Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aggressive Google Re-Direct Issues [Solved]


  • This topic is locked This topic is locked

#1
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Member
  • PipPip
  • 10 posts

Hi there, hoping you can help me.

 

I have issues with Google re-directs. I've tried TDSSKiller, AntiMalwareBytes and Free AVG 2015 to get rid of it, but it's still there and very aggressive.

 

There is a file extension that i don't recognize called UNISOALESA 2.0, which restores itself after i delete it. Unsure if this has any significance?

 

Your help would be greatly appreciated. I've run an OTL.exe and is attached below: Thanks, Mike Allen.

 

 


OTL logfile created on: 02/01/2015 20:32:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mike\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17498)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.90 Gb Total Physical Memory | 4.78 Gb Available Physical Memory | 60.55% Memory free
15.90 Gb Paging File | 11.03 Gb Available in Paging File | 69.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.62 Gb Total Space | 861.67 Gb Free Space | 94.31% Space Free | Partition Type: NTFS
Drive D: | 16.87 Gb Total Space | 1.63 Gb Free Space | 9.66% Space Free | Partition Type: NTFS
 
Computer Name: DADSLAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/02 20:32:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Downloads\OTL.com
PRC - [2015/01/01 17:45:28 | 003,081,752 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
PRC - [2015/01/01 17:45:28 | 001,850,392 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
PRC - [2015/01/01 17:45:28 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
PRC - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/12/18 09:51:32 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
PRC - [2014/12/18 09:51:14 | 003,667,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/12/06 01:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/29 00:31:31 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2014/10/09 16:16:04 | 000,509,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/10/07 15:35:06 | 000,843,480 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2014/10/07 15:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2014/10/07 15:33:16 | 000,366,808 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2014/10/07 15:33:08 | 000,260,824 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2014/10/07 15:33:04 | 000,378,072 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2014/03/07 08:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/11/08 10:22:20 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/08/05 07:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/01 17:45:29 | 001,686,552 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
MOD - [2015/01/01 17:45:29 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\log4cplusU.dll
MOD - [2015/01/01 17:45:28 | 003,081,752 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
MOD - [2014/12/27 13:04:36 | 001,446,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\d95233ab81f7f8b86b98a6214b00af31\HD-Agent.ni.exe
MOD - [2014/12/27 13:04:13 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\3c332d42e7e0bafa726a0ca29c469c33\JSON.ni.dll
MOD - [2014/12/06 01:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/06 01:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/06 01:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/06 01:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/06 01:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/11 08:37:16 | 011,926,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6074b87793a7906a01317ea8832e7330\System.Web.ni.dll
MOD - [2014/11/11 08:36:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0f06c6152e5384e75e9517c79ed500d4\System.Configuration.ni.dll
MOD - [2014/11/11 08:29:54 | 005,467,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll
MOD - [2014/11/11 08:29:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6b1a3043fa76fc0f83502099411d2a10\System.Windows.Forms.ni.dll
MOD - [2014/11/11 08:29:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\828956d62d94914af63efc7fb36d1120\System.Drawing.ni.dll
MOD - [2014/11/11 08:28:56 | 007,995,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll
MOD - [2014/11/11 08:28:48 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll
MOD - [2013/08/05 14:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 07:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/02 11:51:42 | 007,138,664 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe -- (ReimageRealTimeProtector)
SRV:64bit: - [2014/11/11 00:31:16 | 000,282,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2014/10/31 04:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/29 03:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/29 03:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/29 02:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/29 02:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/29 02:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/29 02:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/29 02:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/29 01:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/29 01:48:36 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/29 01:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/29 01:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/29 01:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/29 01:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/29 01:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/10/29 01:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/29 01:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/29 01:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/29 01:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/29 01:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/29 01:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/29 01:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/29 01:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/29 01:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/29 01:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/29 01:11:10 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/29 01:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/10/29 01:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/29 00:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/10/29 00:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/29 00:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/29 00:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 03:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/04/02 09:52:00 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2014/03/28 12:39:10 | 000,088,064 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2014/01/08 22:12:48 | 000,290,520 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/11/08 10:22:20 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2009/11/18 02:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2015/01/01 17:45:28 | 001,850,392 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe -- (vToolbarUpdater18.2.0)
SRV - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/12/18 09:51:32 | 001,486,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe -- (avgfws)
SRV - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/11/11 00:31:17 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/10/29 03:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/29 01:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 01:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/29 00:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/09 16:16:16 | 000,569,608 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/10/07 15:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/04/02 09:52:00 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/04/02 09:52:00 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/04/02 09:52:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2014/01/13 07:02:24 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/01 17:45:29 | 000,052,000 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/11/30 19:47:56 | 003,529,944 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2014/11/18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/11/11 00:31:14 | 004,233,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/11/11 00:31:11 | 000,450,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/10/29 03:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/29 03:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/29 03:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/29 03:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/29 02:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/29 02:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/10/29 02:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/29 02:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/29 02:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/29 02:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 08:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/13 02:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 02:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 02:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/08 09:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/10/07 06:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/10/07 06:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 06:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/10/05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/09/24 20:03:42 | 000,277,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014/09/22 03:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 03:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 02:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/08/15 00:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/04/25 02:59:31 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/20 03:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/18 09:54:51 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 09:54:39 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 09:54:39 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 09:54:38 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 09:54:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 09:37:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/02/07 02:25:47 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/02/07 02:25:47 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2014/01/28 03:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2014/01/27 23:33:20 | 000,839,896 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/01/04 00:08:00 | 000,291,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2013/12/13 05:03:00 | 000,542,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/12/13 05:02:56 | 000,031,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/12/13 05:02:56 | 000,029,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/12/09 14:26:24 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/06 15:12:26 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/09/04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/22 13:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 13:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 12:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 12:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 12:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 12:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 12:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 12:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 12:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 12:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 12:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 12:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 12:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 12:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 12:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 12:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 12:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 12:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 12:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 12:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 12:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 12:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 12:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 12:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 12:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 12:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 12:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 12:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 11:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 11:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 11:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 11:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 11:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 11:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 11:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 11:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 11:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 11:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 11:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 11:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 11:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 11:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 11:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 11:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 08:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 23:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 00:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 18:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 19:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/22 15:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/06/18 14:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/03/05 11:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV - [2014/10/07 15:33:44 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D5D77AED-A36A-42BF-8A95-C7E3F524E6FF}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{D5D77AED-A36A-42BF-8A95-C7E3F524E6FF}: "URL" = http://www.amazon.co...s={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://mysearch.avg.com/search?cid={84A68F10-B7BC-4461-83B2-CE0B6FAEB5C8}&mid=03bde8a087e747cda1c0b518404f98cf-f5e661a78b51e18421be2865707665ca2bf18d03&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-01-01 17:45:51&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D5D77AED-A36A-42BF-8A95-C7E3F524E6FF}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Slides = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: Google Docs = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Sheets = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: Hola Better Internet = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.16_0\
CHR - Extension: Google Wallet = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 13:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Web TuneUp) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (AVG Web TuneUp) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe ()
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FBFC31-E3BB-40D2-9027-1A4E498EA9CA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C36B144-F3D4-4798-AC45-8717AA072FEB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/02 20:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2015/01/02 20:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2015/01/02 20:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Reimage Protector
[2015/01/02 20:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2015/01/02 20:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2015/01/02 20:07:16 | 000,000,000 | ---D | C] -- C:\rei
[2015/01/01 17:50:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AVG
[2015/01/01 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Avg
[2015/01/01 17:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2015/01/01 17:46:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\AVG Web TuneUp
[2015/01/01 17:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2015/01/01 17:45:50 | 000,052,000 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2015/01/01 17:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2015/01/01 17:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2015/01/01 17:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Web TuneUp
[2015/01/01 17:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Web TuneUp
[2015/01/01 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Web TuneUp
[2015/01/01 17:44:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Avg_Update_1014av
[2015/01/01 17:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1014av
[2015/01/01 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AVG2015
[2015/01/01 17:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015/01/01 17:41:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\TuneUp Software
[2015/01/01 17:40:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2015/01/01 17:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2015/01/01 17:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2015/01/01 17:37:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015/01/01 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\MFAData
[2015/01/01 17:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015/01/01 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Avg2015
[2014/12/30 21:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\11669198602080608406
[2014/12/30 21:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\unisoalesa
[2014/12/30 21:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\jneppflghoooempkigbenmioijolbmog
[2014/12/28 13:24:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/12/27 13:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/12/27 13:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/12/27 13:02:14 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Bluestacks
[2014/12/11 13:58:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/08 21:24:26 | 000,260,888 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/02 20:25:56 | 000,001,087 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2015/01/02 20:25:41 | 000,000,907 | ---- | M] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
[2015/01/02 20:25:41 | 000,000,888 | ---- | M] () -- C:\Users\Mike\Desktop\ERUNT.lnk
[2015/01/02 20:08:31 | 000,000,156 | ---- | M] () -- C:\Windows\Reimage.ini
[2015/01/02 20:07:39 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2015/01/02 20:05:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/02 19:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/02 17:05:06 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/02 16:42:39 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/01 18:28:21 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/01/01 18:28:18 | 2489,966,591 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/01 17:45:29 | 000,052,000 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2015/01/01 17:41:30 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/12/29 21:25:03 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMike.job
[2014/12/27 13:03:54 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2014/12/27 13:03:42 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
[2014/12/14 18:13:09 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/12 19:06:52 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
 
========== Files Created - No Company Name ==========
 
[2015/01/02 20:25:56 | 000,001,087 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2015/01/02 20:25:41 | 000,000,907 | ---- | C] () -- C:\Users\Mike\Desktop\NTREGOPT.lnk
[2015/01/02 20:25:41 | 000,000,888 | ---- | C] () -- C:\Users\Mike\Desktop\ERUNT.lnk
[2015/01/02 20:07:39 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2015/01/02 20:06:44 | 000,000,156 | ---- | C] () -- C:\Windows\Reimage.ini
[2015/01/01 17:41:30 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/12/27 13:03:54 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2014/12/27 13:03:42 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
[2014/11/30 18:59:59 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/11/30 18:59:42 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2014/11/11 00:31:33 | 000,068,608 | ---- | C] () -- C:\Windows\SysWow64\igfxexps32.dll
[2014/11/11 00:31:31 | 000,334,160 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2014/11/11 00:31:30 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/11/11 00:31:30 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2014/07/08 00:13:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/04/02 09:52:15 | 000,965,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/18 09:55:05 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2013/08/22 15:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 15:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 14:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 07:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 23:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 23:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/04/24 18:34:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/10/29 03:57:39 | 022,295,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/10/29 03:10:55 | 019,734,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 01:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 00:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 01:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/30 19:42:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\.ACEStream
[2014/11/30 19:42:41 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\ACEStream
[2015/01/01 17:50:11 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVG
[2015/01/01 17:42:10 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVG2015
[2015/01/01 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Avg_Update_1014av
[2014/11/07 18:49:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Synaptics
[2015/01/01 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TuneUp Software
[2014/12/31 00:19:45 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent
[2014/11/15 15:49:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Mike\OneDrive:ms-properties
 
< End of report >
 

Edited by Mike_Allen_1410, 02 January 2015 - 05:59 PM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello. :) As you are using Win 8, we'll need to use a different tool to get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi Pystryker, thanks for your help with this. I went over your 'things to go over with me' list and actioned where necessary...

Also, I'm not getting help from anywhere else :-)

 

Here are the first logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by Mike (administrator) on DADSLAPTOP on 03-01-2015 12:46:46
Running from C:\Users\Mike\Downloads
Loaded Profile: Mike (Available profiles: Mike)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-2031654551-3244125610-3708774426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2031654551-3244125610-3708774426-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {D5D77AED-A36A-42BF-8A95-C7E3F524E6FF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {D5D77AED-A36A-42BF-8A95-C7E3F524E6FF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2031654551-3244125610-3708774426-1001 -> {D5D77AED-A36A-42BF-8A95-C7E3F524E6FF} URL = http://www.amazon.co...s={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-08]
CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-08]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-08]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-08]
CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-08]
CHR Extension: (unisoalesa) - C:\ProgramData\jneppflghoooempkigbenmioijolbmog\ [2014-11-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-11-11] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-01] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3529944 2014-11-30] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 12:46 - 2015-01-03 12:47 - 00015700 _____ () C:\Users\Mike\Downloads\FRST.txt
2015-01-03 12:46 - 2015-01-03 12:46 - 00000000 ____D () C:\FRST
2015-01-03 12:45 - 2015-01-03 12:45 - 02123264 _____ (Farbar) C:\Users\Mike\Downloads\FRST64.exe
2015-01-03 11:57 - 2015-01-03 11:57 - 00000613 _____ () C:\Users\Mike\Desktop\JRT.txt
2015-01-03 11:48 - 2015-01-03 11:48 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\tdsskiller (1).exe
2015-01-03 11:34 - 2015-01-03 11:34 - 00434612 _____ () C:\Users\Mike\Desktop\utility.htm
2015-01-03 10:53 - 2015-01-03 10:53 - 01707939 _____ (Thisisu) C:\Users\Mike\Downloads\JRT.exe
2015-01-03 10:53 - 2015-01-03 10:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-03 10:47 - 2015-01-03 10:48 - 02173952 _____ () C:\Users\Mike\Downloads\adwcleaner_4.106.exe
2015-01-03 10:47 - 2015-01-03 10:47 - 00000907 _____ () C:\Users\Mike\Desktop\NTREGOPT.lnk
2015-01-03 10:47 - 2015-01-03 10:47 - 00000888 _____ () C:\Users\Mike\Desktop\ERUNT.lnk
2015-01-03 10:47 - 2015-01-03 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-03 10:45 - 2015-01-03 10:45 - 00005058 _____ () C:\Users\Mike\Desktop\AdwCleaner[S0].txt
2015-01-03 10:33 - 2015-01-03 12:00 - 00000000 ____D () C:\AdwCleaner
2015-01-03 10:32 - 2015-01-03 10:33 - 02173952 _____ () C:\Users\Mike\Desktop\adwcleaner_4.106.exe
2015-01-02 20:49 - 2015-01-02 20:49 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\tdsskiller.exe
2015-01-02 20:46 - 2015-01-02 20:46 - 00071398 _____ (jpshortstuff) C:\Users\Mike\Downloads\GooredFix.exe
2015-01-02 20:46 - 2015-01-02 20:46 - 00000690 _____ () C:\Users\Mike\Desktop\GooredFix.txt
2015-01-02 20:46 - 2015-01-02 20:46 - 00000000 ____D () C:\Users\Mike\Desktop\GooredFix Backups
2015-01-02 20:45 - 2015-01-02 20:45 - 00120148 _____ () C:\Users\Mike\Desktop\OTL.Txt
2015-01-02 20:44 - 2015-01-02 20:44 - 00120148 _____ () C:\Users\Mike\Downloads\OTL.Txt
2015-01-02 20:44 - 2015-01-02 20:44 - 00060370 _____ () C:\Users\Mike\Downloads\Extras.Txt
2015-01-02 20:31 - 2015-01-02 20:32 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Downloads\OTL.com
2015-01-02 20:25 - 2015-01-03 10:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-02 20:25 - 2015-01-02 20:25 - 00791393 _____ (Lars Hederer ) C:\Users\Mike\Downloads\erunt-setup.exe
2015-01-02 20:07 - 2015-01-02 20:08 - 00000000 ____D () C:\rei
2015-01-01 17:50 - 2015-01-01 17:50 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AVG
2015-01-01 17:49 - 2015-01-01 17:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\Avg
2015-01-01 17:48 - 2015-01-01 17:50 - 00000000 ____D () C:\ProgramData\AVG
2015-01-01 17:47 - 2015-01-01 17:48 - 90844984 _____ (AVG Technologies) C:\Users\Mike\Downloads\avg_tuh_stf_all_2015_238_24c4.exe
2015-01-01 17:46 - 2015-01-02 00:09 - 00000000 ____D () C:\Users\Mike\AppData\Local\AVG Web TuneUp
2015-01-01 17:45 - 2015-01-01 17:46 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-01-01 17:45 - 2015-01-01 17:45 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-01 17:44 - 2015-01-01 17:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Avg_Update_1014av
2015-01-01 17:44 - 2015-01-01 17:44 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-01 17:42 - 2015-01-01 17:42 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AVG2015
2015-01-01 17:41 - 2015-01-01 17:41 - 00000948 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-01 17:41 - 2015-01-01 17:41 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TuneUp Software
2015-01-01 17:41 - 2015-01-01 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-01 17:40 - 2015-01-01 17:41 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-01 17:40 - 2015-01-01 17:40 - 00000000 ___HD () C:\$AVG
2015-01-01 17:39 - 2015-01-01 17:49 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-01 17:37 - 2015-01-03 12:44 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-01 17:37 - 2015-01-01 18:47 - 00000000 ____D () C:\Users\Mike\AppData\Local\Avg2015
2015-01-01 17:37 - 2015-01-01 17:37 - 00000000 ____D () C:\Users\Mike\AppData\Local\MFAData
2015-01-01 17:36 - 2015-01-01 17:37 - 04637504 _____ (AVG Technologies) C:\Users\Mike\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-12-30 21:51 - 2015-01-01 18:27 - 00000000 ____D () C:\Program Files (x86)\unisoalesa
2014-12-30 21:50 - 2014-12-30 21:50 - 00000000 ____D () C:\ProgramData\jneppflghoooempkigbenmioijolbmog
2014-12-28 13:24 - 2015-01-01 17:56 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 13:10 - 2014-12-27 13:10 - 02266681 _____ () C:\Users\Mike\Downloads\com.tdo.showbox-7-28_apkapps.com.apk
2014-12-27 13:03 - 2014-12-27 13:08 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-12-27 13:03 - 2014-12-27 13:03 - 00001843 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-12-27 13:03 - 2014-12-27 13:03 - 00001786 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-12-27 13:03 - 2014-12-27 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-12-27 13:02 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Mike\AppData\Local\Bluestacks
2014-12-27 13:00 - 2014-12-27 13:01 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\Mike\Downloads\BlueStacks-SplitInstaller_native.exe
2014-12-19 18:50 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-19 18:50 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-11 13:58 - 2014-12-11 13:58 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 23:35 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 23:35 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 23:35 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 23:35 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 23:34 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 23:34 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 23:34 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 23:34 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 23:34 - 2014-10-31 23:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 23:34 - 2014-10-31 23:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 23:33 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 23:33 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 23:33 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 23:33 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 23:33 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 23:33 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 23:33 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 23:33 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 23:33 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 23:33 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 23:33 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 23:33 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 23:33 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 23:33 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 23:33 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 23:33 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 23:33 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 23:33 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 23:33 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 23:33 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 23:33 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 23:33 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 23:33 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 23:33 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 23:33 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 23:33 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 23:33 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 23:33 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 23:33 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 23:33 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 23:33 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 23:33 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 23:33 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 23:33 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 23:33 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 23:33 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 23:33 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 23:33 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 23:33 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 17:51 - 2014-10-30 11:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-08 21:24 - 2014-12-08 21:24 - 00260888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-12-04 19:16 - 2014-12-04 19:38 - 00000000 ____D () C:\Users\Mike\Downloads\The Maze Runner (2014) [1080p]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 12:43 - 2014-11-07 18:41 - 01983004 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 12:43 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-03 12:05 - 2014-11-08 10:55 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 12:04 - 2014-11-07 18:51 - 00000000 ____D () C:\Users\Mike\Documents\Youcam
2015-01-03 12:03 - 2014-11-07 18:51 - 00000000 ___DO () C:\Users\Mike\OneDrive
2015-01-03 12:02 - 2014-11-08 10:55 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 12:01 - 2014-03-18 09:44 - 00024806 _____ () C:\Windows\PFRO.log
2015-01-03 12:01 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 12:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-03 12:00 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-03 11:01 - 2014-11-07 18:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2031654551-3244125610-3708774426-1001
2015-01-03 10:17 - 2014-11-07 18:49 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{94457430-1FB2-437A-A678-726477FB77EF}
2015-01-02 21:52 - 2014-11-07 18:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\VirtualStore
2015-01-02 21:25 - 2014-12-03 19:19 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2015-01-02 21:25 - 2014-12-03 19:19 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2015-01-02 21:21 - 2014-11-08 15:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 18:27 - 2014-11-07 18:48 - 00000000 ____D () C:\Users\Mike
2015-01-01 17:56 - 2014-07-08 00:24 - 00000000 ____D () C:\ProgramData\Temp
2015-01-01 17:44 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-01 17:41 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-31 00:19 - 2014-11-08 11:06 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\uTorrent
2014-12-28 19:08 - 2014-11-09 19:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-28 19:07 - 2014-11-09 19:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-28 00:08 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-27 13:05 - 2014-11-08 00:49 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-27 13:03 - 2014-11-15 15:47 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-27 13:03 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-25 23:25 - 2014-04-25 02:32 - 00000000 ___HD () C:\HP
2014-12-25 14:56 - 2014-11-07 18:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\Packages
2014-12-20 21:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-20 05:48 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 21:55 - 2014-11-19 21:51 - 00011663 _____ () C:\Users\Mike\Desktop\xmas money.xlsx
2014-12-14 18:13 - 2014-11-08 15:31 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-14 18:13 - 2014-11-08 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-14 18:13 - 2014-11-08 15:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-12 19:06 - 2014-11-08 10:55 - 00002170 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 17:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-12-11 13:58 - 2014-11-11 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 23:42 - 2014-11-14 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 23:42 - 2014-11-09 11:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 23:39 - 2014-11-09 11:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 17:52 - 2014-07-08 00:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-09 17:52 - 2014-07-08 00:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-09 17:50 - 2014-04-24 18:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
 
Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Mike\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Mike\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Mike\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Mike\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Mike\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-29 22:35
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015
Ran by Mike at 2015-01-03 12:47:52
Running from C:\Users\Mike\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2015 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2031654551-3244125610-3708774426-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2031654551-3244125610-3708774426-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3431 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.34 - REALTEK Semiconductor Corp.)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2031654551-3244125610-3708774426-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
18-12-2014 00:13:30 Windows Update
25-12-2014 10:28:30 Scheduled Checkpoint
01-01-2015 17:39:04 Installed AVG 2015
01-01-2015 17:39:36 Installed AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1224FAE2-841B-4C68-AEE3-F39EED3C62B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {4ACD2606-78D6-48BC-98B2-67561FF364AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)
Task: {6B92F824-9DAC-4E72-814D-1B013FACF403} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {81F456EE-208F-45AE-A422-98825CAB7847} - System32\Tasks\HPCeeScheduleForMike => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8B882444-DCC7-42D7-A3CD-1B75F843D9C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {91142029-E1BB-48A1-BCD4-FA07520F7E40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {95AFD117-E2A6-4A44-AAEB-A0D5BCDCBE84} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {AB4CF40C-AB5A-4481-907A-DEE0E46ACC73} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)
Task: {BAA88EC1-6527-41E3-BE8B-251E4340109A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {BFA82A17-80C8-40D5-8345-F5BC13983224} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {C3E5CB3A-1B3F-41EE-8691-3C15D0DAF380} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {DA0D50A2-F9D9-4A59-BD32-BD35C38D5820} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {EAC6982F-932A-4606-92AD-0C7A0D2C2C1C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe [2014-01-13] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMike.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-07-08 00:30 - 2013-08-05 07:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 14:48 - 2013-08-05 14:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-01 17:45 - 2015-01-01 17:45 - 01686552 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-12-12 19:06 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 19:06 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 19:06 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 19:06 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mike\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2031654551-3244125610-3708774426-500 - Administrator - Disabled)
Guest (S-1-5-21-2031654551-3244125610-3708774426-501 - Limited - Disabled)
Mike (S-1-5-21-2031654551-3244125610-3708774426-1001 - Administrator - Enabled) => C:\Users\Mike
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-29 23:04:26.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-27 13:02:33.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-27 13:02:33.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-26 23:40:28.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-20 10:10:19.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-15 03:34:09.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-12 17:47:28.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-12 17:47:28.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-12 17:47:27.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-12 17:47:27.582
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 32%
Total physical RAM: 8088.27 MB
Available physical RAM: 5476.51 MB
Total Pagefile: 16280.27 MB
Available Pagefile: 12976.91 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:913.62 GB) (Free:861.26 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.87 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA47CBF4)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi Pystryker, thanks for your help with this. I went over your 'things to go over with me' list and actioned where necessary...

Also, I'm not getting help from anywhere else :-)


Hello, and thank you for letting me know. :thumbsup: Let's get started showing your unwelcome guests to the door. :)

One of the infections has changed your version of Chrome to a development version which lowers the security of it greatly. Once finished with the cleaning, we'll need to uninstall Chrome, and then reinstall the most current version.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: P2P, Multiple Anti-Virus Warnings, and Chrome Extension Removal

The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Multiple Anti-Virus Programs Installed


Your log indicates you have 2 or more anti-virus programs installed on your machine. They are Windows Defender and AVG 2015.
  • Research shows that having multiple anti-virus programs installed is not a good idea. Even if one is disabled, it will still load up the files it needs at startup which will hog more system resources. This is a case of more is not better. They will often conflict with each, provide false positives, and additional problems.
  • We need to remove one these from your system. As Windows Defender is so integrated into Windows, please uninstall AVG Free 2015.
Remove Chrome Extensions

There is an extension in Chrome that need to be removed, please follow the instructions below to remove it.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extension unisoalesa by clicking the trash can icon.



Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Mike\Downloads to your Desktop or the fix will not work. :thumbsup:
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\jneppflghoooempkigbenmioijolbmog
2014-12-30 21:51 - 2015-01-01 18:27 - 00000000 ____D () C:\Program Files (x86)\unisoalesa
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

How is the machine running at this time?

  • 0

#5
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi Pystriker, thanks for the quick response.

I've delete P2P files as suggested. I've also removed AVG 2015.

 

I think I've read your post correctly in that you want a separate post for each log, so here's the first: Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 02
Ran by Mike at 2015-01-03 16:08:54 Run:1
Running from C:\Users\Mike\Desktop
Loaded Profile: Mike (Available profiles: Mike)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\ProgramData\jneppflghoooempkigbenmioijolbmog
2014-12-30 21:51 - 2015-01-01 18:27 - 00000000 ____D () C:\Program Files (x86)\unisoalesa
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\jneppflghoooempkigbenmioijolbmog => Moved successfully.
C:\Program Files (x86)\unisoalesa => Moved successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 623.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:10:10 ====

  • 0

#6
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Mike on 03/01/2015 at 16:15:11.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/01/2015 at 16:18:39.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#7
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

ADWCleaner

 

# AdwCleaner v4.106 - Report created 03/01/2015 at 16:28:31
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Mike - DADSLAPTOP
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [864 octets] - [03/01/2015 16:23:00]
AdwCleaner[R1].txt - [923 octets] - [03/01/2015 16:27:18]
AdwCleaner[S0].txt - [847 octets] - [03/01/2015 16:28:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [906 octets] ##########
 

Edited by Mike_Allen_1410, 03 January 2015 - 10:41 AM.

  • 0

#8
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Fresh FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 02
Ran by Mike (administrator) on DADSLAPTOP on 03-01-2015 16:31:43
Running from C:\Users\Mike\Desktop
Loaded Profile: Mike (Available profiles: Mike)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-14] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-2031654551-3244125610-3708774426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2031654551-3244125610-3708774426-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {D5D77AED-A36A-42BF-8A95-C7E3F524E6FF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {D5D77AED-A36A-42BF-8A95-C7E3F524E6FF} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2031654551-3244125610-3708774426-1001 -> {D5D77AED-A36A-42BF-8A95-C7E3F524E6FF} URL = http://www.amazon.co...s={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-08]
CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-08]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-08]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-08]
CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-11-11] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2015-01-01] (AVG Technologies)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3529944 2014-11-30] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 16:31 - 2015-01-03 16:32 - 00013100 _____ () C:\Users\Mike\Desktop\FRST.txt
2015-01-03 16:30 - 2015-01-03 16:30 - 00000985 _____ () C:\Users\Mike\Desktop\AdwCleaner[S0].txt
2015-01-03 16:22 - 2015-01-03 16:28 - 00000000 ____D () C:\AdwCleaner
2015-01-03 16:21 - 2015-01-03 16:21 - 02173952 _____ () C:\Users\Mike\Desktop\AdwCleaner.exe
2015-01-03 16:18 - 2015-01-03 16:18 - 00000613 _____ () C:\Users\Mike\Desktop\JRT.txt
2015-01-03 16:06 - 2015-01-03 16:06 - 00000000 ____D () C:\Users\Mike\Desktop\FRST-OlderVersion
2015-01-03 15:48 - 2015-01-03 15:48 - 00003126 _____ () C:\Windows\System32\Tasks\{3608174D-63AE-4D0E-BCC4-7E5C55C4C6A4}
2015-01-03 12:47 - 2015-01-03 12:48 - 00019789 _____ () C:\Users\Mike\Downloads\Addition.txt
2015-01-03 12:46 - 2015-01-03 16:31 - 00000000 ____D () C:\FRST
2015-01-03 12:46 - 2015-01-03 12:48 - 00034237 _____ () C:\Users\Mike\Downloads\FRST.txt
2015-01-03 12:45 - 2015-01-03 16:06 - 02123776 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-01-03 11:48 - 2015-01-03 11:48 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\tdsskiller (1).exe
2015-01-03 11:34 - 2015-01-03 11:34 - 00434612 _____ () C:\Users\Mike\Desktop\utility.htm
2015-01-03 10:53 - 2015-01-03 10:53 - 01707939 _____ (Thisisu) C:\Users\Mike\Desktop\JRT.exe
2015-01-03 10:53 - 2015-01-03 10:53 - 00000000 ____D () C:\Windows\ERUNT
2015-01-03 10:47 - 2015-01-03 10:47 - 00000907 _____ () C:\Users\Mike\Desktop\NTREGOPT.lnk
2015-01-03 10:47 - 2015-01-03 10:47 - 00000888 _____ () C:\Users\Mike\Desktop\ERUNT.lnk
2015-01-03 10:47 - 2015-01-03 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-02 20:49 - 2015-01-02 20:49 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Mike\Downloads\tdsskiller.exe
2015-01-02 20:46 - 2015-01-02 20:46 - 00071398 _____ (jpshortstuff) C:\Users\Mike\Downloads\GooredFix.exe
2015-01-02 20:46 - 2015-01-02 20:46 - 00000690 _____ () C:\Users\Mike\Desktop\GooredFix.txt
2015-01-02 20:46 - 2015-01-02 20:46 - 00000000 ____D () C:\Users\Mike\Desktop\GooredFix Backups
2015-01-02 20:45 - 2015-01-02 20:45 - 00120148 _____ () C:\Users\Mike\Desktop\OTL.Txt
2015-01-02 20:44 - 2015-01-02 20:44 - 00120148 _____ () C:\Users\Mike\Downloads\OTL.Txt
2015-01-02 20:44 - 2015-01-02 20:44 - 00060370 _____ () C:\Users\Mike\Downloads\Extras.Txt
2015-01-02 20:31 - 2015-01-02 20:32 - 00602112 _____ (OldTimer Tools) C:\Users\Mike\Downloads\OTL.com
2015-01-02 20:25 - 2015-01-03 10:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-02 20:25 - 2015-01-02 20:25 - 00791393 _____ (Lars Hederer ) C:\Users\Mike\Downloads\erunt-setup.exe
2015-01-02 20:07 - 2015-01-02 20:08 - 00000000 ____D () C:\rei
2015-01-01 17:50 - 2015-01-01 17:50 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\AVG
2015-01-01 17:49 - 2015-01-01 17:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\Avg
2015-01-01 17:48 - 2015-01-01 17:50 - 00000000 ____D () C:\ProgramData\AVG
2015-01-01 17:47 - 2015-01-01 17:48 - 90844984 _____ (AVG Technologies) C:\Users\Mike\Downloads\avg_tuh_stf_all_2015_238_24c4.exe
2015-01-01 17:46 - 2015-01-02 00:09 - 00000000 ____D () C:\Users\Mike\AppData\Local\AVG Web TuneUp
2015-01-01 17:45 - 2015-01-01 17:46 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-01-01 17:45 - 2015-01-01 17:45 - 00052000 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files\AVG Web TuneUp
2015-01-01 17:45 - 2015-01-01 17:45 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-01-01 17:44 - 2015-01-01 17:44 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Avg_Update_1014av
2015-01-01 17:44 - 2015-01-01 17:44 - 00000000 ____D () C:\ProgramData\Avg_Update_1014av
2015-01-01 17:41 - 2015-01-01 17:41 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\TuneUp Software
2015-01-01 17:39 - 2015-01-03 15:58 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-01-01 17:37 - 2015-01-03 15:58 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-01 17:37 - 2015-01-01 17:37 - 00000000 ____D () C:\Users\Mike\AppData\Local\MFAData
2015-01-01 17:36 - 2015-01-01 17:37 - 04637504 _____ (AVG Technologies) C:\Users\Mike\Downloads\avg_free_stb_all_2015_5557_cnet.exe
2014-12-28 13:24 - 2015-01-01 17:56 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 13:10 - 2014-12-27 13:10 - 02266681 _____ () C:\Users\Mike\Downloads\com.tdo.showbox-7-28_apkapps.com.apk
2014-12-27 13:03 - 2014-12-27 13:08 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-12-27 13:03 - 2014-12-27 13:03 - 00001843 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-12-27 13:03 - 2014-12-27 13:03 - 00001786 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-12-27 13:03 - 2014-12-27 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-12-27 13:02 - 2014-12-27 13:02 - 00000000 ____D () C:\Users\Mike\AppData\Local\Bluestacks
2014-12-27 13:00 - 2014-12-27 13:01 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\Mike\Downloads\BlueStacks-SplitInstaller_native.exe
2014-12-19 18:50 - 2014-10-30 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-19 18:50 - 2014-10-30 22:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-11 13:58 - 2014-12-11 13:58 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 23:35 - 2014-11-10 02:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 23:35 - 2014-11-10 01:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 23:35 - 2014-10-30 23:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 23:35 - 2014-10-30 23:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 23:34 - 2014-12-03 23:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 23:34 - 2014-12-03 23:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 23:34 - 2014-12-02 23:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 23:34 - 2014-11-07 04:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 23:34 - 2014-11-07 03:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 23:34 - 2014-10-31 23:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 23:34 - 2014-10-31 23:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 23:33 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 23:33 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 23:33 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 23:33 - 2014-11-22 02:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 23:33 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 23:33 - 2014-11-22 02:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 23:33 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 23:33 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 23:33 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 23:33 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 23:33 - 2014-11-22 02:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 23:33 - 2014-11-22 02:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 23:33 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 23:33 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 23:33 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 23:33 - 2014-11-22 01:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 23:33 - 2014-11-22 01:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 23:33 - 2014-11-22 01:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 23:33 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 23:33 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 23:33 - 2014-11-22 01:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 23:33 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 23:33 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 23:33 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 23:33 - 2014-11-22 01:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 23:33 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 23:33 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 23:33 - 2014-11-22 01:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 23:33 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 23:33 - 2014-11-22 01:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 23:33 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 23:33 - 2014-11-22 01:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 23:33 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 23:33 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 23:33 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 23:33 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 23:33 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 23:33 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 23:33 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 17:51 - 2014-10-30 11:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-04 19:16 - 2014-12-04 19:38 - 00000000 ____D () C:\Users\Mike\Downloads\The Maze Runner (2014) [1080p]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-03 16:31 - 2014-11-07 18:51 - 00000000 ____D () C:\Users\Mike\Documents\Youcam
2015-01-03 16:30 - 2014-11-08 10:55 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 16:30 - 2014-11-07 18:51 - 00000000 ___DO () C:\Users\Mike\OneDrive
2015-01-03 16:29 - 2014-03-18 09:44 - 00034322 _____ () C:\Windows\PFRO.log
2015-01-03 16:29 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 16:28 - 2014-11-07 18:41 - 01075155 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 16:24 - 2014-11-07 18:49 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{94457430-1FB2-437A-A678-726477FB77EF}
2015-01-03 16:21 - 2014-11-07 18:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2031654551-3244125610-3708774426-1001
2015-01-03 16:21 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2015-01-03 16:05 - 2014-11-08 10:55 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 15:57 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-03 15:56 - 2013-08-22 15:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-01-03 15:49 - 2014-11-08 11:06 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\uTorrent
2015-01-03 12:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-02 21:52 - 2014-11-07 18:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\VirtualStore
2015-01-02 21:25 - 2014-12-03 19:19 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMike
2015-01-02 21:25 - 2014-12-03 19:19 - 00000350 _____ () C:\Windows\Tasks\HPCeeScheduleForMike.job
2015-01-02 21:21 - 2014-11-08 15:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 18:27 - 2014-11-07 18:48 - 00000000 ____D () C:\Users\Mike
2015-01-01 17:56 - 2014-07-08 00:24 - 00000000 ____D () C:\ProgramData\Temp
2015-01-01 17:44 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-28 19:08 - 2014-11-09 19:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-28 19:07 - 2014-11-09 19:41 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-28 00:08 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-27 13:05 - 2014-11-08 00:49 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-27 13:03 - 2014-11-15 15:47 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-12-27 13:03 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-25 23:25 - 2014-04-25 02:32 - 00000000 ___HD () C:\HP
2014-12-25 14:56 - 2014-11-07 18:49 - 00000000 ____D () C:\Users\Mike\AppData\Local\Packages
2014-12-20 21:20 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-12-20 05:48 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 21:55 - 2014-11-19 21:51 - 00011663 _____ () C:\Users\Mike\Desktop\xmas money.xlsx
2014-12-14 18:13 - 2014-11-08 15:31 - 00001085 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-14 18:13 - 2014-11-08 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-14 18:13 - 2014-11-08 15:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-12 19:06 - 2014-11-08 10:55 - 00002170 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 17:49 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-12-11 13:58 - 2014-11-11 08:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-12-11 13:58 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 23:42 - 2014-11-14 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 23:42 - 2014-11-09 11:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 23:39 - 2014-11-09 11:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 17:52 - 2014-07-08 00:22 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-09 17:52 - 2014-07-08 00:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-09 17:50 - 2014-04-24 18:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
 
Some content of TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\Quarantine.exe
C:\Users\Mike\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-29 22:35
 
==================== End Of Log ============================

  • 0

#9
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Sorry if they were meant to be in one reply :-/

 

You are a superstar mate, my system is working much better and the re-directs have gone :-)

 

You mentioned I have to do something with Chrome?

 

Mike


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Sorry if they were meant to be in one reply :-/
 
You are a superstar mate, my system is working much better and the re-directs have gone :-)
 
You mentioned I have to do something with Chrome?
 
Mike


No, you posted them perfectly. :) It makes them so easier to analyze being in separate posts. Good to hear that the redirects have gone, and thank you for your kind words. :) We need to scan for remnants, orphans, and out of date programs. Once that's complete, we'll take care of Chrome during Clean Up procedures.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#11
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hi Pystriker, here's the 3 logs. Kept these together with them being quite small in comparison, hope that's ok.

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 03/01/2015
Scan Time: 17:08:28
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.03.07
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Mike
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320965
Time Elapsed: 19 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 AVG Web TuneUp   
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • I also have some tips and information to help reduce the chances of infection in the future.
Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post:

Delfix Log

  • 0

#13
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello, I've installed unchecky...great little program :-)

I already have malwarebytes installed anyway, so will be keeping that.

Thanks for the hints and tips to, much appreciated.

Here's my DelFix log:

 

# DelFix v10.8 - Logfile created 03/01/2015 at 20:00:08
# Updated 29/07/2014 by Xplode
# Username : Mike - DADSLAPTOP
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mike\Desktop\GooredFix Backups
Deleted : C:\Users\Mike\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.42_02.01.2015_20.49.58_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_03.01.2015_11.48.38_log.txt
Deleted : C:\Users\Mike\Desktop\Addition.txt
Deleted : C:\Users\Mike\Desktop\AdwCleaner.exe
Deleted : C:\Users\Mike\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Mike\Desktop\Fixlog.txt
Deleted : C:\Users\Mike\Desktop\FRST.txt
Deleted : C:\Users\Mike\Desktop\FRST64.exe
Deleted : C:\Users\Mike\Desktop\GooredFix.txt
Deleted : C:\Users\Mike\Desktop\JRT.exe
Deleted : C:\Users\Mike\Desktop\JRT.txt
Deleted : C:\Users\Mike\Desktop\OTL.Txt
Deleted : C:\Users\Mike\Desktop\SecurityCheckLog.txt
Deleted : C:\Users\Mike\Downloads\Addition.txt
Deleted : C:\Users\Mike\Downloads\Extras.Txt
Deleted : C:\Users\Mike\Downloads\FRST.txt
Deleted : C:\Users\Mike\Downloads\GooredFix.exe
Deleted : C:\Users\Mike\Downloads\OTL.Txt
Deleted : C:\Users\Mike\Downloads\SecurityCheck.exe
Deleted : C:\Users\Mike\Downloads\tdsskiller (1).exe
Deleted : C:\Users\Mike\Downloads\tdsskiller.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #10 [Windows Update | 12/18/2014 00:13:30]
Deleted : RP #11 [Scheduled Checkpoint | 12/25/2014 10:28:30]
Deleted : RP #12 [Installed AVG 2015 | 01/01/2015 17:39:04]
Deleted : RP #13 [Installed AVG 2015 | 01/01/2015 17:39:36]
Deleted : RP #14 [Removed AVG 2015 | 01/03/2015 15:55:14]
Deleted : RP #16 [Restore Point Created by FRST | 01/03/2015 16:08:58]
 
New restore point created !
 
########## - EOF - ##########

  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello, I've installed unchecky...great little program :-)

I already have malwarebytes installed anyway, so will be keeping that.

Thanks for the hints and tips to, much appreciated.


:thumbsup: If you need help again, don't hesitate to come back and see us. :)

Safe surfing!

Pystryker :wave:
  • 0

#15
Mike_Allen_1410

Mike_Allen_1410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

All the best, Pystriker.

Mike


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP