Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unwanted Registry Entries? [Solved]


  • This topic is locked This topic is locked

#1
northwalian1

northwalian1

    Member

  • Member
  • PipPip
  • 34 posts

Hello,

 

AdwCleaner has picked out these registry entries but they aren't being deleted after a reboot. Are the results anything to be concerned about?

 

Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
 
Thanks in advance.

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Could be or may not be; we would have to see either the rest of the log entries or more complete lines.
 
Let us start with a FRST scan >>>>
 
If you know your system type (32 / 64 bit) then download the proper version below; else download both and try to run each one.  Only the proper one for your system will run.  Notice that the file need to be on your desktop and run by the administrator of the system.
 

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update.  Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
northwalian1

northwalian1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello,

 

Thanks for taking a look.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Dyfan (administrator) on SINBAD on 06-05-2015 10:12:50
Running from C:\Users\Dyfan\Desktop
Loaded Profiles: Dyfan (Available profiles: Dyfan & Guest & DefaultAppPool)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(WinAbility® Software Corporation) C:\Program Files\Folder Guard\FG64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(WinAbility® Software Corporation) C:\Program Files\Folder Guard\FG64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [FG_Monitor] => C:\Program Files\Folder Guard\FG64.exe [187976 2013-08-26] (WinAbility® Software Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => CTHELPER.EXE
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x5F000000
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:62951;https=127.0.0.1:62951
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-17] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-17] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-17] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-17] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-17] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-17] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://files.creativ...13/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://files.creativ...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://files.creativ...50323/CTPID.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Dyfan\AppData\Roaming\Mozilla\Firefox\Profiles\5shp5zw1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Video DownloadHelper - C:\Users\Dyfan\AppData\Roaming\Mozilla\Firefox\Profiles\5shp5zw1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-04-19]
FF Extension: Adblock Plus - C:\Users\Dyfan\AppData\Roaming\Mozilla\Firefox\Profiles\5shp5zw1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Safe Password Generator) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaalbidinndddbgmcofhfmgjjgneldhi [2015-04-30]
CHR Extension: (Google Docs) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (YouTube) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (Strong Password Generator) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco [2015-04-30]
CHR Extension: (AdBlock) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-28]
CHR Extension: (Bookmark Manager) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06]
CHR Extension: (Ghostery) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.googl...mnlhhddbepgkeaa
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2012-05-18] (ASUSTeK Computer Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-03-17] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-02-18] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 Folder Guard; C:\Program Files\Folder Guard\FG64.exe [187976 2013-08-26] (WinAbility® Software Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-10-20] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-03-16] (Phoenix Technologies) [File not signed]
R2 FGUARD64; C:\Program Files\Folder Guard\FGUARD64.SYS [74552 2013-08-26] (WinAbility® Software Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-17] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-17] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-10-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-10-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-17] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
S3 COMMONFX.DLL; \SystemRoot\System32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; \SystemRoot\System32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; \SystemRoot\System32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; \SystemRoot\System32\CTSBLFX.DLL [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-06 10:12 - 2015-05-06 10:13 - 00022173 _____ () C:\Users\Dyfan\Desktop\FRST.txt
2015-05-06 10:11 - 2015-05-06 10:12 - 00000000 ____D () C:\FRST
2015-05-06 10:07 - 2015-05-06 10:09 - 109335140 _____ () C:\Users\Dyfan\Desktop\#022 - Responsibility of the Privileged.m4a
2015-05-06 10:02 - 2015-05-06 10:02 - 02101248 _____ (Farbar) C:\Users\Dyfan\Desktop\FRST64.exe
2015-05-02 12:36 - 2015-05-02 12:36 - 00000000 ____D () C:\Users\Dyfan\Desktop\Altman 2014 720p BluRay x264 AAC - Ozlem
2015-05-02 12:11 - 2015-05-02 12:27 - 00000000 ____D () C:\Users\Dyfan\Desktop\Beautiful.Noise.2014.480p.BluRay.x264-mSD
2015-05-02 10:46 - 2015-05-02 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-05-01 09:42 - 2015-05-02 11:19 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1001
2015-04-30 22:25 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-30 22:25 - 2015-03-13 03:49 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-30 22:25 - 2015-03-13 03:28 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-30 22:25 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-30 22:25 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-30 22:24 - 2015-05-06 10:02 - 00510138 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-30 13:30 - 2015-05-06 09:58 - 00001392 _____ () C:\WINDOWS\setupact.log
2015-04-30 13:30 - 2015-04-30 13:30 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-30 12:24 - 2015-04-30 12:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-30 12:17 - 2015-04-30 12:17 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-SINBAD-Windows-8.1-(64-bit).dat
2015-04-30 12:16 - 2015-04-30 12:16 - 00000000 ____D () C:\RegBackup
2015-04-30 11:29 - 2015-04-30 11:46 - 00000000 ____D () C:\Users\Dyfan\Desktop\Kingsman.The.Secret.Service.2014.WEBRip.KORSUB.XviD.MP3-RARBG
2015-04-29 13:18 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-04-29 13:18 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-04-29 13:18 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-04-29 13:18 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-04-29 13:18 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-28 22:08 - 2015-04-28 22:09 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\calibre
2015-04-28 09:49 - 2015-04-28 09:49 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-27 21:15 - 2015-04-27 21:16 - 00000000 ____D () C:\Users\Dyfan\Desktop\Soul II Soul magnet
2015-04-27 17:39 - 2015-04-27 17:39 - 02224640 _____ () C:\Users\Dyfan\Desktop\adwcleaner_4.202.exe
2015-04-26 13:44 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-26 13:44 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-26 13:44 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-26 13:44 - 2015-03-14 03:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-26 13:44 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-26 13:44 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-26 13:44 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-26 13:44 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-26 13:44 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-26 13:44 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-26 13:44 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-26 13:43 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-26 13:43 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-26 13:43 - 2015-03-13 03:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-26 13:43 - 2015-03-13 03:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-26 13:43 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-26 13:43 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-26 13:43 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-26 13:43 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-26 13:43 - 2015-02-13 03:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-26 13:43 - 2015-02-13 02:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-24 22:52 - 2015-04-24 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2015-04-24 22:52 - 2015-04-24 22:52 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2015-04-24 10:19 - 2015-05-06 10:00 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 10:19 - 2015-04-24 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-24 10:19 - 2015-04-24 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-24 10:19 - 2015-04-24 10:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-24 10:19 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-24 10:19 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-24 10:19 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-18 14:03 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-18 14:03 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-18 14:03 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-18 14:03 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-15 09:38 - 2015-04-15 09:38 - 00000000 _____ () C:\WINDOWS\SysWOW64\RENC207.tmp
2015-04-14 20:27 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 20:27 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 20:27 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 20:27 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 20:27 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 20:27 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 20:27 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 20:27 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 20:27 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 20:27 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 20:27 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 20:27 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 20:27 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 20:27 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 20:27 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 20:27 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 20:27 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 20:27 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 20:27 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 20:27 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 20:27 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 20:27 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 20:27 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 20:27 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 20:27 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 20:27 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 20:27 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 20:27 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 20:27 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 20:27 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 20:27 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 20:27 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 20:27 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 20:27 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 20:27 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 20:27 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 20:27 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 20:27 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 20:27 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 20:27 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 20:27 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 20:27 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-11 22:33 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-11 22:33 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-11 22:33 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-11 22:33 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-11 22:33 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-11 22:33 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-11 22:33 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-11 22:33 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-11 22:33 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-11 22:33 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-11 22:33 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-11 22:33 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-11 22:33 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-11 22:33 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-11 22:33 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-11 22:33 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-11 22:33 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-11 22:33 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-10 13:04 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-10 13:04 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-10 13:04 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-10 13:04 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-10 13:04 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-10 13:04 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-10 13:04 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-10 13:04 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-08 11:20 - 2015-04-08 11:20 - 00000000 ____D () C:\Program Files (x86)\FFmpeg for Audacity
2015-04-08 11:08 - 2015-04-08 11:23 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\Audacity
2015-04-08 11:08 - 2015-04-08 11:08 - 00001035 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-08 11:08 - 2015-04-08 11:08 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-04-07 17:31 - 2015-04-07 17:31 - 00623894 _____ () C:\Users\Dyfan\Desktop\MapMyTrack-Route-Gran-Fondo.gpx
2015-04-07 17:30 - 2015-04-07 17:30 - 00118618 _____ () C:\Users\Dyfan\Desktop\MapMyTrack-Route-Corto.gpx
2015-04-06 17:37 - 2015-04-06 17:37 - 00348437 _____ () C:\Users\Dyfan\Desktop\MapMyTrack-Route-Medio-Fondo.gpx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-06 10:12 - 2014-06-26 11:18 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\ClassicShell
2015-05-06 10:09 - 2014-10-16 16:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-06 10:06 - 2014-08-18 16:44 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 10:05 - 2014-03-18 16:26 - 00992652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-06 10:02 - 2014-06-26 11:16 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EBC5551-D0F1-498D-85A4-1FFD6FE5436D}
2015-05-06 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-06 09:58 - 2014-08-18 16:44 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 09:58 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-05 12:56 - 2014-06-26 11:01 - 00065536 _____ () C:\WINDOWS\system32\spu_storage.bin
2015-05-04 11:26 - 2014-06-27 22:44 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\Mp3tag
2015-05-04 11:09 - 2014-06-26 14:12 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\foobar2000
2015-05-02 10:46 - 2014-06-27 19:56 - 05979648 ___SH () C:\Users\Dyfan\Desktop\Thumbs.db
2015-05-02 10:46 - 2014-06-26 14:22 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2015-05-02 10:35 - 2014-06-26 12:43 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-02 10:35 - 2014-06-26 12:43 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-05-01 22:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-01 22:00 - 2014-06-26 21:58 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\vlc
2015-05-01 09:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-30 22:26 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-30 20:56 - 2014-07-04 14:59 - 00000000 ____D () C:\AdwCleaner
2015-04-30 20:53 - 2014-06-29 12:28 - 00000000 ____D () C:\Users\Dyfan\Documents\Nelson Mandela
2015-04-30 13:21 - 2015-03-18 12:13 - 00000000 ____D () C:\Users\Dyfan\Documents\Auslogics Disk Defrag PRO v4.5.0.0
2015-04-30 13:21 - 2014-09-18 22:38 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
2015-04-30 13:21 - 2014-09-18 22:28 - 00000000 ____D () C:\Users\Dyfan\Documents\IsoBuster Pro 3.2 Final Multilanguage Incl Serial - SceneDL (PimpRG)
2015-04-29 17:12 - 2014-08-18 16:45 - 00002279 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 23:00 - 2014-06-30 22:49 - 00000000 ____D () C:\Users\Dyfan\AppData\Roaming\CUE Tools
2015-04-28 22:12 - 2014-06-26 14:53 - 00000000 ____D () C:\Users\Dyfan\Documents\Calibre Library
2015-04-28 22:11 - 2014-06-26 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-04-28 22:11 - 2014-06-26 14:52 - 00000000 ____D () C:\Program Files\Calibre2
2015-04-27 13:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-27 10:28 - 2013-08-22 15:44 - 00377928 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-26 13:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-26 13:44 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-04-25 09:53 - 2014-06-26 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 22:43 - 2015-03-20 19:24 - 00000000 ____D () C:\Users\Dyfan\Documents\EAC settings
2015-04-24 10:16 - 2014-06-26 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 15:18 - 2015-03-26 18:46 - 00000051 _____ () C:\Users\Dyfan\Documents\Mouse Batteries.txt
2015-04-19 20:08 - 2014-06-26 14:31 - 00129536 ___SH () C:\Users\Dyfan\Documents\Thumbs.db
2015-04-19 16:44 - 2014-08-18 17:50 - 00000000 ____D () C:\Users\Dyfan\AppData\Local\Adobe
2015-04-16 09:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-15 22:49 - 2014-06-26 14:53 - 00000000 ____D () C:\Users\Dyfan\AppData\Local\calibre-cache
2015-04-15 10:20 - 2014-06-26 13:18 - 00000000 ____D () C:\ProgramData\FanXpert2
2015-04-15 09:39 - 2014-08-20 21:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-15 09:38 - 2015-01-22 21:02 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-15 09:38 - 2014-08-20 21:01 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-15 09:38 - 2014-08-20 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-15 09:38 - 2014-08-20 21:00 - 00000000 ____D () C:\Program Files\Java
2015-04-14 21:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-14 21:51 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-14 21:00 - 2014-06-26 11:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 20:57 - 2014-06-26 11:35 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 00:24 - 2013-08-22 16:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 00:24 - 2013-08-22 16:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 13:33 - 2014-12-18 21:16 - 00001144 _____ () C:\Users\Dyfan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-04-10 21:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-10 13:04 - 2014-12-10 11:12 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-10 13:04 - 2014-07-09 23:00 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-09 19:31 - 2015-03-24 17:33 - 00000000 ____D () C:\Users\Dyfan\Desktop\Tor Browser
2015-04-08 11:16 - 2014-06-26 15:26 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
 
==================== Files in the root of some directories =======
 
2014-08-22 15:29 - 2014-08-22 15:29 - 0099384 _____ () C:\Users\Dyfan\AppData\Roaming\inst.exe
2014-08-22 15:29 - 2014-08-22 15:29 - 0007859 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.cat
2014-08-22 15:29 - 2014-08-22 15:29 - 0001167 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.inf
2014-08-22 15:29 - 2014-08-22 15:29 - 0000055 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.log
2014-08-22 15:29 - 2014-08-22 15:29 - 0082816 _____ (VSO Software) C:\Users\Dyfan\AppData\Roaming\pcouffin.sys
2014-08-23 22:19 - 2014-08-23 22:36 - 0005632 _____ () C:\Users\Dyfan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-28 23:17 - 2015-01-11 23:08 - 0007602 _____ () C:\Users\Dyfan\AppData\Local\Resmon.ResmonCfg
2014-12-09 22:31 - 2014-12-09 22:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Dyfan\cygrunsrv.exe
 
 
Some content of TEMP:
====================
C:\Users\Dyfan\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Dyfan\AppData\Local\Temp\Quarantine.exe
C:\Users\Dyfan\AppData\Local\Temp\sqlite3.dll
C:\Users\Dyfan\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-30 11:12
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Dyfan at 2015-05-06 10:13:21
Running from C:\Users\Dyfan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2413718482-3116933066-1167245005-500 - Administrator - Disabled)
Dyfan (S-1-5-21-2413718482-3116933066-1167245005-1001 - Administrator - Enabled) => C:\Users\Dyfan
Guest (S-1-5-21-2413718482-3116933066-1167245005-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2413718482-3116933066-1167245005-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.4.1.0 - Auslogics Labs Pty Ltd)
Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.5.0.0 - Auslogics Software Pty Ltd)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
calibre 64bit (HKLM\...\{A96A1330-17E9-485A-BC51-341CF4FE2CE3}) (Version: 2.26.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
CrystalDiskInfo 6.1.14 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta6 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta6 - Andre Wiethoff)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FileHippo Update Checker Packages (HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\FileHippo Update Checker Packages) (Version:  - ) <==== ATTENTION
FLAC Frontend (HKLM-x32\...\{315E5E8B-0560-413A-B604-622A4C8BECBD}) (Version: 2.1.1 - Xiph.org)
Folder Guard (HKLM\...\Folder Guard) (Version: 9.1 - WinAbility® Software Corporation)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
IsoBuster 3.4 (HKLM-x32\...\IsoBuster_is1) (Version: 3.4 - Smart Projects)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MediaInfo 0.7.73 (HKLM\...\MediaInfo) (Version: 0.7.73 - MediaArea.net)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MKVToolNix 7.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.8.0 - Moritz Bunkus)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PDF to ePub Converter 3.0.6 (HKLM-x32\...\PDF to ePub Converter_is1) (Version:  - DONGSOFT Company, Inc.)
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SatSYNC (HKLM-x32\...\{5E8F648C-34D9-453B-9981-C4BA3EAACCC4}) (Version: 2.34.0056 - Satmap Systems Ltd)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SmartPack 1.21.0 (HKLM-x32\...\PlexUtil) (Version: 1.21.0 - PLDS)
Spectro (HKLM-x32\...\{1F8D186D-8C5C-4589-BC28-1A8964CA74A6}) (Version: 1.0.93 - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.2 - VSO Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-05-2015 11:17:31 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01A5FC66-D83A-47B2-8F7B-544D92E19B2A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {21EF2A89-8926-46E8-9634-F9BD06BA369B} - System32\Tasks\{D0107348-CC71-469C-A998-E22BDFABB8F0} => pcalua.exe -a H:\AUTORUN.EXE -d H:\
Task: {26D221A5-B2D9-4310-BD59-F164CAD13780} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3943CEF0-0675-4F73-A85C-4D2685148402} - \Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1008 No Task File <==== ATTENTION
Task: {40C71434-5B4D-4894-910C-01903714FED1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {412770CE-1D4E-4F48-B51E-0FF426DCD97C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {54D14DF3-898C-4991-A512-86C62A139054} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {552AFA0F-C174-4F35-A9D6-664F25A442FE} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6CB8C065-3BA6-4100-B1FD-D4AD0FFC8610} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {78A7DB2A-E765-4CE7-BEE6-EE31181AAD22} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {A8F6E4CD-C804-4DA2-9A2F-30D31C0B7535} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {AE2AB4C4-6B0C-4D0B-9CD6-29A928C19F50} - System32\Tasks\{4D7E8C1C-0A04-4331-BD19-98F158A03881} => pcalua.exe -a "C:\Program Files (x86)\NCH Software\ToneGen\tonegen.exe" -d C:\Users\Dyfan\Desktop
Task: {B020FD26-308E-4ACD-9CB4-30F207D06259} - System32\Tasks\{25A68E6A-8C33-4C59-BC62-F2E171212A0D} => pcalua.exe -a "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10.exe" -d "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]"
Task: {DB8AE249-2CAA-4BE9-9C15-DF371AAFB595} - System32\Tasks\{F76887A9-54D7-410A-B392-56B30D64989B} => pcalua.exe -a "C:\Program Files (x86)\NCH Swift Sound\ToolBox\uninst.exe" -d "C:\Program Files (x86)\NCH Swift Sound\ToolBox"
Task: {DBD571EF-49CD-4F3D-A177-B78B8F37D45F} - System32\Tasks\{5B482DAF-E957-46FD-BA98-EA9FE4239ACF} => pcalua.exe -a "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10 Crack\Tone.exe" -d "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10 Crack"
Task: {DEDA8278-572E-4301-B4FB-2DDBC8783F9E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F82ED9E2-A849-46DE-8F24-01326EA4C7B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-06-26 13:14 - 2012-06-01 18:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-06-26 13:14 - 2015-05-06 09:58 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-06-26 13:14 - 2010-06-29 11:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-06-26 13:16 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-06-26 13:16 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-06-26 13:16 - 2012-03-21 12:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-06-26 13:16 - 2012-05-25 10:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-06-26 13:16 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-06-26 13:16 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-06-26 13:16 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-06-26 13:16 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-06-26 13:16 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-06-26 13:16 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41414271.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41414271.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "CanonSolutionMenu"
HKLM\...\StartupApproved\Run: => "FG_Monitor"
HKLM\...\StartupApproved\Run32: => "CTxfiHlp"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{51826BE3-4F51-49D4-9519-07E45DA167DE}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{B7F4A477-2A00-4012-82FC-CE4D16AB4A07}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{6220F335-DDF1-4DBB-AE0B-712D968A2858}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{B0340E8C-BC79-4DFB-9C3E-854CE4CFF8FC}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{B2097384-13D5-4AA3-8A21-ED1AE0D45AE9}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{CE0A0D36-6A01-4AE1-9941-40698C14B801}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{FF48265B-E87F-4DD5-83D6-3BAE46EECDE5}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{63ED505E-6231-4C47-BFF1-3F9C1F1E6373}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{7ECAAF57-E284-4501-81B6-C944F4B593D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8F36885-4472-49F5-8121-A95F7BDC8373}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45E43067-B3DB-4CE4-B327-0AD4561CC150}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/05/2015 09:57:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/03/2015 01:07:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/03/2015 01:06:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (05/02/2015 11:50:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (05/02/2015 11:45:36 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (05/02/2015 11:19:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (05/01/2015 11:16:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (05/01/2015 10:19:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
Error: (05/01/2015 10:05:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/01/2015 10:04:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume System Reserved was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)
 
 
System errors:
=============
Error: (05/06/2015 09:58:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (05/06/2015 09:58:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%2
 
Error: (05/06/2015 09:58:10 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (05/05/2015 09:57:57 AM) (Source: DCOM) (EventID: 10010) (User: Sinbad)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/05/2015 09:57:27 AM) (Source: DCOM) (EventID: 10010) (User: Sinbad)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/05/2015 09:35:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3
 
Error: (05/05/2015 09:35:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%2
 
Error: (05/05/2015 09:34:52 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (05/04/2015 10:54:01 AM) (Source: DCOM) (EventID: 10010) (User: Sinbad)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/04/2015 10:53:31 AM) (Source: DCOM) (EventID: 10010) (User: Sinbad)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
 
Microsoft Office Sessions:
=========================
Error: (05/05/2015 09:57:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/03/2015 01:07:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/03/2015 01:06:55 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (05/02/2015 11:50:24 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (05/02/2015 11:45:36 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (05/02/2015 11:19:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (05/01/2015 11:16:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (05/01/2015 10:19:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
Error: (05/01/2015 10:05:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (05/01/2015 10:04:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System ReservedThe parameter is incorrect. (0x80070057)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-28 22:16:52.257
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:52.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:52.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:52.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:51.929
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:51.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:51.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:51.679
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:48.211
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-28 22:16:48.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-6400K APU with Radeon™ HD Graphics 
Percentage of memory in use: 19%
Total physical RAM: 7624.94 MB
Available physical RAM: 6100.34 MB
Total Pagefile: 7624.94 MB
Available Pagefile: 6114.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:118.9 GB) (Free:78.55 GB) NTFS
Drive d: (Maxtor) (Fixed) (Total:152.66 GB) (Free:29.59 GB) NTFS
Drive e: (Storage1) (Fixed) (Total:292.96 GB) (Free:30.42 GB) NTFS
Drive f: (Storage2) (Fixed) (Total:292.96 GB) (Free:31.35 GB) NTFS
Drive g: (Storage3) (Fixed) (Total:345.58 GB) (Free:56.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 2C402D9B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C9699AB9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 152.7 GB) (Disk ID: 7B25CC4E)
Partition 1: (Active) - (Size=152.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 

 


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x5F000000
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:62951;https=127.0.0.1:62951
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
S3 COMMONFX.DLL; \SystemRoot\System32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; \SystemRoot\System32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; \SystemRoot\System32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; \SystemRoot\System32\CTSBLFX.DLL [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
C:\WINDOWS\system32\DRIVERS\appexDrv.sys
C:\WINDOWS\System32\COMMONFX.DLL
C:\WINDOWS\System32\CTAUDFX.DLL
C:\WINDOWS\System32\CTSBLFX.DLL
C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
C:\WINDOWS\System32\drivers\vmci.sys
C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
C:\WINDOWS\System32\CTERFXFX.DLL
2015-05-01 09:42 - 2015-05-02 11:19 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1001
2014-08-22 15:29 - 2014-08-22 15:29 - 0099384 _____ () C:\Users\Dyfan\AppData\Roaming\inst.exe
2014-12-09 22:31 - 2014-12-09 22:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Dyfan\cygrunsrv.exe
C:\Users\Dyfan\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Dyfan\AppData\Local\Temp\vlc-2.2.1-win32.exe
Task: {21EF2A89-8926-46E8-9634-F9BD06BA369B} - System32\Tasks\{D0107348-CC71-469C-A998-E22BDFABB8F0} => pcalua.exe -a H:\AUTORUN.EXE -d H:\
Task: {3943CEF0-0675-4F73-A85C-4D2685148402} - \Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1008 No Task File <==== ATTENTION
Task: {AE2AB4C4-6B0C-4D0B-9CD6-29A928C19F50} - System32\Tasks\{4D7E8C1C-0A04-4331-BD19-98F158A03881} => pcalua.exe -a "C:\Program Files (x86)\NCH Software\ToneGen\tonegen.exe" -d C:\Users\Dyfan\Desktop
Task: {B020FD26-308E-4ACD-9CB4-30F207D06259} - System32\Tasks\{25A68E6A-8C33-4C59-BC62-F2E171212A0D} => pcalua.exe -a "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10.exe" -d "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]"
Task: {DB8AE249-2CAA-4BE9-9C15-DF371AAFB595} - System32\Tasks\{F76887A9-54D7-410A-B392-56B30D64989B} => pcalua.exe -a "C:\Program Files (x86)\NCH Swift Sound\ToolBox\uninst.exe" -d "C:\Program Files (x86)\NCH Swift Sound\ToolBox"
Task: {DBD571EF-49CD-4F3D-A177-B78B8F37D45F} - System32\Tasks\{5B482DAF-E957-46FD-BA98-EA9FE4239ACF} => pcalua.exe -a "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10 Crack\Tone.exe" -d "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10 Crack"
C:\Program Files (x86)\NCH Software
C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41414271.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41414271.sys => ""="Driver"
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#5
northwalian1

northwalian1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello,

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Dyfan at 2015-05-07 10:41:07 Run:1
Running from C:\Users\Dyfan\Desktop
Loaded Profiles: Dyfan (Available profiles: Dyfan & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x5F000000
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:62951;https=127.0.0.1:62951
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
S3 COMMONFX.DLL; \SystemRoot\System32\COMMONFX.DLL [X]
S3 CTAUDFX.DLL; \SystemRoot\System32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; \SystemRoot\System32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; \SystemRoot\System32\CTSBLFX.DLL [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
C:\WINDOWS\system32\DRIVERS\appexDrv.sys
C:\WINDOWS\System32\COMMONFX.DLL
C:\WINDOWS\System32\CTAUDFX.DLL
C:\WINDOWS\System32\CTSBLFX.DLL
C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
C:\WINDOWS\System32\drivers\vmci.sys
C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
C:\WINDOWS\System32\CTERFXFX.DLL
2015-05-01 09:42 - 2015-05-02 11:19 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1001
2014-08-22 15:29 - 2014-08-22 15:29 - 0099384 _____ () C:\Users\Dyfan\AppData\Roaming\inst.exe
2014-12-09 22:31 - 2014-12-09 22:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Dyfan\cygrunsrv.exe
C:\Users\Dyfan\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Dyfan\AppData\Local\Temp\vlc-2.2.1-win32.exe
Task: {21EF2A89-8926-46E8-9634-F9BD06BA369B} - System32\Tasks\{D0107348-CC71-469C-A998-E22BDFABB8F0} => pcalua.exe -a H:\AUTORUN.EXE -d H:\
Task: {3943CEF0-0675-4F73-A85C-4D2685148402} - \Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1008 No Task File <==== ATTENTION
Task: {AE2AB4C4-6B0C-4D0B-9CD6-29A928C19F50} - System32\Tasks\{4D7E8C1C-0A04-4331-BD19-98F158A03881} => pcalua.exe -a "C:\Program Files (x86)\NCH Software\ToneGen\tonegen.exe" -d C:\Users\Dyfan\Desktop
Task: {B020FD26-308E-4ACD-9CB4-30F207D06259} - System32\Tasks\{25A68E6A-8C33-4C59-BC62-F2E171212A0D} => pcalua.exe -a "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10.exe" -d "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]"
Task: {DB8AE249-2CAA-4BE9-9C15-DF371AAFB595} - System32\Tasks\{F76887A9-54D7-410A-B392-56B30D64989B} => pcalua.exe -a "C:\Program Files (x86)\NCH Swift Sound\ToolBox\uninst.exe" -d "C:\Program Files (x86)\NCH Swift Sound\ToolBox"
Task: {DBD571EF-49CD-4F3D-A177-B78B8F37D45F} - System32\Tasks\{5B482DAF-E957-46FD-BA98-EA9FE4239ACF} => pcalua.exe -a "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10 Crack\Tone.exe" -d "C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]\NCH Software - Tone Generator v2.10 Crack"
C:\Program Files (x86)\NCH Software
C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41414271.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41414271.sys => ""="Driver"
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0" => Key deleted successfully.
AODDriver4.2.0 => Service deleted successfully.
APXACC => Service deleted successfully.
COMMONFX.DLL => Service deleted successfully.
CTAUDFX.DLL => Service deleted successfully.
CTERFXFX.DLL => Service deleted successfully.
CTSBLFX.DLL => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
vmci => Service deleted successfully.
VMnetAdapter => Service deleted successfully.
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys" => File/Directory not found.
"C:\WINDOWS\system32\DRIVERS\appexDrv.sys" => File/Directory not found.
"C:\WINDOWS\System32\COMMONFX.DLL" => File/Directory not found.
"C:\WINDOWS\System32\CTAUDFX.DLL" => File/Directory not found.
"C:\WINDOWS\System32\CTSBLFX.DLL" => File/Directory not found.
"C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys" => File/Directory not found.
"C:\WINDOWS\System32\drivers\vmci.sys" => File/Directory not found.
"C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys" => File/Directory not found.
"C:\WINDOWS\System32\CTERFXFX.DLL" => File/Directory not found.
C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1001 => Moved successfully.
C:\Users\Dyfan\AppData\Roaming\inst.exe => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\Dyfan\cygrunsrv.exe => Moved successfully.
C:\Users\Dyfan\AppData\Local\Temp\jre-8u45-windows-au.exe => Moved successfully.
C:\Users\Dyfan\AppData\Local\Temp\vlc-2.2.1-win32.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21EF2A89-8926-46E8-9634-F9BD06BA369B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21EF2A89-8926-46E8-9634-F9BD06BA369B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D0107348-CC71-469C-A998-E22BDFABB8F0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D0107348-CC71-469C-A998-E22BDFABB8F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3943CEF0-0675-4F73-A85C-4D2685148402}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3943CEF0-0675-4F73-A85C-4D2685148402}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2413718482-3116933066-1167245005-1008" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE2AB4C4-6B0C-4D0B-9CD6-29A928C19F50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE2AB4C4-6B0C-4D0B-9CD6-29A928C19F50}" => Key deleted successfully.
C:\Windows\System32\Tasks\{4D7E8C1C-0A04-4331-BD19-98F158A03881} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4D7E8C1C-0A04-4331-BD19-98F158A03881}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B020FD26-308E-4ACD-9CB4-30F207D06259}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B020FD26-308E-4ACD-9CB4-30F207D06259}" => Key deleted successfully.
C:\Windows\System32\Tasks\{25A68E6A-8C33-4C59-BC62-F2E171212A0D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{25A68E6A-8C33-4C59-BC62-F2E171212A0D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB8AE249-2CAA-4BE9-9C15-DF371AAFB595}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB8AE249-2CAA-4BE9-9C15-DF371AAFB595}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F76887A9-54D7-410A-B392-56B30D64989B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F76887A9-54D7-410A-B392-56B30D64989B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD571EF-49CD-4F3D-A177-B78B8F37D45F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD571EF-49CD-4F3D-A177-B78B8F37D45F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5B482DAF-E957-46FD-BA98-EA9FE4239ACF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5B482DAF-E957-46FD-BA98-EA9FE4239ACF}" => Key deleted successfully.
"C:\Program Files (x86)\NCH Software" => File/Directory not found.
"C:\Users\Dyfan\Desktop\NCH Software - Tone Generator v2.10 + Crack [h33t][MurtajiZ]" => File/Directory not found.
C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\41414271.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\41414271.sys" => Key deleted successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2413718482-3116933066-1167245005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:41:20 ====

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


  • 0

#7
northwalian1

northwalian1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello,

 

# AdwCleaner v4.203 - Logfile created 07/05/2015 at 19:20:32
# Updated 30/04/2015 by Xplode
# Database : 2015-05-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Dyfan - SINBAD
# Running from : C:\Users\Dyfan\Desktop\adwcleaner_4.203.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v37.0.2 (x86 en-GB)
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [773 bytes] - [07/05/2015 19:20:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [831 bytes] ##########

  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

So AdwCleaner no longer finds the proxy entries?
 
Let us see what MalwareBytes' Antimalware finds (if anything).


Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware from either your desktop shortcut (if you have one) or the Start Menu shortcut.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection.  Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Make sure that everything is checked, and click Remove Selected.  when the removal is completed, a summary screen will be presented.
mbam21-saveresults_zpszocfy4qr.jpg

At the bottom of this screen, click on Save Results and then on Text file (*.txt).  Save the file to your desktop and click OK.  Click Finish to return to the main screen and then close Malwarebytes.
mbam21-finish_zpshfl56bcn.jpg

Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


  • 0

#9
northwalian1

northwalian1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello,

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 08/05/2015
Scan Time: 13:44:16
Logfile: results.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.08.03
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dyfan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453924
Time Elapsed: 7 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

How is your system running?


  • 0

#11
northwalian1

northwalian1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Everything seems fine.

 

I've haven't noticed anything unusual.

 

Thanks a lot for helping out.


  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Not a problem; let's get the tools cleaaned and you on your way.


All right!! :D Your logs are clean and you're good to go now!! :thumbsup: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

 

Download Delfix from here to your desktop and double click it to start the program

  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).


You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online
 

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!


  • 0

#13
northwalian1

northwalian1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Thanks again,

 

# DelFix v1.010 - Logfile created 08/05/2015 at 19:14:45
# Updated 26/04/2015 by Xplode
# Username : Dyfan - SINBAD
# Operating System : Windows 8.1  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\QuickDiag
Deleted : C:\RegBackup
Deleted : C:\Users\Dyfan\Desktop\FRST-OlderVersion
Deleted : C:\QuickDiag_08_10_2014_21_10_12.txt
Deleted : C:\TDSSKiller.3.0.0.42_09.02.2015_14.28.37_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_12.12.2014_09.57.12_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_13.12.2014_15.40.38_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_16.01.2015_10.17.40_log.txt
Deleted : C:\TDSSKiller.3.0.0.42_16.01.2015_10.18.39_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_09.02.2015_14.30.36_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_24.03.2015_16.41.04_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_26.02.2015_15.38.15_log.txt
Deleted : C:\TDSSKiller.3.0.0.44_30.04.2015_21.31.51_log.txt
Deleted : C:\Users\Dyfan\Desktop\Addition.txt
Deleted : C:\Users\Dyfan\Desktop\adwcleaner_4.203.exe
Deleted : C:\Users\Dyfan\Desktop\Fixlog.txt
Deleted : C:\Users\Dyfan\Desktop\FRST.txt
Deleted : C:\Users\Dyfan\Desktop\FRST64.exe
Deleted : C:\Users\Dyfan\Desktop\TDSSKiller.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #341 [Windows Update | 05/06/2015 12:40:18]
Deleted : RP #343 [Restore Point Created by FRST | 05/07/2015 09:41:07]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#14
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP