Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware spyware pop ups windows 7 64 gb [Closed]

spyware malware

  • This topic is locked This topic is locked

#1
dssole23

dssole23

    Member

  • Member
  • PipPip
  • 77 posts

Hey my Windows 7 pc has been infected with some sort of spyware,malware,or virus i have mcafee virus protector but nothing,When i launch fire fox and try to surf the web it goes slow,new tabs start opening with advertisment of pc repair ,spyware,repair,also i here voices of comercails playing but cant find the source so i have just wait it out for it to finish at this point i dont want to lose any bookmarks or data stored anything can help thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015
Ran by FAM (administrator) on FAM-HP on 22-05-2015 18:01:45
Running from C:\Users\FAM\Downloads
Loaded Profiles: FAM (Available profiles: FAM & Darwin & b)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(SecureSoft) C:\Windows\mlwps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Gamma Task Menager\privoxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2011-12-13] (IDT, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [fst_us_234] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [Epson Stylus NX420(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\MountPoints2: {e30b19b0-3440-11e4-8cd8-9cb70d9d0814} - J:\LG_PC_Programs.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-08-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-05-09]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk [2014-05-03]
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (No File)
Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk [2014-05-03]
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:61049;https=127.0.0.1:61049
ProxyEnable: [S-1-5-21-1926916054-430606287-3612663155-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1926916054-430606287-3612663155-1000] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM -> {710C628C-481E-4E06-A686-3BB08FFC516E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com...=1384944263&ir=
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {710C628C-481E-4E06-A686-3BB08FFC516E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> DefaultScope {9108B9A2-C3B1-4CCA-AEA5-A60B078BC9B0} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://groovorio.com...r=840853540&ir=
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir=
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {710C628C-481E-4E06-A686-3BB08FFC516E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {9108B9A2-C3B1-4CCA-AEA5-A60B078BC9B0} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com...=1384944263&ir=
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Gamma Task Menager\jsie.dll [2015-04-14] (SecureSoft)
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2014-01-21] (We-Care.com)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll [2014-04-02] (MySearchDial)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll [2014-04-02] (MySearchDial)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2014-03-18] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Hosts: 127.0.0.1            d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: https://search.yahoo...US0D20150113&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\user.js [2014-09-24]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\ask-search.xml [2014-10-15]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\default-search.xml [2014-08-28]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Groovorio.xml [2014-09-24]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Mysearchdial.xml [2014-04-02]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\search.xml [2014-11-26]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\trovi-search.xml [2014-08-29]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\yahoo_ff.xml [2014-08-28]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\f89a3bdc7d1ebfc414bac8611651a5c3 [2015-05-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Darwin\AppData\Local\Slick Savings\coupons.crx [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) []
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) []
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) []
R2 Live Malware Protection; C:\Windows\mlwps.exe [242688 2015-04-14] (SecureSoft) [] <==== ATTENTION
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-04-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 PrivoxyService; C:\Program Files (x86)\Gamma Task Menager\privoxy.exe [371200 2015-04-14] (The Privoxy team - www.privoxy.org) [] <==== ATTENTION
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2011-12-13] (IDT, Inc.) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Util ConstaSurf; "C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-04-24] (StdLib)
S3 USBPNPA; system32\drivers\CM10864.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 18:01 - 2015-05-22 18:02 - 00032777 _____ () C:\Users\FAM\Downloads\FRST.txt
2015-05-22 17:59 - 2015-05-22 18:01 - 00000000 ____D () C:\FRST
2015-05-22 17:59 - 2015-05-22 17:59 - 02108416 _____ (Farbar) C:\Users\FAM\Desktop\FRST64.exe
2015-05-22 17:47 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-05-17 03:03 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 03:03 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 16:42 - 2015-05-16 16:42 - 00000000 ____D () C:\Users\b\AppData\Local\Apple
2015-05-16 12:18 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-16 12:18 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-16 12:18 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-16 12:18 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-16 12:18 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 12:18 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-16 12:18 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-16 12:18 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 12:18 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-16 12:18 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 12:18 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 12:18 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-16 12:18 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 12:18 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 12:18 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-16 12:18 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-16 12:18 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-16 12:18 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-16 12:18 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 12:18 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-16 12:18 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-16 12:18 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-16 12:18 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-16 12:18 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-16 12:18 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 12:18 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-16 12:18 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 12:18 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-16 12:18 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-16 12:18 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-16 12:18 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-16 12:18 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-16 12:18 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-16 12:18 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-16 12:18 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 12:18 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-16 12:18 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-16 12:18 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 12:18 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-16 12:18 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 12:18 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-16 12:18 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-16 12:18 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-16 12:18 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-16 12:18 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-16 12:18 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-16 12:18 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-16 12:18 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-16 12:18 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 12:18 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-16 12:18 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-16 12:18 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-16 12:18 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-16 12:18 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-16 12:18 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-16 12:17 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-16 12:17 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-16 12:17 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-16 12:17 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-16 12:17 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-16 12:17 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-16 12:17 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-16 12:17 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-16 12:17 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-16 12:17 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-16 12:17 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-16 12:17 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-16 12:17 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-16 12:17 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-16 12:17 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-16 12:17 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-16 12:17 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-16 12:17 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-16 12:17 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-16 12:17 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-16 12:17 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-16 12:17 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-16 12:17 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-16 12:17 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-16 12:17 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-16 12:17 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-16 12:17 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 12:17 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 12:17 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-16 12:17 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 12:17 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-16 12:17 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 12:17 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-16 12:17 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-16 12:17 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 12:17 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-16 12:17 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-16 12:17 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-16 12:17 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-16 12:17 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-16 12:17 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-16 12:17 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-16 12:17 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-16 12:17 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-16 12:17 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-16 12:17 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-16 12:17 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-16 12:14 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-16 12:14 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-16 12:14 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-16 12:14 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-16 12:14 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-16 12:14 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-16 12:14 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-10 17:53 - 2015-05-10 17:53 - 00000000 ____D () C:\Users\b\AppData\Roaming\Opera Software
2015-05-10 17:53 - 2015-05-10 17:53 - 00000000 ____D () C:\Users\b\AppData\Local\Opera Software
2015-05-09 14:58 - 2015-05-22 17:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-09 14:58 - 2015-05-09 14:58 - 00003812 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1431201519
2015-05-09 14:58 - 2015-05-09 14:58 - 00001137 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-05-09 14:58 - 2015-05-09 14:58 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Opera Software
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\FAM\AppData\Local\Opera Software
2015-05-09 14:57 - 2015-05-09 14:57 - 00684192 _____ (Opera Software) C:\Users\FAM\Downloads\Opera_NI_stable.exe
2015-05-06 22:02 - 2015-05-06 22:02 - 00000000 ____D () C:\Users\b\AppData\Local\Steam
2015-05-06 21:26 - 2015-05-06 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-06 21:03 - 2015-05-06 21:03 - 00000000 _____ () C:\Users\b\Sti_Trace.log
2015-05-04 21:21 - 2015-05-04 21:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-04 21:21 - 2015-05-04 21:21 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-04 21:21 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-04 21:21 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-04 21:21 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-04 21:21 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-04 21:21 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-04 21:21 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-04 21:21 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-04 21:21 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-04 21:21 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-04 21:21 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-04 21:21 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-04 21:21 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-04 21:21 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-04 21:21 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-04 21:21 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-04 21:21 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-04 21:21 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-04 21:20 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-04 21:16 - 2015-05-04 22:43 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2015-05-04 21:15 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-04 21:15 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-30 20:50 - 2015-05-04 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-30 20:50 - 2015-05-04 21:00 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-24 22:31 - 2015-05-04 20:59 - 00000000 ____D () C:\Users\FAM\Desktop\Instagram Mega Bot - Build v.4.0.2.4
2015-04-24 22:08 - 2015-04-24 22:08 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\UBot Studio
2015-04-24 22:07 - 2015-04-24 22:29 - 04581263 _____ () C:\Users\FAM\Downloads\Instagram-Mega-Bot-Build-v.4.0.2.4.zip
2015-04-24 00:28 - 2015-05-04 20:40 - 00000000 ____D () C:\Program Files\OBS
2015-04-24 00:28 - 2015-05-04 20:40 - 00000000 ____D () C:\Program Files (x86)\OBS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 17:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 17:57 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 17:54 - 2014-04-01 04:01 - 01296375 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 17:54 - 2009-07-14 00:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 17:49 - 2012-08-01 19:10 - 00000000 ____D () C:\ProgramData\PDFC
2015-05-22 17:48 - 2015-01-13 22:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-22 17:48 - 2010-11-20 22:47 - 00767768 _____ () C:\Windows\PFRO.log
2015-05-22 17:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 17:48 - 2009-07-13 23:51 - 00068707 _____ () C:\Windows\setupact.log
2015-05-22 17:46 - 2015-01-13 22:30 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-18 23:28 - 2014-04-01 21:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-18 23:11 - 2014-11-19 12:18 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForFAM.job
2015-05-18 20:15 - 2014-08-29 01:01 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C9B7F23A-8D1A-4463-876F-696EE13FB47F}
2015-05-18 20:13 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-05-17 03:30 - 2014-04-03 05:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-17 03:30 - 2014-04-03 05:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-17 03:30 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-17 03:28 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-17 03:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-17 03:12 - 2014-04-03 02:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-17 03:12 - 2011-02-11 12:15 - 00799564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-17 03:10 - 2014-05-20 20:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-17 03:06 - 2014-05-20 20:27 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-17 03:03 - 2014-04-03 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-16 16:33 - 2014-04-02 22:12 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFAM-HP$
2015-05-16 16:33 - 2014-04-02 22:12 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForFAM-HP$.job
2015-05-11 01:15 - 2014-04-20 20:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-09 15:08 - 2014-11-19 12:18 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForFAM
2015-05-09 14:26 - 2014-04-02 04:15 - 00000000 ____D () C:\Users\FAM\AppData\Local\CrashDumps
2015-05-09 14:08 - 2014-04-01 04:06 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F6F417E-8EB2-478C-9F97-93DDA3B32B89}
2015-05-09 11:22 - 2014-04-01 04:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-06 21:31 - 2014-08-29 01:01 - 00000000 ____D () C:\Users\b\AppData\Roaming\Apple Computer
2015-05-06 21:03 - 2014-08-29 00:59 - 00000000 ____D () C:\Users\b
2015-05-06 20:29 - 2014-04-02 22:28 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-06 20:28 - 2014-04-23 23:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-05-05 03:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-05 03:16 - 2014-12-10 09:10 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-05 03:16 - 2014-05-07 04:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-04 22:32 - 2014-04-01 04:13 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-04 22:32 - 2014-04-01 04:13 - 00001100 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-04 22:32 - 2014-04-01 04:06 - 00001357 _____ () C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-04 21:52 - 2015-02-22 18:31 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-04 21:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-04 21:22 - 2014-12-23 15:31 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-04 21:21 - 2012-08-01 19:07 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-04 21:19 - 2014-09-09 12:42 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Skype
2015-05-04 21:19 - 2012-08-01 19:05 - 00000000 ____D () C:\ProgramData\Skype
2015-05-04 21:18 - 2015-04-14 22:31 - 00000000 ____D () C:\Program Files (x86)\Gamma Task Menager
2015-05-04 21:18 - 2015-02-22 18:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-04 21:18 - 2014-05-17 03:13 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-04 21:18 - 2014-05-17 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-04 21:16 - 2014-10-15 12:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-04 21:15 - 2014-05-03 13:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-04 21:11 - 2014-05-07 02:36 - 00000000 ____D () C:\Users\FAM\Desktop\ts
2015-05-04 21:10 - 2012-08-01 19:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-04 21:09 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-05-04 21:04 - 2014-04-01 04:01 - 00000000 ____D () C:\Users\FAM
2015-05-04 21:02 - 2014-09-13 14:24 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-04 21:00 - 2015-04-14 22:43 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Getprivate VPN
2015-05-04 21:00 - 2015-04-14 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN
2015-05-04 21:00 - 2015-04-14 22:30 - 00000000 ____D () C:\Users\FAM\AppData\Local\Updater
2015-05-04 21:00 - 2015-04-07 00:38 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-04 21:00 - 2015-03-25 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-04 21:00 - 2015-02-22 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-04 21:00 - 2014-12-10 09:17 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-04 21:00 - 2014-10-15 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-04 21:00 - 2014-08-29 00:50 - 00000000 ____D () C:\Windows\Minidump
2015-05-04 21:00 - 2014-05-03 11:55 - 00000000 ____D () C:\Users\Darwin
2015-05-04 21:00 - 2014-05-03 11:46 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 21:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-04 20:59 - 2014-04-01 04:06 - 00000000 ____D () C:\Users\FAM\AppData\Local\VirtualStore
2015-05-04 20:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-05-04 20:57 - 2015-01-13 22:41 - 00000000 ____D () C:\Program Files\McAfee
2015-05-04 20:57 - 2014-09-13 14:23 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-04 20:57 - 2014-04-03 02:25 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\SoftGrid Client
2015-05-04 20:56 - 2014-04-03 02:40 - 00000000 __RHD () C:\MSOCache
2015-04-30 20:51 - 2011-02-11 12:00 - 00000000 ____D () C:\Windows\Panther
2015-04-25 20:29 - 2014-09-13 14:23 - 00000000 ____D () C:\Users\FAM\AppData\Local\Adobe

==================== Files in the root of some directories =======

2015-04-14 22:31 - 2015-04-14 22:31 - 0000000 _____ () C:\Users\FAM\AppData\Roaming\313A.tmp
2015-04-14 22:31 - 2015-04-14 22:31 - 0803840 _____ () C:\Users\FAM\AppData\Roaming\313A.tmp.exe
2014-09-13 15:16 - 2014-09-13 15:16 - 0000044 _____ () C:\Users\FAM\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Darwin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Darwin\AppData\Local\Temp\jreInstall.exe
C:\Users\Darwin\AppData\Local\Temp\nsa4A93.exe
C:\Users\Darwin\AppData\Local\Temp\nspE8CF.exe
C:\Users\Darwin\AppData\Local\Temp\nsv440D.exe
C:\Users\Darwin\AppData\Local\Temp\nsvED82.exe
C:\Users\Darwin\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Darwin\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Darwin\AppData\Local\Temp\System.Data.SQLite76689.dll
C:\Users\Darwin\AppData\Local\Temp\utt96E8.tmp.exe
C:\Users\FAM\AppData\Local\Temp\1551.tmp.exe
C:\Users\FAM\AppData\Local\Temp\2191.tmp.exe
C:\Users\FAM\AppData\Local\Temp\2672.tmp.exe
C:\Users\FAM\AppData\Local\Temp\39C2.tmp.exe
C:\Users\FAM\AppData\Local\Temp\3E3.tmp.exe
C:\Users\FAM\AppData\Local\Temp\3F1F.tmp.exe
C:\Users\FAM\AppData\Local\Temp\496C.tmp.exe
C:\Users\FAM\AppData\Local\Temp\497D.tmp.exe
C:\Users\FAM\AppData\Local\Temp\5416.tmp.exe
C:\Users\FAM\AppData\Local\Temp\5B36.tmp.exe
C:\Users\FAM\AppData\Local\Temp\5B57.tmp.exe
C:\Users\FAM\AppData\Local\Temp\5B8.tmp.exe
C:\Users\FAM\AppData\Local\Temp\607.tmp.exe
C:\Users\FAM\AppData\Local\Temp\60A3.tmp.exe
C:\Users\FAM\AppData\Local\Temp\6796.tmp.exe
C:\Users\FAM\AppData\Local\Temp\8784.tmp.exe
C:\Users\FAM\AppData\Local\Temp\87B2.tmp.exe
C:\Users\FAM\AppData\Local\Temp\96A0.tmp.exe
C:\Users\FAM\AppData\Local\Temp\9B05.tmp.exe
C:\Users\FAM\AppData\Local\Temp\BB7F.tmp.exe
C:\Users\FAM\AppData\Local\Temp\BE1E.tmp.exe
C:\Users\FAM\AppData\Local\Temp\BE8B.tmp.exe
C:\Users\FAM\AppData\Local\Temp\CAF9.tmp.exe
C:\Users\FAM\AppData\Local\Temp\D334.tmp.exe
C:\Users\FAM\AppData\Local\Temp\EA3C.tmp.exe
C:\Users\FAM\AppData\Local\Temp\EC8D.tmp.exe
C:\Users\FAM\AppData\Local\Temp\F0E0.tmp.exe
C:\Users\FAM\AppData\Local\Temp\tasks.dll
C:\Users\FAM\AppData\Local\Temp\utt3C84.tmp.exe
C:\Users\FAM\AppData\Local\Temp\utt482.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-06 23:00

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015
Ran by FAM at 2015-05-22 18:03:16
Running from C:\Users\FAM\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1926916054-430606287-3612663155-500 - Administrator - Disabled)
b (S-1-5-21-1926916054-430606287-3612663155-1002 - Limited - Enabled) => C:\Users\b
Darwin (S-1-5-21-1926916054-430606287-3612663155-1001 - Administrator - Enabled) => C:\Users\Darwin
FAM (S-1-5-21-1926916054-430606287-3612663155-1000 - Administrator - Enabled) => C:\Users\FAM
Guest (S-1-5-21-1926916054-430606287-3612663155-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{58E93CCD-C0B4-C0FB-8FA0-AC56CC4344C7}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{8DCCC556-265B-478A-8B32-C12DA988BA74}) (Version: 0.9.4.4079 - BlueStack Systems, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CopyTrans Suite Remove Only (HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CWA Reminder by We-Care.com v4.1.26.3 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Getprivate VPN version 1.0 (HKLM-x32\...\{43A12E1B-6532-4C90-90A5-60972044DFED}_is1) (Version: 1.0 - ) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6374.0 - IDT)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.274 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-05-2015 21:28:34 Windows Update
05-05-2015 03:00:31 Windows Update
16-05-2015 12:00:36 Scheduled Checkpoint
17-05-2015 03:01:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-05-09 01:16 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1            d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02024279-7AD9-496A-A23D-9A08A2E7FD67} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {13A4E578-0A3B-4B5D-A96C-34E199C00C83} - System32\Tasks\Malware Cleaner => C:\Users\FAM\AppData\Roaming\313A.tmp.exe [2015-04-14] () <==== ATTENTION
Task: {147AC3E0-122E-4B9D-A304-BB540D85FBF0} - System32\Tasks\HPCeeScheduleForFAM => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2014806E-B7C6-42EA-A9F6-CD6FF45F5283} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {24211484-27FE-4D09-A53E-CA61ABE35D53} - System32\Tasks\TidyNetwork Update => C:\Users\FAM\AppData\Local\TidyNetwork\update.exe
Task: {52105065-DB88-40CA-97C9-04B21D0D4F57} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {5254E8EA-5A60-44F4-A4F1-7DD9346913AB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {890D3E9F-7606-407F-8C12-5DF4F4BBE2F3} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9AF9D141-1338-4BB0-830E-00303C5299C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A17C5EA0-8C9E-48FF-A753-9D7E6C180017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AB93213E-7B02-4FFA-9E8C-3876736A17A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B45CC53E-47DD-4069-B5B0-2A25A9021668} - System32\Tasks\System Installer => C:\Users\FAM\AppData\Local\Updater\winupd.exe [2015-04-14] () <==== ATTENTION
Task: {C2B7DF03-1845-44EC-B631-DA15342EF3FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {C5A5741F-A037-488A-B402-A0BD97A047F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {D452B218-5803-4F20-9F16-2CB240E070FC} - System32\Tasks\HPCeeScheduleForFAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D7607ACD-31C0-4461-B6E1-68DB85964ED2} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {E067279B-9DF3-4B66-B89F-CEC278D1C7E9} - System32\Tasks\Opera scheduled Autoupdate 1431201519 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {E21181FD-2A20-4C78-9549-B9322CBB2398} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EDD41146-CC8B-4830-A5D5-8171DCBD5E98} - System32\Tasks\Gamma Task Menager Service => C:\Program Files (x86)\Gamma Task Menager\ gtrsecure.exe
Task: {EFE11949-2277-42C0-AE30-480AEDEB0AF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F2867B33-8D98-4FCC-A698-62CC772FC80A} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {FD7392F9-FCB3-48CF-8CFD-4600227BDF89} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForFAM.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-01-21 00:13 - 2012-01-21 00:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 16:03 - 2011-11-02 16:03 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\FAM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DB7298FB-9EDD-468D-B387-0B2CD0E86021}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{22E6BD61-8E67-4B1A-8655-74732EC95A20}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{03701293-F8B5-4CD3-BF3E-7D81F987E33D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{97CEB0CB-9F81-48D8-8D9E-8696D3416221}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{D02F50A5-DDDC-456D-A261-DDD9E77425A1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FFF8E465-45F9-4071-8101-17254A423368}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{DE9EBD6B-66BC-4E4E-A94D-16255DD3080A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{BC81A50B-ECA7-4139-9689-D9B3782967B2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{A1733374-2950-474B-8359-2EAB12F9E5B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{4FEE2665-0D5E-4897-97A3-326CCAB76640}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{85E40037-EDFA-4353-9AF1-A22CDCE04AEE}] => (Allow) LPort=2869
FirewallRules: [{6F8751ED-B4CC-489F-8F28-4E4AE28BC867}] => (Allow) LPort=1900
FirewallRules: [{D5A383DC-E5E6-49E8-93A1-0503E5AEC305}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5FACF373-292A-4970-A4FD-578F06462F15}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3E9B1FC2-6349-48EC-ACC3-A92A1203EF35}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{864EADA9-370E-4614-B0E2-390F5A267E4D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{63036F0C-EB08-42C8-9089-17012B1BC90C}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{EF0BC31A-8DE2-4590-B8DA-E0AE8F42FF24}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{31B13786-A91C-405A-A2E6-B8B0BF8A562D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8C8C345E-B799-46F9-B04F-94064C0D2557}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{176E1AF5-44A5-462F-BE5A-DAC915B0246E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1A83CFFB-4A81-4799-A46D-97CFD3584168}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{A239FA96-66A6-49B2-B2F0-FB26EC9E8682}] => (Allow) LPort=1886
FirewallRules: [{189909BC-4EFE-4241-9DAB-A34B9782F394}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB2B9516-B7D0-4A43-BD81-C4382ACF0B67}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EB1A026E-9BD3-400D-9AAE-50BDD920C6A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE29D187-43A3-4FD1-9FC4-42E59878EEBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4C52D019-6E96-49A0-BA26-3A0B015D0CB3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{11E6F238-2605-4449-93EC-403017BFB362}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeUpdater.exe
FirewallRules: [{FE6A3534-EA62-4133-8FAF-B08FEC8C1F9C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4E58C1DF-8CEA-4F15-977B-084C587C0D83}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{C46948EA-6C26-4CA6-903A-F649187B886D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CABAE845-51C4-469D-84BD-AEBAF27B0A25}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0437EBE-AF40-4227-8130-7704FA9F6889}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09744B47-F1FE-4DFD-B18E-5D0D896010CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5204B6C1-91CA-4BBE-86BC-386DA506FB35}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{41E941F6-860B-4121-B487-87EB7A31B2DF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9D75AE74-8350-47BB-B856-D9B2F9D37B4E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9747722F-FEDB-4A0B-A757-F4324D56F690}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E3F083F-1929-4CED-B39F-E3B986FA2509}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DDD3652-D5AC-4C8E-89C0-ED812CDB0336}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{C32F944C-4CAF-4604-8F65-C8A64A654114}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5606867F-A05D-4C3C-8A7E-273D179336FC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: SGH-T399N
Description: SGH-T399N
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Samsung Electronics Co., Ltd.
Service: WUDFRd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 05:49:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (05/22/2015 05:49:49 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=F2C}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7130.5000.sft'(rc 2460420A-40002EFD, original rc 2460420A-40002EFD).

Error: (05/22/2015 05:49:11 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/22/2015 05:39:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Click-2-Run package registration failure.

Error: (05/22/2015 05:39:31 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=DC8}
The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft....7130.5000.sft'(rc 2460420A-40002EFD, original rc 2460420A-40002EFD).

Error: (05/22/2015 05:38:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/18/2015 11:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_DiagTrack, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18839, time stamp: 0x553e8bfa
Exception code: 0xc000000d
Fault offset: 0x000000000006ec12
Faulting process id: 0x714
Faulting application start time: 0xsvchost.exe_DiagTrack0
Faulting application path: svchost.exe_DiagTrack1
Faulting module path: svchost.exe_DiagTrack2
Report Id: svchost.exe_DiagTrack3

Error: (05/18/2015 08:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7566

Error: (05/18/2015 08:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7566

Error: (05/18/2015 08:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/22/2015 05:51:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

Error: (05/22/2015 05:49:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/22/2015 05:48:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util ConstaSurf service failed to start due to the following error:
%%2

Error: (05/22/2015 05:47:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (05/22/2015 05:47:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (05/22/2015 05:47:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053

Error: (05/22/2015 05:47:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (05/22/2015 05:46:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Proxy Service service failed to start due to the following error:
%%1053

Error: (05/22/2015 05:46:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.

Error: (05/22/2015 05:46:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Personal Firewall Service service failed to start due to the following error:
%%1053


Microsoft Office:
=========================
Error: (05/22/2015 05:49:49 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Click-2-Run package registration failure.

Error: (05/22/2015 05:49:49 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=F2C}
http://c2r.microsoft...60420A-40002EFD

Error: (05/22/2015 05:49:11 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/22/2015 05:39:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Click-2-Run package registration failure.

Error: (05/22/2015 05:39:31 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {tid=DC8}
http://c2r.microsoft...60420A-40002EFD

Error: (05/22/2015 05:38:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/18/2015 11:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1271401d0907bcc4c9f43C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllc1463d85-fde3-11e4-981c-9cb70d9d0814

Error: (05/18/2015 08:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7566

Error: (05/18/2015 08:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7566

Error: (05/18/2015 08:52:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor: AMD A10-5700 APU with Radeon™ HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 9654.91 MB
Available physical RAM: 5940.52 MB
Total Pagefile: 19308.03 MB
Available Pagefile: 15146.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1851.65 GB) (Free:1743.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.27 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D1C61B68)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1851.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello Dssole23 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll start analysing your log and post a fix for you soon. :)

  • 0

#3
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

great thank you i will print


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Ok. we've got a bit to tidy up. :)

First


I noticed that you run FRST64.exe from Users\FAM\Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

Then


Step1 - Remove Programs
Please uninstall the following unwanted programs:

CWA Reminder by We-Care.com v4.1.26.3
Getprivate VPN version 1.0
rrsavings



Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. CWA Reminder by We-Care.com v4.1.26.3
Click uninstall.
Repeat the above steps for all the other programs to remove.



Step2 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   9.56KB   169 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Things for your next post:
  • Fixlog.txt

  • 0

#5
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

so two program out of three dont wanna uninstall CWA Reminder by We-Care.com v4.1.26.3
Getprivate VPN version 1.0
for the get private vpn says doesnt exist the other one it tell me ok to update yes or no but then it doesnt do nothing


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

OK. Carry on with Step2 - FRST fix please.

Thanks
  • 0

#7
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015
Ran by FAM at 2015-05-24 14:10:09 Run:1
Running from C:\Users\FAM\Desktop
Loaded Profiles: FAM (Available profiles: FAM & Darwin & b)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Gamma Task Menager\privoxy.exe
(SecureSoft) C:\Windows\mlwps.exe
HKLM-x32\...\Run: [fst_us_234] => [X]
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\...\MountPoints2: {e30b19b0-3440-11e4-8cd8-9cb70d9d0814} - J:\LG_PC_Programs.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-05-09]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk [2014-05-03]
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (No File)
Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk [2014-05-03]
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (No File)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:61049;https=127.0.0.1:61049
ProxyEnable: [S-1-5-21-1926916054-430606287-3612663155-1000] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1926916054-430606287-3612663155-1000] => 127.0.0.1:8118
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com...=1384944263&ir=
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://groovorio.com...r=840853540&ir=
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearc...r=462965117&ir=
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-s...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com...=1384944263&ir=
SearchScopes: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2014-01-21] (We-Care.com)
BHO-x32: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll [2014-04-02] (MySearchDial)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll [2014-04-02] (MySearchDial)
Toolbar: HKU\S-1-5-21-1926916054-430606287-3612663155-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchEngine: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\user.js [2014-09-24]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\ask-search.xml [2014-10-15]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\default-search.xml [2014-08-28]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Groovorio.xml [2014-09-24]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Mysearchdial.xml [2014-04-02]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\search.xml [2014-11-26]
FF SearchPlugin: C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\trovi-search.xml [2014-08-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\f89a3bdc7d1ebfc414bac8611651a5c3 [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gpiifgmgnfdiblgpaepbmfdkcheicgof] - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Darwin\AppData\Local\Slick Savings\coupons.crx [2014-05-10]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
R2 Live Malware Protection; C:\Windows\mlwps.exe [242688 2015-04-14] (SecureSoft) [] <==== ATTENTION
R2 PrivoxyService; C:\Program Files (x86)\Gamma Task Menager\privoxy.exe [371200 2015-04-14] (The Privoxy team - www.privoxy.org) [] <==== ATTENTION
S2 Util ConstaSurf; "C:\Program Files (x86)\ConstaSurf\bin\utilConstaSurf.exe" [X]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-04-24] (StdLib)
Task: {13A4E578-0A3B-4B5D-A96C-34E199C00C83} - System32\Tasks\Malware Cleaner => C:\Users\FAM\AppData\Roaming\313A.tmp.exe [2015-04-14] () <==== ATTENTION
Task: {B45CC53E-47DD-4069-B5B0-2A25A9021668} - System32\Tasks\System Installer => C:\Users\FAM\AppData\Local\Updater\winupd.exe [2015-04-14] () <==== ATTENTION
Task: {D7607ACD-31C0-4461-B6E1-68DB85964ED2} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {F2867B33-8D98-4FCC-A698-62CC772FC80A} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {EDD41146-CC8B-4830-A5D5-8171DCBD5E98} - System32\Tasks\Gamma Task Menager Service => C:\Program Files (x86)\Gamma Task Menager\ gtrsecure.exe
2015-05-04 21:00 - 2015-04-14 22:43 - 00000000 ____D () C:\Users\FAM\AppData\Roaming\Getprivate VPN
2015-05-04 21:00 - 2015-04-14 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN
C:\Program Files (x86)\FastClean PRO
C:\Program Files\OutfoxTV
C:\Program Files (x86)\MyPC Backup
C:\ProgramData\WeCareReminder
C:\Program Files (x86)\Mysearchdial
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Gamma Task Menager
C:\Program Files (x86)\ConstaSurf
C:\Users\Darwin\AppData\Local\Slick Savings
C:\Program Files (x86)\Pro PC Cleaner
C:\ProgramData\WeCareReminder
2015-04-14 22:31 - 2015-04-14 22:31 - 0000000 _____ () C:\Users\FAM\AppData\Roaming\313A.tmp
2015-04-14 22:31 - 2015-04-14 22:31 - 0803840 _____ () C:\Users\FAM\AppData\Roaming\313A.tmp.exe
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state off
RemoveProxy:
Hosts:
EmptyTemp:

*****************

Restore point was successfully created.
[2680] C:\Program Files (x86)\Gamma Task Menager\privoxy.exe => Process closed successfully.
[2300] C:\Windows\mlwps.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_234 => value Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fastclean => value Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV => value Removed successfully
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e30b19b0-3440-11e4-8cd8-9cb70d9d0814}" => key Removed successfully
HKCR\CLSID\{e30b19b0-3440-11e4-8cd8-9cb70d9d0814} => key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => key Removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => key Removed successfully
C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk => Moved successfully.
C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe not found.
C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk => Moved successfully.
C:\Users\FAM\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key Removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key Removed successfully
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}" => key Removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key Removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => key Removed successfully
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key Removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key Removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key Removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key Removed successfully
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}" => key Removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key Removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => key Removed successfully
HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => key not found.
"HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key Removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => key Removed successfully
"HKCR\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}" => key Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}" => key Removed successfully
"HKCR\Wow6432Node\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}" => key Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} => value Removed successfully
"HKCR\Wow6432Node\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}" => key Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
Firefox DefaultSearchEngine Removed successfully
Firefox SearchEngineOrder.1 Removed successfully
Firefox SelectedSearchEngine Removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\user.js => Moved successfully.
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\ask-search.xml => Moved successfully.
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\default-search.xml => Moved successfully.
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Groovorio.xml => Moved successfully.
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\search.xml => Moved successfully.
C:\Users\FAM\AppData\Roaming\Mozilla\Firefox\Profiles\13xoo1vz.default\searchplugins\trovi-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\f89a3bdc7d1ebfc414bac8611651a5c3 => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj" => key Removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof" => key Removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj" => key Removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk" => key Removed successfully
C:\Users\Darwin\AppData\Local\Slick Savings\coupons.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp" => key Removed successfully
C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx => Moved successfully.
Live Malware Protection => Service Removed successfully
PrivoxyService => Service Removed successfully
Util ConstaSurf => Service Removed successfully
{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64 => Service stopped successfully.
{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64 => Service Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13A4E578-0A3B-4B5D-A96C-34E199C00C83}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A4E578-0A3B-4B5D-A96C-34E199C00C83}" => key Removed successfully
C:\Windows\System32\Tasks\Malware Cleaner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B45CC53E-47DD-4069-B5B0-2A25A9021668}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B45CC53E-47DD-4069-B5B0-2A25A9021668}" => key Removed successfully
C:\Windows\System32\Tasks\System Installer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Installer" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7607ACD-31C0-4461-B6E1-68DB85964ED2}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7607ACD-31C0-4461-B6E1-68DB85964ED2}" => key Removed successfully
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2867B33-8D98-4FCC-A698-62CC772FC80A}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2867B33-8D98-4FCC-A698-62CC772FC80A}" => key Removed successfully
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDD41146-CC8B-4830-A5D5-8171DCBD5E98}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDD41146-CC8B-4830-A5D5-8171DCBD5E98}" => key Removed successfully
C:\Windows\System32\Tasks\Gamma Task Menager Service => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gamma Task Menager Service" => key Removed successfully
C:\Users\FAM\AppData\Roaming\Getprivate VPN => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN => Moved successfully.
"C:\Program Files (x86)\FastClean PRO" => File/Folder not found.
"C:\Program Files\OutfoxTV" => File/Folder not found.
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
C:\ProgramData\WeCareReminder => Moved successfully.
C:\Program Files (x86)\Mysearchdial => Moved successfully.
C:\Program Files (x86)\Common Files\Spigot => Moved successfully.
C:\Program Files (x86)\Gamma Task Menager => Moved successfully.
C:\Program Files (x86)\ConstaSurf => Moved successfully.
C:\Users\Darwin\AppData\Local\Slick Savings => Moved successfully.
"C:\Program Files (x86)\Pro PC Cleaner" => File/Folder not found.
"C:\ProgramData\WeCareReminder" => File/Folder not found.
C:\Users\FAM\AppData\Roaming\313A.tmp => Moved successfully.
C:\Users\FAM\AppData\Roaming\313A.tmp.exe => Moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{315E9754-810B-4792-92FB-01580519575E} canceled.
{5EE8420F-ABE0-436F-BFAD-943A13C05CF7} canceled.
{7ADC47FD-ED91-4415-B737-D52030529780} canceled.
{D8D7D432-379F-46D2-96E5-840FE54D7277} canceled.
{DC979049-9673-4013-AC13-98B37BCA89AA} canceled.
{19A92C65-5EB3-41C7-B1E3-851FCE00F737} canceled.
{31E41449-817F-421F-84D7-240BB45E4E5D} canceled.
{E9534477-6744-4449-906B-E68AF5F7FE25} canceled.
{10624F15-BEB0-4ED3-BC81-F721EF9FDA72} canceled.
{432FA627-C30F-4124-9803-33DDEA84E48C} canceled.
{DF57BEBC-D29B-4EFC-BD3A-92CE38B55FF9} canceled.
{28B32B12-8852-486C-8997-9574B475E1D2} canceled.
{15314795-1DB5-4FF1-932E-2DF611056BFC} canceled.
{1A703F09-6A38-4ACC-B6F5-BCF67E686769} canceled.
{2DB75519-08F9-40D4-BA20-1664946CBD0A} canceled.
{138E6E21-2F0E-406F-B92B-D4273E8C2030} canceled.
{14C6B410-8F2E-4921-883F-96E37DD9F44C} canceled.
{80B3E98F-959B-4128-9D7C-3E1AAA9697A3} canceled.
{02EAA3C4-6BA4-416D-AEF0-6A82D086B97E} canceled.
19 out of 19 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state off =========

Ok.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-1926916054-430606287-3612663155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 2.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:10:36 ====


  • 0

#8
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

wow much faster


  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23
 

wow much faster

Good news. We still have a bit to do.

Next steps are to run Junkware Removal Tool and AdwCleaner.


Step1 - Junkware Removal Tool

Download Junkware Removal Tool by thisisu and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - AdwCleaner


Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    AdwCleaner.png
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
  • Please copy (Ctrl+C) and paste (Ctrl+V) this in your next reply.


    Things for your next post:
  • JRT.txt
  • adwCleaner[S*].txt
  • How is your computer running now and are you still experiencing pop ups?

  • 0

#10
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 7 Home Premium x64
Ran by FAM on Sun 05/24/2015 at 23:13:57.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] yahooauservice
Successfully deleted: [Service] yahooauservice



~~~ Tasks

Failed to delete: [Task] C:\Windows\tasks\ImCleanDisabled



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util ConstaSurf



~~~ Files

Successfully deleted: [File] C:\end
Successfully deleted: [File] C:\Windows\system32\drivers\netfilter64.sys
Successfully deleted: [File] C:\Windows\system32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
Successfully deleted: [File] C:\Windows\system32\roboot64.exe



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\FAM\appdata\local\{77ECC401-78B5-47D7-AE1B-6AE11712C42D}
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\FAM\appdata\local\com
Successfully deleted: [Folder] C:\Users\FAM\appdata\local\globalupdate
Successfully deleted: [Folder] C:\Users\FAM\appdata\local\pro_pc_cleaner
Successfully deleted: [Folder] C:\Users\FAM\appdata\locallow\datamngr
Successfully deleted: [Folder] C:\Users\FAM\AppData\Roaming\mysearchdial
Successfully deleted: [Folder] C:\Users\FAM\AppData\Roaming\opencandy
Successfully deleted: [Folder] C:\Users\FAM\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\FAM\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\FAM\documents\propccleaner



~~~ FireFox

Successfully deleted: [File] C:\Users\FAM\AppData\Roaming\mozilla\firefox\profiles\13xoo1vz.default\searchplugins\yahoo_ff.xml
Successfully deleted the following from C:\Users\FAM\AppData\Roaming\mozilla\firefox\profiles\13xoo1vz.default\prefs.js

user_pref(extensions.crossrider.bic, 1481ffa5c7c4729ed1a026ea90d1be03);
Emptied folder: C:\Users\FAM\AppData\Roaming\mozilla\firefox\profiles\13xoo1vz.default\minidumps [173 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/24/2015 at 23:17:46.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

Advertisements


#11
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

ad ware failed to download for some reason


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Try this link here for adwCleaner.

Click on the blue Download Now adwCleaner button on right hand side of screen.

Download to desktop and follow the instructions from step2 in post#9.

Copy and Paste the report in your next reply. Also give me an update on how your computer is doing now - any popups still happening etc.

Thanks
  • 0

#13
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

same result says failed


  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dssole23

Try disabling your McAfee anti virus first before downloading adwCleaner, it may be interfering with the download. Instructions on how to disable McAfee can be found here .

Then

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    AdwCleaner.png
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
  • Please copy (Ctrl+C) and paste (Ctrl+V) this in your next reply.

    Thanks

  • 0

#15
dssole23

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 18:08:26
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : FAM - FAM-HP
# Running from : C:\Users\FAM\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\Program Files\RrFilter
Folder Deleted : C:\Users\Darwin\AppData\Local\Browsersafeguard
Folder Deleted : C:\Users\Darwin\AppData\Local\SevereWeatherAlerts
Folder Deleted : C:\Users\Darwin\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Darwin\AppData\Local\Weather_Notifications,_LL
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Darwin\AppData\Roaming\genieo
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\genieo
Folder Deleted : C:\Users\FAM\AppData\Local\Updater
Folder Deleted : C:\Users\FAM\AppData\Local\TNT2
Folder Deleted : C:\Users\FAM\AppData\Roaming\Activeris
Folder Deleted : C:\Users\FAM\AppData\Roaming\FirefoxToolbar
Folder Deleted : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\Extensions\[email protected]
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\Extensions\[email protected]
File Deleted : C:\Windows\mlwps.exe
File Deleted : C:\Users\Darwin\Desktop\Genieo.lnk
File Deleted : C:\Users\Darwin\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Darwin\Desktop\Sync Folder.lnk
File Deleted : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\searchplugins\Groovorio.xml
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\searchplugins\Groovorio.xml
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\searchplugins\yahoo_ff.xml
File Deleted : C:\Users\b\AppData\Roaming\Mozilla\Firefox\Profiles\d9n2056w.default\user.js
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\a2r80klb.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : TidyNetwork Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\GameHugArcadeApp
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\AppDataLow\Software\RrSavings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\mysearchdial
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\RrSavings
Key Deleted : [x64] HKLM\SOFTWARE\System Optimizer Pro
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\default-search.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\groovorio.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[d9n2056w.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11408&pf=V7&trgb=FF&p2=%5EBBG%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBG&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ff_32.0.3[...]
[a2r80klb.default\prefs.js] - Line Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sale A Day\",\"autordr\":1,\"n\":\"3\",\"td\":1.5},\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\[...]
[a2r80klb.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://groovorio.com/?f=1&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0DtDzztCyEyDyD0AyCtN0D0Tzu0SzyzyzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1V[...]
[a2r80klb.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [12963 bytes] - [25/05/2015 18:06:56]
AdwCleaner[S0].txt - [12698 bytes] - [25/05/2015 18:08:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12758  bytes] ##########
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: spyware, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP