17:23 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966991898-3599612516-2177771990-1001
2016-06-22 19:29 - 2014-11-22 02:01 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-22 19:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-22 19:22 - 2013-08-22 15:44 - 00541624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-22 19:16 - 2014-11-22 01:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-06-22 15:25 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-22 14:25 - 2013-12-30 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-22 14:13 - 2013-12-30 22:06 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-21 16:51 - 2016-01-21 16:05 - 00000000 ____D C:\Users\Michael
2016-06-21 16:51 - 2016-01-04 21:46 - 00000000 ____D C:\Users\barry
2016-06-21 15:47 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 13:07 - 2013-12-24 20:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Real
2016-06-18 08:38 - 2013-12-24 20:11 - 00000000 ____D C:\Program Files (x86)\Real
2016-06-18 08:38 - 2013-12-24 20:02 - 00000000 ____D C:\ProgramData\Real
2016-06-17 23:58 - 2016-04-23 17:42 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 23:58 - 2016-04-23 17:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 13:02 - 2013-05-16 05:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-17 13:02 - 2013-05-16 05:46 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-06-17 12:59 - 2014-02-13 18:23 - 00000000 ____D C:\ProgramData\SPEEDbit
2016-06-15 21:40 - 2014-03-15 01:31 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-13 10:05 - 2016-04-04 20:48 - 00003344 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2966991898-3599612516-2177771990-1001
2016-06-13 10:05 - 2016-04-04 20:48 - 00003292 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2966991898-3599612516-2177771990-1001
2016-06-13 10:01 - 2013-05-16 08:01 - 00000000 ____D C:\ProgramData\Temp
2016-06-13 09:58 - 2013-12-25 00:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Files in the root of some directories =======

2015-04-11 05:39 - 2015-06-18 06:38 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt
2013-12-24 21:03 - 2014-12-07 14:23 - 0000250 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-09-30 11:54 - 2014-09-30 11:52 - 0612068 _____ (ClickMeIn Limited) C:\Users\User\AppData\Local\nsx821D.tmp
2014-09-23 09:06 - 2014-09-23 09:40 - 0000003 _____ () C:\Users\User\AppData\Local\proxy.log
2015-03-09 20:09 - 2015-03-09 20:09 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2015-07-11 15:19 - 2015-07-11 15:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-16 08:00 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-05-16 08:00 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\cabex.dll
C:\Users\User\AppData\Local\Temp\GRRemove.exe
C:\Users\User\AppData\Local\Temp\lowproc.exe
C:\Users\User\AppData\Local\Temp\offer-E6EF00E5-E247-4655-BDE3-84CDE97C5AD4.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\stubhelper.dll
C:\Users\User\AppData\Local\Temp\TomsDownloader5B29520.exe
C:\Users\User\AppData\Local\Temp\unelevate.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-11 05:03

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by User (2016-07-05 21:34:42)
Running from C:\Users\User\Downloads
Windows 8.1 (Update) (X64) (2015-03-13 06:29:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2966991898-3599612516-2177771990-500 - Administrator - Disabled)
barry (S-1-5-21-2966991898-3599612516-2177771990-1002 - Limited - Enabled) => C:\Users\barry
Guest (S-1-5-21-2966991898-3599612516-2177771990-501 - Limited - Disabled)
Michael (S-1-5-21-2966991898-3599612516-2177771990-1003 - Limited - Enabled) => C:\Users\Michael
User (S-1-5-21-2966991898-3599612516-2177771990-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced File Optimizer (HKLM-x32\...\Advanced File Optimizer_is1) (Version: 2.1.1000.10518 - Systweak Software)
AnyTrans 4.7.4 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.7.4 - iMobie Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free FLV Converter (HKLM-x32\...\Free FLV Converter) (Version: 7.13 - Free FLV Converter)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSkysoft TunesOver ( Version 3.8.1 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 3.8.1 - iSkysoft)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.15.0 - ParetoLogic, Inc.) <==== ATTENTION
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Snap.Do Engine (HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\{eb392a6a-a80a-4725-bb70-5173e0d6dc30}) (Version: 10.235.1.13231 - ReSoft Ltd.) <==== ATTENTION
Songbird 2.2.0 (Build 2453) (HKLM-x32\...\Songbird-release-2453) (Version:  - )
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
User Guide (HKLM-x32\...\{029A9E80-E460-4108-8825-3A449EC9A26A}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
videos_MediaPlayers_v1.1 (HKLM-x32\...\videos_MediaPlayers_v1.1) (Version: 1.35.9.29 - enter) <==== ATTENTION
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001_Classes\CLSID\{ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {067D0F00-0FA3-46A5-9514-4114E43C1143} - System32\Tasks\power_gaming_helper_service => C:\Program Files (x86)\Power Gaming\power_gaming_helper_service.exe <==== ATTENTION
Task: {17D451B4-FBC8-49D6-9101-F8534C3D3EC3} - System32\Tasks\{4C2920F5-1B54-40E3-9461-E85CD4B1CC31} => pcalua.exe -a "C:\Program Files (x86)\BrowseSmart\BrowseSmartUn.exe" -c REP_BD_
Task: {192137E6-913C-4A2C-B23A-E3AAB40252FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)
Task: {1AE6E271-F1BE-4587-AB77-17406076944D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {2486B511-3AC6-42D1-B7DE-FEAE313587C1} - System32\Tasks\{F803D07D-53B6-44A6-9B4E-F993646F5F47} => pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|16.0
Task: {2E91BE0E-9283-4484-B048-A1C56B1FAC3D} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {37970E22-6454-4387-B0B6-261019D1347B} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {3A7A3D09-0540-42BA-8B38-4035C4E044A8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2966991898-3599612516-2177771990-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3AA9C0CA-270E-4565-B792-2E832DCC049A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2966991898-3599612516-2177771990-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3BF38695-1E2B-43C7-A112-A130A82A3D6C} - System32\Tasks\franzy_shopping_deals_helper_service => C:\Program Files (x86)\Franzy Shopping Deals\franzy_shopping_deals_helper_service.exe <==== ATTENTION
Task: {43C29C62-26E4-4149-8402-95F8AED4030D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-22] (Microsoft Corporation)
Task: {444DFDB5-E1FB-402D-8BC9-22FC063FF351} - System32\Tasks\Driver Booster SkipUAC (User) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {48EB9BFA-7B34-48DB-A0AD-04E5F100CD8C} - System32\Tasks\Norton Security Scan for User => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {4C35FFD7-EC3E-4C13-B2D0-2F8795F9C2E6} - System32\Tasks\{DBD8AE61-7537-4F19-9C5A-E09D797012FD} => pcalua.exe -a "C:\Program Files (x86)\ShopperPro\SPremove.exe" <==== ATTENTION
Task: {5282A820-DF67-4F46-AE8F-C07AD3C50FBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)
Task: {529D06B4-1B04-433F-B350-46717E5BE8E1} - \RegClean Pro -> No File <==== ATTENTION
Task: {632EFA4D-8B18-4AD3-A7B0-2555DD6A5078} - System32\Tasks\FFMPEGUpd => C:\PROGRA~2\FFMPEG\FFMPEG~1.EXE
Task: {9246EA83-3997-4269-872A-6A60FCBDB9E3} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)
Task: {A4C88BA3-9A86-4B48-B501-155145D97965} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {BC8A7E7E-0587-4BB0-A5D8-D40F57E2C14E} - System32\Tasks\RegCure Pro_sch_2A74612F-59E0-11E4-BEEC-1867B0A6A649 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: {BF8AAA95-FF24-48E9-B298-636B3EA7F68F} - System32\Tasks\tmptsk9525 => C:\Users\User\AppData\Local\Temp\65055_updater.exe <==== ATTENTION
Task: {D4614DF8-00E3-4410-B86B-A34B52F960C9} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: {D7CD9B60-1121-4AED-BB3B-1424EED72899} - System32\Tasks\cool_deals_helper_service => C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe <==== ATTENTION
Task: {E56013A4-8B9A-4314-BB24-9BFC0EE14FA4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-01] (Samsung Electronics CO., LTD.)
Task: {EF061B38-C9FF-4B47-9EE4-92EC5BDA9A54} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {F14EF34C-A70F-4EBF-9CF3-40CE79317C17} - System32\Tasks\AdobeAAMUpdater-1.0-CashTraders-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_User.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-03-10 20:46 - 2015-03-10 20:44 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2013-02-01 02:52 - 2013-02-01 02:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-06-17 08:32 - 2014-06-17 08:32 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-06-17 08:29 - 2014-06-17 08:29 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-06-17 08:35 - 2014-06-17 08:35 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-02-04 16:11 - 2015-02-04 16:11 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-07-03 05:50 - 2015-07-03 05:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-05-16 05:45 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-02-01 02:52 - 2013-02-01 02:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-10-27 16:50 - 2014-10-31 17:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-10-27 16:50 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-06-17 23:58 - 2016-06-15 10:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 23:58 - 2016-06-15 10:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-17 23:58 - 2016-06-15 10:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [132]
AlternateDataStreams: C:\ProgramData\Temp:D346F792 [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-09-24 11:21 - 00000867 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1            d3oxij66pru1i3.cloudfront.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: Registry Helper Service => 2
MSCONFIG\Services: vToolbarUpdater18.4.0 => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Bitcasa"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BrowserSafeguard"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "CommonToolkitTray"
HKLM\...\StartupApproved\Run32: => "Internet Helper Anti-phishing"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SPDriver"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "Registry Helper"
HKLM\...\StartupApproved\Run32: => "ConvertAd"
HKLM\...\StartupApproved\Run32: => "OfferBoulevard"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "Bubble Dock"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "FDPRO-516"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "PC Health Kit"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "SearchProtection"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"
HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "IDMSQ"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A01230FF-F1F3-4466-A73E-096DFBB8B13B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{235B4728-55F3-4EB1-9A11-3D944112DEFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{78C11C67-5538-420C-A728-ACE1AED5E5A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{820C5759-FD0B-44C1-B267-D1551D44531D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7432915F-FA26-4779-B6D3-5EDC3147F939}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{EE03B8DE-9243-44F4-984A-74F6BABB9AB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{A63D1163-061B-4EA6-87DE-22434990C53C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{39B679ED-0FB6-405E-91AB-2E223ED99FA7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{C77950A3-5A7A-4595-AFE5-FA62F1D17ADD}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{45ABDF5A-0737-4CFD-8E03-6A35BA446039}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{EC51764F-81D8-4BEC-A5FF-E93D6D3E8D29}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{0EAD5651-38F2-4FBD-A7AE-41A2819FBF2E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{FC6B1D68-EFB5-4445-A1D6-6DFE2B2D840B}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9ED27726-82E4-4FEC-8D1F-40885D35FC75}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{86BC5F82-DB78-4D81-AFDF-4DDA89104218}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{F5B6F858-FD2C-4FB4-AC5A-A6A0C48D8136}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{2B120B6E-1538-48B6-9051-043A5026C9E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{D12ADE26-E5FF-441E-8BFB-A889DD2A2B36}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{3861950F-64EE-4021-B4C5-15590F4A4CBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{911E651E-B275-40A5-A5AB-12F16AA871AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{F56349AE-FBC1-4C60-ACAD-88372827E9A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{29570562-D000-4FDA-B16F-A00EF972A6E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{625A100D-13BE-4C82-BAC1-2B6A60EA99C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2F8432B-D5C4-41F8-ADB5-153A98505E24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{67198470-134E-4277-AA6C-353EFDC02177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF498182-713B-4EA2-81ED-97E98B4CC1BC}] => (Allow) LPort=1900
FirewallRules: [{68D97DB3-57F7-4DC0-B9A8-2614EDCBF22F}] => (Allow) LPort=2869
FirewallRules: [{B0E3A871-97CC-428D-8B57-0FF74693A650}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B98D0942-D8B3-46F3-A21C-3C7BFB00324E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{84F871C5-A220-4F5E-A123-A035B2D57BE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{F267B9D7-B349-49C9-80CE-79020EFE73DF}C:\program files (x86)\songbird\songbird.exe] => (Allow) C:\program files (x86)\songbird\songbird.exe
FirewallRules: [UDP Query User{D6E9B108-4BA3-4E34-B6BF-20D0E6AC225D}C:\program files (x86)\songbird\songbird.exe] => (Allow) C:\program files (x86)\songbird\songbird.exe
FirewallRules: [TCP Query User{CD54379F-349F-4B83-AE4F-A9B9753789F9}C:\program files (x86)\songbird\songbird.exe] => (Block) C:\program files (x86)\songbird\songbird.exe
FirewallRules: [UDP Query User{E51FD9B3-8845-41F4-9E98-468C8F930BA7}C:\program files (x86)\songbird\songbird.exe] => (Block) C:\program files (x86)\songbird\songbird.exe
FirewallRules: [{79FA9221-CD16-4F10-8E5C-DAA07FB6D68E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B7258EEC-9216-42C2-A887-65B3CBBF9C0D}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{04ACDEC5-A98B-458A-89F3-40F02C986CAF}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{022644F4-E66C-48AD-A012-89BAFE17D2BB}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{800B11B5-9DA9-40B1-A93E-ACDCA76BF687}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{9B1B18EB-90D5-46FB-BA48-B1F9F725C344}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{A9CE91DD-33C4-4802-990B-D0EFAFB893FB}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{D123C5CC-4EA0-4263-A4CA-5A069381BEDE}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{2958A8A8-F23F-4CC3-A2E8-8190E31CD04F}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{F27C7AD1-0CC1-42C0-B8C9-85FC983C919A}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\user\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{895DA32A-E592-4809-AF5D-EF776CBB7CE5}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\user\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{B930571F-B83C-441A-BA5A-50C12F050210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-06-2016 13:00:33 Removed Realtek Ethernet Controller Driver
22-06-2016 14:04:08 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2016 07:40:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/05/2016 06:32:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/05/2016 11:38:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/05/2016 09:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/05/2016 08:42:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26
Faulting module name: devmgr.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504b46
Exception code: 0xc000041d
Fault offset: 0x00000000000202ff
Faulting process ID: 0xdd0
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report ID: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5

Error: (07/05/2016 08:42:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26
Faulting module name: devmgr.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504b46
Exception code: 0xc0000005
Fault offset: 0x00000000000202ff
Faulting process ID: 0xdd0
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report ID: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5

Error: (07/05/2016 07:41:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/05/2016 07:17:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 09:34:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 08:13:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)
Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (07/05/2016 08:26:18 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (07/05/2016 08:25:51 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/05/2016 08:25:51 PM) (Source: DCOM) (EventID: 10010) (User: CASHTRADERS)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (07/05/2016 08:25:10 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/05/2016 08:25:10 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/05/2016 08:25:09 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/05/2016 08:25:09 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/05/2016 08:25:08 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/05/2016 08:25:08 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/05/2016 08:25:07 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}


CodeIntegrity:
===================================
  Date: 2016-07-05 21:30:56.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:55.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:55.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:54.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:53.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:53.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:53.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:52.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:52.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-05 21:30:51.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Percentage of memory in use: 60%
Total physical RAM: 3969.93 MB
Available physical RAM: 1549.24 MB
Total Virtual: 8833.93 MB
Available Virtual: 5824.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.42 GB) (Free:197.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DD49C7C1)

Partition: GPT.

==================== End of Addition.txt ============================
 
Last edited by a moderator:

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
Hello

I just ran another scan and I have uploaded as was asked of me
 

Attachments

  • FRST.txt
    67.6 KB · Views: 3
  • Addition.txt
    36 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
I have done as requested and here is the report
 

Attachments

  • 2016.07.06-10.11.57-i0-t92-d275.txt
    125 KB · Views: 2

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Okay, I will need fresh FRST reports now:

FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
Here is the new scan results as requested
 

Attachments

  • FRST.txt
    68.8 KB · Views: 1
  • Addition.txt
    36.2 KB · Views: 2

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I need you to uninstall these programs:

RegCure Pro
Snap.Do Engine
Updater
videos_MediaPlayers_v1.1


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 

Attachments

  • fixlist.txt
    8.2 KB · Views: 3

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
It said I had already uninstalled "reg cure pro" "videos_MediaPlayers_v1.1" and "updater" when I went to uninstall it and "snap do" wouldn't uninstall.


Here is the AdwCleaner copy as requested

# AdwCleaner v5.201 - Logfile created 06/07/2016 at 12:04:22
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 8.1 (X64)
# Username : User - CASHTRADERS
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib

***** [ Services ] *****

[-] Service Deleted : WtuSystemSupport

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Speedbit
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\Speedbit
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[-] Folder Deleted : C:\Users\Public\Documents\Speedbit
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Program Files (x86)\Free FLV Converter
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
[-] Folder Deleted : C:\Users\User\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\User\AppData\Local\StormAlerts
[-] Folder Deleted : C:\Users\User\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_7668
[-] Folder Deleted : C:\Users\User\AppData\Local\Installer\Install_8731
[-] Folder Deleted : C:\Users\User\AppData\LocalLow\Speedbit
[-] Folder Deleted : C:\Users\User\AppData\LocalLow\Toolbar4
[-] Folder Deleted : C:\Users\User\AppData\LocalLow\avg web tuneup
[-] Folder Deleted : C:\Users\User\AppData\Roaming\GoldenGate
[-] Folder Deleted : C:\Users\User\AppData\Roaming\RPEng
[-] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bfgpcnhmalffggacelcbaecfocdhliko
[-] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\opknhffhgacmhdojglcnaoagcccjlgeb
[#] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bfgpcnhmalffggacelcbaecfocdhliko
[#] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\opknhffhgacmhdojglcnaoagcccjlgeb
[-] Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bfgpcnhmalffggacelcbaecfocdhliko
[-] Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\opknhffhgacmhdojglcnaoagcccjlgeb
[#] Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bfgpcnhmalffggacelcbaecfocdhliko
[#] Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\opknhffhgacmhdojglcnaoagcccjlgeb

***** [ Files ] *****

[-] File Deleted : C:\Users\User\Documents\PCSpeedUp-Silent-Update.exe
[#] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hoidflomjnnnbiemmkjdjkkialmhbago_0
[#] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hoidflomjnnnbiemmkjdjkkialmhbago
[#] File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ippenodjaoidmkkfdlmdhofiebnpjddb
[-] File Deleted : C:\Users\User\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\User\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : ParetoLogic Update Version3_triggeronce

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKCU\Software\Classes\.bubbledock
[-] Key Deleted : HKCU\Software\Classes\bubbledock
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\SBCONVERT.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT
[-] Key Deleted : HKLM\SOFTWARE\Classes\SBCONVERT.SBCONVERT.3
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SBCONVERT.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[-] Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{DB40EAF2-2025-4F74-B9EF-7C0782F26C84}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB40EAF2-2025-4F74-B9EF-7C0782F26C84}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FF7C3CE2-4B15-11D1-ABED-709549C10000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A18D16ED-27B2-4B83-B70C-15E73F099546}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{FCED84AA-0E0F-497E-9DD0-536082F684DB}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\BrowseSmart
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\GoldenGate
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\smartbarlog
[-] Key Deleted : HKCU\Software\SpeedBit
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKLM\SOFTWARE\MaxPower
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Object Browser
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\SBConvert
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\SpeedBit
[-] Key Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider
[-] Key Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
[-] Key Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Object Browser
[-] Key Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Sense
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Data Restored : HKLM\SOFTWARE\Classes\Unknown\shell\openas\command []
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [24x7HELP]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Browser Infrastructure Helper]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [browsersafeguard]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Bubble Dock]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [CommonToolkitTray]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ConvertAd]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [IDMSQ]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Iminent]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [IminentMessenger]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [NextLive]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [OfferBoulevard]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [PC Health Kit]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [PCFixSpeed]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [pcspeedup]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Price-Horse]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Registry Helper]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchProtection]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SPDriver]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SPDriver]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Super Optimizer]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Updater]
[-] Value Deleted : HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Updater]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [YTDownloader]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdate
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\globalUpdatem
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Registry Helper Service
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\wauctla Service

***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fpmeembnagmagppkgghhfjfdfajdfcah
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kbjlipmgfoamgjaogmbihaffnpkpjajp
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ledcpigomgblcmofccnacobhmcdkpiea

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [22350 bytes] - [06/07/2016 12:04:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [22287 bytes] - [06/07/2016 11:59:32]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [22498 bytes] ##########
 

Attachments

  • Fixlog.txt
    19.1 KB · Views: 1
  • Fixlog.txt
    19.1 KB · Views: 0

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
I think it may of been scrolling down as I tried to click on google chrome after the reboot but I can't remember
 

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
I don't want to say its fine and then the thread is closed and then the problems start again
 

Liger

New Member
Thread author
Verified
Jul 5, 2016
35
I have been logged out of a forum that I was logged onto for months. So I'm thinking there is still an issue
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Where is it happening? You will need to be more precise and provide me with more info so I can help you.

Don't write answers just to answer, write them to help me understand the problem. Helping me, your help yourself.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top