This topic is locked
A lady at my church asked me to look at her laptop because there were 'tons of pop-ups'. She had no idea how to look things over. She said her grandson had been using it the last time he visited and she wondered if it was something he had done. When I looked it over, I noticed a bunch of programs and toolbars that I wouldn't have put on it.
I have run the first 2 scans as required
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Kathy (administrator) on KATHY-PC (19-08-2015 10:07:20)
Running from C:\Users\Kathy\Desktop
Loaded Profiles: Kathy (Available Profiles: Kathy)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\shopperz12072015\Igivkorcb.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files\shopperz12072015\Bzvra.exe
() C:\Program Files\shopperz12072015\Bzvra64.exe
(Cinema PlusV13.07) C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-6.exe
() C:\Users\Kathy\AppData\Local\ospd_us_014010029\upospd_us_014010029.exe
(Cinema PlusV18.07) C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.exe
(Cinema PlusV13.07) C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-6.exe
(HQ-VideoV12.07) C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-1-6.exe
(HQ-VideoV12.07) C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-6.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(ConsumerInput) C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
(EpsanDrive) C:\ProgramData\EpsanDrive\EpsanDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(EpsanDrive) C:\ProgramData\EpsanDrive\EpsanDrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CLICK YES BELOW LP) C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe
(PU-App) C:\Users\Kathy\AppData\Local\yva2vtutzeljbjh\yxa2bzvwzf9jdth.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(SoftBrain Technologies Ltd.) C:\Users\Kathy\AppData\Local\SmartWeb\SmartWebHelper.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
() C:\Program Files (x86)\msrtn32\msrtn32.exe
() C:\Program Files (x86)\gmsd_us_005010030\gmsd_us_005010030.exe
() C:\Program Files (x86)\Smwyyntm1ndi1zdz\ywi2mzv2zhnjbdh.exe
() C:\Program Files (x86)\gmsd_us_005010031\gmsd_us_005010031.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files\shopperz12072015\csrcc.exe
() C:\Program Files (x86)\dataup\dataup.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella234.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella234.exe
() C:\Program Files\shopperz12072015\ZazyjiKotn.exe
(Copyright © Microsoft 2015) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(myradioplayer) C:\Program Files (x86)\RadPlayer\myradioplayer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
() C:\Program Files (x86)\msrtn32\cdhtr.exe
() C:\Users\Kathy\AppData\Local\5670549A-1436745948-DE00-E918-1C7508113231\cnsh175B.tmp
() C:\Users\Kathy\AppData\Roaming\ASPackage\ASSrv.exe
() C:\Program Files\shopperz12072015\Xzeexmh.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
() C:\Program Files (x86)\StormWatch\StormWatchSrv.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
() C:\ProgramData\1436760085\s9.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files\WajIEn\wajam_64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\WajIEn\wajam.exe
() C:\Program Files\WajIEn\wajam_64.exe
(WS) C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe
(RadPlayer) C:\Program Files (x86)\RadPlayer\RadPlayerSvc.exe
(Valid Applications) C:\ProgramData\caGSSMRD\REhsGdKiASD.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\shopperz12072015\Cofvopjy.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Users\Kathy\AppData\Local\5670549A-1436745948-DE00-E918-1C7508113231\ansh1316.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\Kathy\AppData\Local\Temp\20150713\ct.exe
(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe
(SoftBrain Technologies Ltd.) C:\Users\Kathy\AppData\Local\SmartWeb\SmartWebApp.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
( ) C:\Users\Kathy\AppData\Roaming\ASPackage\ASPackage.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\Discover.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-01-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-12] (Adobe Systems Incorporated)
HKLM\...\Run: [RadPlayer Tray] => C:\Program Files (x86)\RadPlayer\TyV1.exe [294824 2015-05-29] (RadPlayer)
HKLM\...\Run: [shopperz12072015] => C:\Program Files\shopperz12072015\Bzvra.exe [433512 2015-07-13] ()
HKLM\...\Run: [shopperz1207201564] => C:\Program Files\shopperz12072015\Bzvra64.exe [464744 2015-07-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StormWatch] => C:\Program Files (x86)\StormWatch\StormWatchApp.exe [1556504 2015-04-10] ()
HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [1162240 2015-06-26] ()
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1221120 2015-06-28] ()
HKLM-x32\...\Run: [WinCheck] => C:\Users\Kathy\AppData\Local\5670549A-1436745935-DE00-E918-1C7508113231\bnshDF4A.exe [350720 2015-06-24] ()
HKLM-x32\...\Run: [gmsd_us_005010030] => C:\Program Files (x86)\gmsd_us_005010030\gmsd_us_005010030.exe [3986064 2015-07-13] ()
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\ywi2mzv2zhnjbdh.exe [2422272 2015-07-13] ()
HKLM-x32\...\Run: [gmsd_us_005010031] => C:\Program Files (x86)\gmsd_us_005010031\gmsd_us_005010031.exe [3985552 2015-07-14] ()
HKLM-x32\...\Run: [MovieDea] => C:\Program Files (x86)\MovieDea\MovieDea.exe [3184640 2015-06-03] (MovieDea)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Kathy\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\RunOnce: [upospd_us_014010029.exe] => C:\Users\Kathy\AppData\Local\ospd_us_014010029\upospd_us_014010029.exe [3287696 2015-07-12] ()
HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\Run: [NinjaLoader] => C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe [1575016 2015-07-02] (CLICK YES BELOW LP)
HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-03] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [246544 2015-07-02] (Client Connect LTD)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [213776 2015-07-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [805376 2015-07-13] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\EpsanDrive\EpsanDrive32.dll => C:\ProgramData\EpsanDrive\EpsanDrive32.dll [805376 2015-07-08] (EpsanDrive)
AppInit_DLLs-x32: C:\PROGRA~3\{63B88~1\1173~1.1\tiso.dll => "C:\PROGRA~3\{63B88~1\1173~1.1\tiso.dll" File not found
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk [2015-07-18]
ShortcutTarget: bm.lnk -> C:\Users\Kathy\AppData\Local\yva2vtutzeljbjh\yxa2bzvwzf9jdth.exe (PU-App)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-07-13]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (No File)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-18]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Kathy\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk [2015-07-12]
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-171533428-321824291-3300133993-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-ob-rhb-29__alt__ddc_dsssyc_bd_com
HKU\S-1-5-21-171533428-321824291-3300133993-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-171533428-321824291-3300133993-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_26&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtC0EzztD0BzzyCtByDyDtAtN0D0Tzu0StCtByBtAtN1L2XzutAtFtCtCtFtAtFtCtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StB0A0BtCtCyB0C0BtGyCyCtAtAtG0Azz0BtBtGyEzzyCzytGtBzz0C0ByE0DyB0BtA0D0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0E0DyC0E0DzytBtGtBtD0D0FtGyE0FtA0EtG0B0AtB0EtGyEzy0AtByByEzzyC0F0E0FtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzztBtB&cr=1202157401&ir=
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-ob-rhb-29__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=8437c40c-c891-4a5e-8eea-ca8568502d51&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-171533428-321824291-3300133993-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M1890E6BC-BF65-41CA-B1ED-FCA8EC054D11&SearchSource=58&CUI=&UM=8&UP=SPA98636E4-750F-401C-BC08-F5A740811DAD&D=071415&q={searchTerms}&SSPV=SP30339T2B_sp_ie
SearchScopes: HKU\S-1-5-21-171533428-321824291-3300133993-1000 -> {BC4A5ADC-08EE-4734-9171-5A5035FF16D7} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-07-18] (IObit)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll [2015-06-10] (SIEN)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-06-25] (Compete, Inc.)
BHO: shopperz12072015 -> {c49ac435-5c4d-450f-aa56-cd31f96613b3} -> C:\Program Files\shopperz12072015\Eixrizl64.dll [2015-07-13] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-27] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll [2015-06-10] (SIEN)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-06-25] (Compete, Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: shopperz12072015 -> {c49ac435-5c4d-450f-aa56-cd31f96613b3} -> C:\Program Files\shopperz12072015\Eixrizl.dll [2015-07-13] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-27] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Cofvopjy.dll [279040 2015-07-14] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Cofvopjy.dll [279040 2015-07-14] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Cofvopjy.dll [279040 2015-07-14] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Cofvopjy.dll [279040 2015-07-14] ()
Winsock: Catalog9 05 C:\Windows\SysWOW64\myradioplayer.dll [358824 2015-07-12] (myradioplayer)
Winsock: Catalog9 06 C:\Windows\SysWOW64\myradioplayer.dll [358824 2015-07-12] (myradioplayer)
Winsock: Catalog9 07 C:\Windows\SysWOW64\myradioplayer.dll [358824 2015-07-12] (myradioplayer)
Winsock: Catalog9 08 C:\Windows\SysWOW64\myradioplayer.dll [358824 2015-07-12] (myradioplayer)
Winsock: Catalog9 19 C:\Windows\SysWOW64\myradioplayer.dll [358824 2015-07-12] (myradioplayer)
Winsock: Catalog9 20 C:\Windows\SysWOW64\Cofvopjy.dll [279040 2015-07-14] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\myradioplayer64.dll [465320 2015-07-12] (myradioplayer)
Winsock: Catalog9-x64 02 C:\Windows\system32\myradioplayer64.dll [465320 2015-07-12] (myradioplayer)
Winsock: Catalog9-x64 03 C:\Windows\system32\myradioplayer64.dll [465320 2015-07-12] (myradioplayer)
Winsock: Catalog9-x64 04 C:\Windows\system32\myradioplayer64.dll [465320 2015-07-12] (myradioplayer)
Winsock: Catalog9-x64 15 C:\Windows\system32\myradioplayer64.dll [465320 2015-07-12] (myradioplayer)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{13BA7357-F3CB-44DF-94FB-47B6BD1FF704}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D464E0FB-F200-41A0-A115-BF3ED0CBE42C}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems)
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-19] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-19] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-171533428-321824291-3300133993-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司)
FF Plugin HKU\S-1-5-21-171533428-321824291-3300133993-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kathy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{c49ac435-5c4d-450f-aa56-cd31f96613b3}] - C:\Program Files\shopperz12072015\Firefox
FF Extension: shopperz12072015 - C:\Program Files\shopperz12072015\Firefox [2015-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{c49ac435-5c4d-450f-aa56-cd31f96613b3}] - C:\Program Files\shopperz12072015\Firefox
FF HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12191.xpi [2015-06-25]
FF HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Ninja Loader\FireFox
FF Extension: NinjaLoader - C:\Program Files (x86)\Ninja Loader\FireFox [2015-07-13]
Chrome:
=======
CHR Profile: C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HQCinema Pro 2.1V12.07) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-07-12]
CHR Extension: (CinemaPlus-3.2cV13.07) - C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-07-13]
CHR HKLM-x32\...\Chrome\Extension: [adpeheiliennogfclcgmchdfdmafjegc] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nociobghckdhokecfeajdpimjeapnopn] - https://clients2.goo...ice/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 46784c7a-2afb-4c2f-b299-133de9a46a66; C:\Program Files\shopperz12072015\Igivkorcb.exe [285544 2015-07-13] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 c31ed948; c:\Program Files (x86)\Optimizer Pro 3.99\OptProMon.dll [2570896 2015-07-13] () <==== ATTENTION
R3 Cofvopjy; C:\Program Files\shopperz12072015\Cofvopjy.exe [2020864 2015-07-13] () [File not signed]
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-07-12] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-07-12] (ConsumerInput)
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 csrcc; C:\Program Files\shopperz12072015\csrcc.exe [1448808 2015-07-13] ()
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-06-29] () [File not signed] <==== ATTENTION
S2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [814080 2015-07-13] (FlashBeat) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-19] (globalUpdate) [File not signed] <==== ATTENTION
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2015-07-02] (SIEN S.A.)
R2 IMService; C:\Program Files (x86)\Common Files\Umbrella\Umbrella234.exe [5315224 2015-07-02] (Iminent)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
R2 LosdyLijfeu; C:\Program Files\shopperz12072015\ZazyjiKotn.exe [171920 2015-07-13] () [File not signed]
R2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [3003880 2015-07-05] (Copyright © Microsoft 2015)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 myradioplayer; C:\Program Files (x86)\RadPlayer\myradioplayer.exe [3904936 2015-05-29] (myradioplayer)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-07-02] (Ninja Soft Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RadPlayerV1; C:\Program Files (x86)\RadPlayer\RadPlayerSvc.exe [323496 2015-05-29] (RadPlayer)
S2 RadPlayerV2; C:\Program Files (x86)\RadPlayer\RadPlayer.Service.exe [78248 2015-05-29] (RadPlayer)
R2 REhsGdKiASD; C:\ProgramData\caGSSMRD\REhsGdKiASD.exe [2732288 2015-07-13] (Valid Applications)
R2 relibily; C:\Users\Kathy\AppData\Local\5670549A-1436745948-DE00-E918-1C7508113231\cnsh175B.tmp [219136 2015-07-13] () [File not signed]
R2 serveras; C:\Users\Kathy\AppData\Roaming\ASPackage\ASSrv.exe [183808 2015-07-13] () [File not signed]
R2 shopperz12072015 Updater; C:\Program Files\shopperz12072015\Xzeexmh.exe [174952 2015-07-13] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [837312 2015-06-04] (Valve Corporation) [File not signed]
R2 StormWatch Update Service; C:\Program Files (x86)\StormWatch\StormWatchSrv.exe [586264 2015-04-10] ()
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-22] (Weather Protector LLC)
R2 UdvdPork; C:\ProgramData\1436760085\s9.exe [404480 2015-04-07] () [File not signed]
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-07-12] ()
R2 WajIEn Monitor; C:\Program Files\WajIEn\wajam_64.exe [1997824 2015-07-13] () [File not signed]
S2 wbsvc; C:\Program Files\WebBar\wbsvc.exe [37144 2015-02-18] (Web Bar Media)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-09-15] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Kathy\AppData\Local\Temp\20150713\ct.exe [848384 2015-06-29] (Google Inc.) [File not signed]
R2 wssvc_1.10.0.20; C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe [300120 2015-07-06] (WS)
S2 SMUpdPlus; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2015-07-14] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [722488 2014-12-29] (Conexant Systems Inc.)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-07-28] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SMUpdd; no ImagePath
S1 vfbhiosb; C:\Windows\system32\drivers\vfbhiosb.sys [55168 2015-08-16] (Microsoft Corporation)
R1 wsfd_vt_1_10_0_20; C:\Windows\System32\drivers\wsfd_vt_1_10_0_20.sys [61312 2015-07-06] (WS)
R1 ywi2mzv2zhnjbdh; C:\Windows\System32\drivers\ywi2mzv2zhnjbdh.sys [50520 2015-07-13] (Windows ® Win 7 DDK provider)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-19 10:07 - 2015-08-19 10:08 - 00030994 _____ C:\Users\Kathy\Desktop\FRST.txt
2015-08-19 09:46 - 2015-08-19 10:07 - 00000000 ____D C:\FRST
2015-08-19 09:46 - 2015-08-19 09:35 - 02173440 _____ (Farbar) C:\Users\Kathy\Desktop\FRST64.exe
2015-08-16 16:50 - 2015-08-16 16:50 - 00055168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vfbhiosb.sys
2015-08-16 16:39 - 2015-08-16 16:39 - 00000000 ____D C:\Users\Kathy\AppData\Local\CEF
2015-07-28 20:31 - 2015-08-19 09:37 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Kathy
2015-07-28 20:15 - 2015-07-28 20:16 - 00000000 ____D C:\Program Files (x86)\GUMBFC5.tmp
2015-07-28 20:15 - 2015-07-28 20:15 - 06420480 _____ C:\Program Files (x86)\GUTC294.tmp
2015-07-28 20:15 - 2015-07-28 20:15 - 00000010 _____ C:\Windows\TEMPcoral.vbs
2015-07-28 20:15 - 2015-07-28 20:15 - 00000000 ____D C:\ProgramData\Ninja Loader
2015-07-28 20:10 - 2015-07-28 20:42 - 00118082 _____ C:\Windows\SysWOW64\debug.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-19 10:08 - 2015-07-12 23:59 - 00000360 _____ C:\Windows\Tasks\CIMT_S-1-5-21-171533428-321824291-3300133993-1000.job
2015-08-19 10:05 - 2015-07-19 00:04 - 00002112 _____ C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-10_user.job
2015-08-19 10:05 - 2015-07-12 23:56 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-19 10:04 - 2015-07-13 12:59 - 00000342 ____H C:\Windows\Tasks\GLQHQICXMFBVKQCB.job
2015-08-19 10:01 - 2015-07-12 23:56 - 00000968 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-08-19 09:58 - 2015-07-12 23:58 - 00003140 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-1-6.job
2015-08-19 09:57 - 2015-07-12 23:57 - 00005520 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-6.job
2015-08-19 09:55 - 2015-07-12 23:55 - 00002114 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-10_user.job
2015-08-19 09:51 - 2014-12-20 23:49 - 02021084 _____ C:\Windows\WindowsUpdate.log
2015-08-19 09:48 - 2009-07-14 01:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-19 09:46 - 2015-04-20 03:00 - 00006681 _____ C:\Windows\setupact.log
2015-08-19 09:44 - 2015-01-03 14:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-19 09:40 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 09:40 - 2009-07-14 00:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 09:39 - 2014-12-29 14:58 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-19 09:37 - 2015-01-10 14:38 - 00002860 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2015-08-19 09:33 - 2015-07-13 13:29 - 00003254 _____ C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-08-19 09:32 - 2015-07-13 13:09 - 00002112 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-10_user.job
2015-08-16 22:53 - 2015-07-19 00:13 - 00005862 _____ C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.job
2015-08-16 22:53 - 2015-07-13 13:13 - 00003138 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-6.job
2015-08-16 22:53 - 2015-07-13 13:12 - 00005518 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-6.job
2015-08-16 22:52 - 2015-07-09 23:44 - 00000000 ____D C:\Users\Kathy\AppData\Roaming\Skype
2015-08-16 16:50 - 2015-07-13 00:01 - 00000000 ____D C:\Program Files (x86)\baidu
2015-08-16 16:46 - 2015-04-14 12:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-16 16:45 - 2015-04-14 12:14 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-16 16:40 - 2015-07-12 11:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-16 16:40 - 2015-06-30 18:46 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-16 16:40 - 2015-06-30 18:16 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-08-16 16:39 - 2015-07-19 00:04 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-08-16 16:39 - 2015-07-14 14:16 - 00004704 _____ C:\Windows\SysWOW64\Cofvopjy.ini
2015-08-16 16:39 - 2015-07-14 14:16 - 00002416 _____ C:\Windows\SysWOW64\CofvopjyOff.ini
2015-08-16 16:39 - 2015-07-14 14:16 - 00002416 _____ C:\Windows\system32\CofvopjyOff.ini
2015-08-16 16:37 - 2015-07-13 00:01 - 00000000 ____D C:\Users\Kathy\AppData\Local\ospd_us_014010029
2015-08-16 16:36 - 2015-07-13 12:15 - 00000000 ____D C:\Users\Kathy\AppData\Local\mstrn32
2015-08-16 16:34 - 2015-07-13 13:15 - 00000996 _____ C:\Windows\Tasks\WdEL9n2eiowr.job
2015-08-16 16:34 - 2015-07-12 23:59 - 00000986 _____ C:\Windows\Tasks\FYLVp79.job
2015-08-16 16:33 - 2015-07-19 00:13 - 00005518 _____ C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-7.job
2015-08-16 16:33 - 2015-07-19 00:07 - 00004494 _____ C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-3.job
2015-08-16 16:33 - 2015-07-13 13:15 - 00002446 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5_user.job
2015-08-16 16:33 - 2015-07-13 13:14 - 00002446 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5.job
2015-08-16 16:33 - 2015-07-13 13:13 - 00003474 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-7.job
2015-08-16 16:33 - 2015-07-13 13:12 - 00005518 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-7.job
2015-08-16 16:33 - 2015-07-13 13:10 - 00004494 _____ C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-3.job
2015-08-16 16:33 - 2015-07-13 13:07 - 00001056 _____ C:\Windows\Tasks\Crossbrowse.job
2015-08-16 16:33 - 2015-07-12 23:59 - 00002448 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-5_user.job
2015-08-16 16:33 - 2015-07-12 23:59 - 00002448 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-5.job
2015-08-16 16:33 - 2015-07-12 23:58 - 00003476 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-1-7.job
2015-08-16 16:33 - 2015-07-12 23:57 - 00005184 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-7.job
2015-08-16 16:33 - 2015-07-12 23:56 - 00004496 _____ C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-3.job
2015-08-16 16:33 - 2015-07-12 23:56 - 00000970 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-16 16:33 - 2015-07-12 23:56 - 00000964 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-08-16 16:33 - 2015-07-12 23:55 - 00000342 ____H C:\Windows\Tasks\JWRTYVMXFBIVCPWL.job
2015-08-16 16:33 - 2015-07-12 23:55 - 00000336 _____ C:\Windows\Tasks\NLSAGZR1.job
2015-08-16 16:33 - 2014-12-29 14:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 16:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-16 16:30 - 2015-06-30 18:16 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-07-28 20:42 - 2014-12-29 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-07-28 20:22 - 2015-07-13 16:29 - 00003444 _____ C:\Windows\System32\Tasks\Epuifuuva
2015-07-28 20:15 - 2015-07-13 12:08 - 00000000 ____D C:\Users\Kathy\AppData\Local\Ninja Loader
2015-07-28 20:15 - 2015-01-18 22:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 20:15 - 2014-12-29 14:58 - 00000000 ____D C:\ProgramData\IObit
2015-07-28 20:12 - 2014-12-29 14:58 - 00000000 ____D C:\ProgramData\ProductData
2015-07-28 20:08 - 2015-07-19 00:16 - 00005086 _____ C:\Windows\Tasks\temp_5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.job
2015-07-28 20:05 - 2015-04-20 03:00 - 00552878 _____ C:\Windows\PFRO.log
==================== Files in the root of some directories =======
2015-07-28 20:15 - 2015-07-28 20:15 - 6420480 _____ () C:\Program Files (x86)\GUTC294.tmp
2015-07-18 21:58 - 2015-07-18 21:58 - 6420480 _____ () C:\Program Files (x86)\GUTFD53.tmp
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kathy\AppData\Roaming\FYLVp79
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kathy\AppData\Roaming\FYLVp79.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kathy\AppData\Roaming\WdEL9n2eiowr
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kathy\AppData\Roaming\WdEL9n2eiowr.exe
2015-07-13 13:52 - 2015-07-13 13:52 - 0613255 _____ (CMI Limited) C:\Users\Kathy\AppData\Local\nsiBAD8.tmp
2015-01-03 14:00 - 2015-01-03 14:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\2147.exe
C:\Users\Kathy\AppData\Local\Temp\2707.exe
C:\Users\Kathy\AppData\Local\Temp\3087.exe
C:\Users\Kathy\AppData\Local\Temp\6380.exe
C:\Users\Kathy\AppData\Local\Temp\879.exe
C:\Users\Kathy\AppData\Local\Temp\9474.exe
C:\Users\Kathy\AppData\Local\Temp\9984.exe
C:\Users\Kathy\AppData\Local\Temp\avg3D5E.exe
C:\Users\Kathy\AppData\Local\Temp\bitool.dll
C:\Users\Kathy\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Kathy\AppData\Local\Temp\Cracked Steam__10924_i1556117268_il1622702.exe
C:\Users\Kathy\AppData\Local\Temp\Cracked Steam__10924_i1556117269_il1622702.exe
C:\Users\Kathy\AppData\Local\Temp\fsdD549.exe
C:\Users\Kathy\AppData\Local\Temp\[email protected]
C:\Users\Kathy\AppData\Local\Temp\Launcher__13202.exe
C:\Users\Kathy\AppData\Local\Temp\links.exe
C:\Users\Kathy\AppData\Local\Temp\mVO9C0.exe
C:\Users\Kathy\AppData\Local\Temp\mVOE791.exe
C:\Users\Kathy\AppData\Local\Temp\MYPCBU.exe
C:\Users\Kathy\AppData\Local\Temp\oprun23877.exe
C:\Users\Kathy\AppData\Local\Temp\qqpcmgr_v10.10.16434.218_72819_Silence.exe
C:\Users\Kathy\AppData\Local\Temp\Search_Protect_NonSearch_setup.exe
C:\Users\Kathy\AppData\Local\Temp\setup.exe
C:\Users\Kathy\AppData\Local\Temp\setup3.exe
C:\Users\Kathy\AppData\Local\Temp\setup_644.exe
C:\Users\Kathy\AppData\Local\Temp\SpOrder.dll
C:\Users\Kathy\AppData\Local\Temp\supoptsetup.exe
C:\Users\Kathy\AppData\Local\Temp\Uninstall.exe
C:\Users\Kathy\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\Kathy\AppData\Local\Temp\updatetask.exe
C:\Users\Kathy\AppData\Local\Temp\vau3696.tmp.exe
C:\Users\Kathy\AppData\Local\Temp\ytb.exe
C:\Users\Kathy\AppData\Local\Temp\{F03E597C-5045-41C0-A02A-C5994E53D89F}-GoogleUpdateSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-03 19:53
==================== End of log ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Kathy (2015-08-19 10:09:11)
Running from C:\Users\Kathy\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-171533428-321824291-3300133993-500 - Administrator - Disabled)
Guest (S-1-5-21-171533428-321824291-3300133993-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-171533428-321824291-3300133993-1002 - Limited - Enabled)
Kathy (S-1-5-21-171533428-321824291-3300133993-1000 - Administrator - Enabled) => C:\Users\Kathy
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Blender (HKLM-x32\...\{69FE4B50-CA11-498A-9E9F-830B32AFE32C}) (Version: 2.75.0 - Blender Foundation)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Blur Megabyte (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - Blur Megabyte) <==== ATTENTION
CinemaPlus-3.2cV13.07 (HKLM-x32\...\CinemaPlus-3.2cV13.07) (Version: 1.36.01.22 - Cinema PlusV13.07) <==== ATTENTION
CinemaPlus-3.2cV18.07 (HKLM-x32\...\CinemaPlus-3.2cV18.07) (Version: 1.36.01.22 - Cinema PlusV18.07) <==== ATTENTION
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.32.0 - Conexant)
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
Coupoon version 1.0 (HKLM-x32\...\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1) (Version: 1.0 - Coupoon) <==== ATTENTION
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
EpsanDrive (HKLM-x32\...\EpsanDrive) (Version: - )
Etherium (HKLM-x32\...\Steam App 245370) (Version: - Tindalos Interactive)
FinanceAlert (HKLM-x32\...\FinanceAlert) (Version: 3.0.69 - Valid Applications)
FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION
Free Up Expand (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Free Up Expand) <==== ATTENTION
GamesDesktop 025.005010030 (HKLM-x32\...\gmsd_us_005010030_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GamesDesktop 025.005010031 (HKLM-x32\...\gmsd_us_005010031_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hades (HKLM-x32\...\Hades) (Version: 2.07.13.0 - Hades)
HQCinema Pro 2.1V12.07 (HKLM-x32\...\HQCinema Pro 2.1V12.07) (Version: 1.36.01.22 - HQ-VideoV12.07) <==== ATTENTION
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 7.48.4.1 - Iminent) <==== ATTENTION
IminentToolbar (HKLM-x32\...\IminentToolbar) (Version: 7.48.4.1 - Iminent) <==== ATTENTION
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft 1.8 1.00 (HKLM-x32\...\Minecraft 1.8 1.00) (Version: - )
MovieDea 1.0 (HKLM-x32\...\MovieDea) (Version: 1.0 - MovieDea)
MyPCBU version 2.25 (HKLM-x32\...\{7D7D6742-5B49-4454-9E9B-748E731E741A}_is1) (Version: 2.25 - )
Ninja Loader (HKLM-x32\...\Ninja Loader) (Version: 187.0.0.605 - CLICK YES BELOW LP)
OneSoftPerDay 025.014010029 (HKLM-x32\...\ospd_us_014010029_is1) (Version: - ONESOFTPERDAY)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: - )
Pro PC Cleaner (HKLM-x32\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ATTENTION
RadPlayer (HKLM-x32\...\RadPlayer) (Version: 4.0.1 - RadPlayer)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
s5mark (HKLM-x32\...\s5mark) (Version: 2.0.2 - s5mark)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.60.24 - Client Connect LTD) <==== ATTENTION
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
shopperz12072015 2.0.0.471 (HKLM\...\{c49ac435-5c4d-450f-aa56-cd31f96613b3}_is1) (Version: 2.0.0.471 - shopperz) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.1 - IObit)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StormWatch (HKLM-x32\...\StormWatch) (Version: 1.0.2.55 - StormWatch) <==== ATTENTION
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Wajam (HKLM-x32\...\WajIEn) (Version: 1.48.1.30 (i1.0) - Wajam) <==== ATTENTION
Web Bar 2.0.5527.25142 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5527.25142 - Web Bar Media) <==== ATTENTION
WordShark 1.10.0.20 (HKLM-x32\...\WordShark_1.10.0.20) (Version: 1.10.0.20 - WordShark) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-171533428-321824291-3300133993-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Restore Points =========================
20-12-2014 20:58:59 Windows Update
29-12-2014 14:54:52 Windows Update
29-12-2014 15:18:35 Driver Booster : ATI I/O Communications Processor SMBus Controller
29-12-2014 15:30:41 Windows Update
29-12-2014 15:40:24 avast! antivirus system restore point
02-01-2015 14:11:56 Windows Update
03-01-2015 12:58:20 Windows Update
03-01-2015 13:55:40 Driver Booster : ATI Mobility Radeon HD 4200
03-01-2015 14:01:52 Installed DirectX
03-01-2015 14:04:54 Installed DirectX
03-01-2015 15:23:04 Windows Update
06-01-2015 19:11:47 Windows Update
06-01-2015 19:17:20 Driver Booster : Standard Enhanced PCI to USB Host Controller
06-01-2015 22:54:53 Windows Update
10-01-2015 13:28:22 Windows Update
10-01-2015 18:49:20 Windows Modules Installer
10-01-2015 18:50:25 Windows Modules Installer
13-01-2015 22:52:49 Windows Update
13-01-2015 22:59:53 Windows Update
17-01-2015 00:03:55 Windows Update
20-01-2015 12:56:59 Windows Update
29-01-2015 11:58:47 Windows Update
01-02-2015 23:43:04 Windows Update
14-02-2015 16:18:57 Windows Update
18-02-2015 11:44:39 Windows Update
04-03-2015 00:24:41 Windows Update
04-03-2015 02:19:43 Windows Update
26-03-2015 17:04:54 Windows Update
26-03-2015 18:18:31 Windows Update
26-03-2015 21:34:16 Driver Booster : Microsoft USB Wheel Mouse Optical
27-03-2015 08:46:30 Windows Update
10-04-2015 17:25:05 Windows Update
14-04-2015 11:25:39 Windows Update
19-04-2015 22:49:10 Windows Update
20-04-2015 01:38:58 avast! antivirus system restore point
20-04-2015 02:35:11 Windows Update
02-05-2015 14:41:02 Windows Update
07-05-2015 11:42:49 Windows Update
19-05-2015 16:18:36 Windows Update
05-06-2015 09:25:54 Windows Update
16-06-2015 08:59:39 Windows Update
25-06-2015 14:46:09 Windows Update
26-06-2015 21:54:42 Windows Update
02-07-2015 11:44:52 Windows Update
06-07-2015 12:33:56 Windows Update
07-07-2015 18:32:29 Installed Blender
10-07-2015 12:20:24 Windows Update
11-07-2015 21:29:57 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
11-07-2015 21:30:39 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
12-07-2015 10:55:13 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-07-2015 10:57:03 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
13-07-2015 00:11:07 Windows Update
16-08-2015 16:42:10 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01A22A0D-37F6-4D85-A408-491ACA67BF31} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-6 => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-6.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {02956738-DE99-47D8-A6C6-DCEE22EE7C4B} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-7 => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-7.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {0473C0CA-9A3F-462C-9BB2-BB768544A91A} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-3 => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-3.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {0C67CC53-4D97-46D6-A447-A0C70698D63C} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-02-18] (Web Bar Media) <==== ATTENTION
Task: {12826CD3-979A-4778-9E55-62298738037F} - System32\Tasks\WdEL9n2eiowr => C:\Users\Kathy\AppData\Roaming\WdEL9n2eiowr.exe [2015-04-20] () <==== ATTENTION
Task: {13C77BBA-4D9D-4CC4-9783-0F09749EBC89} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {168DBC36-AAF6-4F39-8483-52C63048B4FE} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-3 => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-3.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {1BEAFD01-BB2F-4D5D-A4CB-F3456C100409} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-07-12] (ConsumerInput) <==== ATTENTION
Task: {1D2B5213-0A0B-4933-8409-5B6CCA9D31C4} - System32\Tasks\SMW_UpdateTask_Time_333833393739363037312d235b783432415b45345a2d6c => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {1EC32D4B-9503-4E11-9581-F33F5490D6C8} - System32\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-10.exe [2015-07-19] (Cinema PlusV18.07) <==== ATTENTION
Task: {25FCAB52-144F-4DF6-9ED8-A783CF9663E3} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5 => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {26C1D14B-D736-4340-AA04-29E5B0EE9912} - System32\Tasks\CIMT_S-1-5-21-171533428-321824291-3300133993-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-06-19] () <==== ATTENTION
Task: {2C86BA2E-43EA-43C1-9CC7-DC321BFFF485} - System32\Tasks\Snmix => C:\Program Files\shopperz12072015\Ubehsi.bat [2015-07-13] () <==== ATTENTION
Task: {325746AD-5A6F-430F-8E30-6CD44422ABDB} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-6.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {36F19701-E5F7-4483-856F-F95E73176541} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-1-6 => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-1-6.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {3C325D05-59F7-4AA8-A14C-0D30C25CACC4} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {41F7B16E-395A-4581-81BD-04F429088AC9} - System32\Tasks\Driver Booster SkipUAC (Kathy) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {423821BC-96E6-4D84-9341-34C7D6544576} - System32\Tasks\temp_5375a8f1-d04e-4014-8417-fe3a4f558ce7-6 => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.exe [2015-07-19] (Cinema PlusV18.07) <==== ATTENTION
Task: {4315E182-2227-4C77-880F-D8ED0781664D} - System32\Tasks\NLSAGZR1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe [2015-07-08] (EpsanDrive) <==== ATTENTION
Task: {46EEB3FE-4979-4D71-B642-E6812F1A1B63} - System32\Tasks\SMWPUpd => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\updater.exe <==== ATTENTION
Task: {4F7AA969-E2FB-46AC-A550-70B132457A08} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smp.exe <==== ATTENTION
Task: {519D5601-B701-4EF4-942D-023EB0776066} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [2015-07-03] () <==== ATTENTION
Task: {536F625C-BFB1-4834-BC2B-BD6198974A9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {58BC472B-603B-41F5-A0F2-3D4FBD8E8B49} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-02-18] (Web Bar Media) <==== ATTENTION
Task: {5AE88653-7D39-4018-A2D6-1B1865993C94} - System32\Tasks\BD634EFB-4435-4228-B1B1-B9F4709D5F79 => C:\Users\Kathy\AppData\Local\BD634EFB-4435-4228-B1B1-B9F4709D5F79\BD634EFB-4435-4228-B1B1-B9F4709D5F79.exe [2015-07-18] () <==== ATTENTION
Task: {5B84AF85-C877-4407-9B54-51E465C67CD3} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-10.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {5BAFB821-7E9C-44DA-8FF3-BA06AA1A580A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-26] (Adobe Systems Incorporated)
Task: {5D16852C-3009-4836-B678-96DD5F24BE7B} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-07-12] (ConsumerInput) <==== ATTENTION
Task: {610A4D52-9E85-4E0B-A680-BEA500D4EF11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-29] (Google Inc.)
Task: {691E87A2-9D64-45C3-A667-ABE98310143F} - System32\Tasks\GLQHQICXMFBVKQCB => C:\ProgramData\Service1291\Service1291.exe [2015-06-28] () <==== ATTENTION
Task: {6F7B2104-C5A2-4870-8DAA-94359F4B295E} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-6 => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-6.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {80ECF25B-E055-4C3B-B841-3F10B6413105} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {83886EC4-445C-4DB0-9EB6-83B465472564} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-5_user => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-5.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {88726888-5908-4FB8-A3FA-9043CB5B1478} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Core => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {8C648E3B-AA13-45C1-832C-77C99013C7F4} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2015-07-09] (Pro PC Cleaner) <==== ATTENTION
Task: {8D2D9211-2FB9-4C3E-AB7B-548D36C48621} - System32\Tasks\Epuifuuva => C:\ProgramData\Epuifuuva\1.0.4.1\allomlom.exe [2015-07-13] ()
Task: {8E797C65-1C95-4E33-BD35-2B67CFA422CC} - System32\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6 => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.exe [2015-07-19] (Cinema PlusV18.07) <==== ATTENTION
Task: {8F31C890-7EC5-49DE-B3B9-7476E1ADAD00} - System32\Tasks\CIMT_daily_S-1-5-21-171533428-321824291-3300133993-1000 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-06-19] () <==== ATTENTION
Task: {8FCE26CD-8109-40D2-84C9-EC4D6052F068} - System32\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-3 => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-3.exe [2015-07-19] (Cinema PlusV18.07) <==== ATTENTION
Task: {9A4092C6-EB94-4323-A130-EEA16B56DCD3} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-19] (globalUpdate) <==== ATTENTION
Task: {9A6CF26F-A597-49B7-8D92-A65B8241C305} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-10_user => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-10.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {9C38A35C-5BD6-4388-BC91-FED16EF2B1F4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-171533428-321824291-3300133993-1000
Task: {9DC79A38-C865-43F3-9280-76CE0AC74000} - System32\Tasks\Uninstaller_SkipUac_Kathy => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)
Task: {ACC2C1A7-672C-479B-91FF-EB6428145187} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {B3E4C79F-31B0-4CEC-8855-3A125AFCA943} - System32\Tasks\FYLVp79 => C:\Users\Kathy\AppData\Roaming\FYLVp79.exe [2015-04-20] () <==== ATTENTION
Task: {B50E6BBF-9E5C-4375-A579-BA67BBBB3632} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {BEFA25DD-72D7-4DCD-A9B5-609E7D25109A} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {BFD5E5F7-A581-4986-AA96-C25F1196ED50} - System32\Tasks\JWRTYVMXFBIVCPWL => C:\ProgramData\Service1198\Service1198.exe [2015-06-28] () <==== ATTENTION
Task: {CC0931E2-8841-4E30-A9AC-B3C127345ED4} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {CD043251-2487-4869-A33C-C07A835E7188} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CF6E7CAA-8B5F-4C52-A529-903EEF71BD58} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D0A3F695-CFF9-4D08-A2A2-A4FC09D36290} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-5 => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-5.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {D17B14BD-B3E2-4FD2-AFBE-644A6A3B1782} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {D67D6154-0544-43C0-A94B-02B9B1A17E7C} - System32\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-7.exe [2015-07-13] (Cinema PlusV13.07) <==== ATTENTION
Task: {E95208D8-3FF8-4D59-AFCB-CDC5937532DF} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-7 => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-7.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {E9AADAD9-F283-4AA1-9839-E55321CC24D3} - System32\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-7 => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-7.exe [2015-07-19] (Cinema PlusV18.07) <==== ATTENTION
Task: {F4309D18-BE10-4EE4-A49A-13DC9F49921B} - System32\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-1-7 => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-1-7.exe [2015-07-12] (HQ-VideoV12.07) <==== ATTENTION
Task: {F48924F7-2B13-4189-BEFC-7813745D4972} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-19] (globalUpdate) <==== ATTENTION
Task: {F60157AF-D870-485B-87FD-5F992DA7ACD1} - System32\Tasks\GlobalUpdate-ywy2yzvxzgtjbth => C:\Users\Kathy\AppData\Roaming\ywy2yzvxzgtjbth\ywy2yzvxzgtjbth.exe [2015-07-13] () <==== ATTENTION
Task: {F6838031-AB36-4284-9FC7-8677F4B77864} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F93A1729-BC6D-42A0-888E-D2BEB8D08BA5} - System32\Tasks\avastBCLRestartS-1-5-21-171533428-321824291-3300133993-1000 => Chrome.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV13.07\24590c5b-2a5f-42b8-91a2-fa4788a2a0d9-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\5375a8f1-d04e-4014-8417-fe3a4f558ce7-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-1-6.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-1-7.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-10_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-3.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-5.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-5_user.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-6.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\a1e5f7dc-19c6-44a2-882d-e75547499632-7.job => C:\Program Files (x86)\HQCinema Pro 2.1V12.07\a1e5f7dc-19c6-44a2-882d-e75547499632-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-171533428-321824291-3300133993-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-171533428-321824291-3300133993-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\FYLVp79.job => C:\Users\Kathy\AppData\Roaming\FYLVp79.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GLQHQICXMFBVKQCB.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JWRTYVMXFBIVCPWL.job => C:\ProgramData\Service1198\Service1198.exe <==== ATTENTION
Task: C:\Windows\Tasks\NLSAGZR1.job => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== ATTENTION
Task: C:\Windows\Tasks\temp_5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV18.07\5375a8f1-d04e-4014-8417-fe3a4f558ce7-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\WdEL9n2eiowr.job => C:\Users\Kathy\AppData\Roaming\WdEL9n2eiowr.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-07-14 14:12 - 2015-07-13 14:24 - 00297832 _____ () C:\Program Files\shopperz12072015\Falhnzsy64.DLL
2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-07-14 14:12 - 2015-07-13 14:24 - 00285544 _____ () C:\Program Files\shopperz12072015\Igivkorcb.exe
2015-07-14 14:12 - 2015-07-13 14:24 - 00433512 _____ () C:\Program Files\shopperz12072015\Bzvra.exe
2015-07-14 14:12 - 2015-07-13 14:24 - 00464744 _____ () C:\Program Files\shopperz12072015\Bzvra64.exe
2015-07-14 14:12 - 2015-07-13 14:24 - 00631144 _____ () C:\Program Files\shopperz12072015\Ekehe64.DLL
2015-07-14 14:12 - 2015-07-13 14:25 - 00277864 _____ () C:\Program Files\shopperz12072015\Znjiay64.DLL
2015-07-14 14:12 - 2015-07-13 14:25 - 00337256 _____ () C:\Program Files\shopperz12072015\Moieoae64.DLL
2015-07-13 00:01 - 2015-07-12 15:48 - 03287696 _____ () C:\Users\Kathy\AppData\Local\ospd_us_014010029\upospd_us_014010029.exe
2015-06-19 12:41 - 2015-06-19 12:41 - 01250848 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2015-04-10 09:49 - 2015-04-10 09:49 - 01556504 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2015-06-28 12:11 - 2015-06-28 12:11 - 01221120 _____ () C:\Program Files (x86)\msrtn32\msrtn32.exe
2015-07-13 13:10 - 2015-07-13 05:30 - 03986064 _____ () C:\Program Files (x86)\gmsd_us_005010030\gmsd_us_005010030.exe
2015-07-13 00:34 - 2015-07-13 00:34 - 02422272 _____ () C:\Program Files (x86)\Smwyyntm1ndi1zdz\ywi2mzv2zhnjbdh.exe
2015-07-14 14:22 - 2015-07-14 08:23 - 03985552 _____ () C:\Program Files (x86)\gmsd_us_005010031\gmsd_us_005010031.exe
2015-07-14 14:12 - 2015-07-13 14:24 - 01448808 _____ () C:\Program Files\shopperz12072015\csrcc.exe
2015-06-29 19:00 - 2015-06-29 19:00 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2015-07-13 07:13 - 2015-07-13 07:13 - 00171920 _____ () C:\Program Files\shopperz12072015\ZazyjiKotn.exe
2015-06-28 12:11 - 2015-06-28 12:11 - 00825856 _____ () C:\Program Files (x86)\msrtn32\cdhtr.exe
2015-07-13 00:06 - 2015-07-13 00:06 - 00219136 _____ () C:\Users\Kathy\AppData\Local\5670549A-1436745948-DE00-E918-1C7508113231\cnsh175B.tmp
2015-07-13 00:03 - 2015-07-13 00:03 - 00183808 _____ () C:\Users\Kathy\AppData\Roaming\ASPackage\ASSrv.exe
2015-07-14 14:12 - 2015-07-13 14:24 - 00174952 _____ () C:\Program Files\shopperz12072015\Xzeexmh.exe
2015-04-10 09:49 - 2015-04-10 09:49 - 00586264 _____ () C:\Program Files (x86)\StormWatch\StormWatchSrv.exe
2015-04-07 10:12 - 2015-04-07 10:12 - 00404480 _____ () C:\ProgramData\1436760085\s9.exe
2015-07-12 23:53 - 2015-07-12 23:54 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
2015-07-13 06:18 - 2015-07-13 06:18 - 01997824 _____ () C:\Program Files\WajIEn\wajam_64.exe
2015-07-13 06:15 - 2015-07-13 06:15 - 01610240 _____ () C:\Program Files\WajIEn\wajam.exe
2015-08-16 16:38 - 2015-08-16 16:38 - 01422336 _____ () C:\Program Files\WajIEn\dlls\crusc.dll
2015-07-12 10:52 - 2015-07-12 10:52 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-07-13 07:13 - 2015-07-13 07:13 - 02020864 _____ () C:\Program Files\shopperz12072015\Cofvopjy.exe
2015-06-25 08:50 - 2015-06-25 08:50 - 02248192 _____ () C:\Users\Kathy\AppData\Local\5670549A-1436745948-DE00-E918-1C7508113231\ansh1316.exe
2015-07-14 14:12 - 2015-07-13 14:24 - 00291688 _____ () C:\Program Files\shopperz12072015\Falhnzsy.DLL
2015-07-14 14:12 - 2015-07-13 14:24 - 00620392 _____ () C:\Program Files\shopperz12072015\Ekehe.DLL
2015-07-14 14:12 - 2015-07-13 14:25 - 00243560 _____ () C:\Program Files\shopperz12072015\Znjiay.DLL
2015-07-14 14:12 - 2015-07-13 14:24 - 00312168 _____ () C:\Program Files\shopperz12072015\Moieoae.DLL
2015-08-16 16:34 - 2015-08-16 16:34 - 00011264 _____ () C:\Users\Kathy\AppData\Local\Temp\nswCD10.tmp\System.dll
2015-08-16 16:34 - 2015-08-16 16:34 - 00091136 _____ () C:\Users\Kathy\AppData\Local\Temp\nswCD10.tmp\base64.dll
2015-08-16 16:34 - 2015-08-16 16:34 - 00004096 _____ () C:\Users\Kathy\AppData\Local\Temp\nswCD10.tmp\ThreadTimer.dll
2015-08-16 16:34 - 2015-08-16 16:34 - 00020992 _____ () C:\Users\Kathy\AppData\Local\Temp\nswCD10.tmp\inetc.dll
2015-06-09 22:36 - 2015-06-09 22:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2014-10-12 00:26 - 2014-10-12 00:26 - 02299904 _____ () C:\Program Files (x86)\msrtn32\QxOrm.dll
2013-09-24 12:38 - 2013-09-24 12:38 - 00243200 _____ () C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll
2014-10-13 19:34 - 2014-10-13 19:34 - 00879104 _____ () C:\Program Files (x86)\msrtn32\platforms\qwindows.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 00109160 _____ () C:\Program Files (x86)\Ninja Loader\Modules\Core.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00032256 _____ () C:\Program Files (x86)\msrtn32\imageformats\qdds.dll
2014-10-13 19:32 - 2014-10-13 19:32 - 00021504 _____ () C:\Program Files (x86)\msrtn32\imageformats\qgif.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00027648 _____ () C:\Program Files (x86)\msrtn32\imageformats\qicns.dll
2014-10-13 19:32 - 2014-10-13 19:32 - 00021504 _____ () C:\Program Files (x86)\msrtn32\imageformats\qico.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00381952 _____ () C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll
2014-10-13 19:31 - 2014-10-13 19:31 - 00204800 _____ () C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00218112 _____ () C:\Program Files (x86)\msrtn32\imageformats\qmng.dll
2014-10-14 00:31 - 2014-10-14 00:31 - 00015360 _____ () C:\Program Files (x86)\msrtn32\imageformats\qtga.dll
2014-10-14 00:32 - 2014-10-14 00:32 - 00307712 _____ () C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll
2014-10-14 00:32 - 2014-10-14 00:32 - 00014848 _____ () C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll
2014-10-14 00:32 - 2014-10-14 00:32 - 00252928 _____ () C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 00039528 _____ () C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 00118376 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 00092776 _____ () C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll
2015-07-02 09:44 - 2015-07-02 09:44 - 00041576 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll
2015-07-02 09:44 - 2015-07-02 09:44 - 00096872 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll
2015-07-02 09:44 - 2015-07-02 09:44 - 00056424 _____ () C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll
2015-07-02 09:45 - 2015-07-02 09:45 - 00058984 _____ () C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll
2015-07-18 21:58 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-07-18 21:58 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-07-18 21:58 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-08-16 16:38 - 2015-08-16 16:38 - 01220608 _____ () C:\Program Files\WajIEn\dlls\ulkty.dll
2015-06-30 18:47 - 2015-07-03 12:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-30 18:47 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-30 18:47 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-30 18:47 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-30 18:47 - 2015-07-23 19:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-30 18:47 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-30 18:47 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-30 18:47 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-30 18:47 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-30 18:47 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-30 18:47 - 2015-07-23 19:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-06-30 18:47 - 2015-07-03 12:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-12-29 14:58 - 2014-10-08 16:51 - 00348992 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
2014-12-29 14:58 - 2014-10-08 16:50 - 00183616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
2014-12-29 14:58 - 2014-10-08 16:50 - 00051008 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
2014-12-29 14:58 - 2014-08-22 16:19 - 00893248 _____ () C:\Program Files (x86)\IObit\Driver Booster\webres.dll
2014-12-29 14:58 - 2012-02-16 11:16 - 00516440 _____ () C:\Program Files (x86)\IObit\Driver Booster\sqlite3.dll
2015-08-19 09:46 - 2015-08-19 09:46 - 00011264 _____ () C:\Users\Kathy\AppData\Local\Temp\nsn4709.tmp\System.dll
2015-08-19 09:46 - 2015-08-19 09:46 - 00117248 _____ () C:\Users\Kathy\AppData\Local\Temp\nsn4709.tmp\IpConfig.dll
2015-07-13 12:09 - 2015-03-26 10:13 - 01091584 _____ () C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\libglesv2.dll
2015-07-13 12:09 - 2015-03-26 10:13 - 00167936 _____ () C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\libEGL.dll
2015-07-13 12:09 - 2015-03-26 10:39 - 08569856 _____ () C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\pdf.dll
2015-07-13 12:09 - 2015-03-26 10:18 - 00324608 _____ () C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\ppGoogleNaClPluginChrome.dll
2015-07-13 12:09 - 2015-03-26 10:14 - 00880128 _____ () C:\Users\Kathy\AppData\Local\Ninja Loader\Discover\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\system32\Drivers\vfbhiosb.sys:changelist
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Cofvopjy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-171533428-321824291-3300133993-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-171533428-321824291-3300133993-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9ED28A31-FDD7-4583-8462-1071417A0BFD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C46D8DEB-70AE-441E-A3EA-5BC3B735FCD0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{06B3491D-090D-46B2-B1D0-77DEB7A9668D}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{0E289524-7AF7-42E1-B79C-6CEFEA80A5A7}C:\program files (x86)\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{0B5ADB51-8095-4367-9CE0-B9F8A08F5E8C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F70B49AA-6FB6-45E3-A9C4-BA4B69A06567}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B1830E8F-99BB-4647-871A-3E464AECC635}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9D7B1C62-08F3-4201-892E-F1F204FB3B82}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{23707D09-9119-4D70-8065-8FDC631F5D12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{182FD2AE-3BD2-44C9-81AE-AB0DB11B8F70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E89E610F-18AA-4855-8D2C-42BE8BCF386F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{F6E90CEF-68C2-4075-9104-4BEC29442B30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{9EB6F522-4707-4F17-82F6-5566AF5DE129}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{264B9FAF-43DD-4343-A301-3DAD53EEC1A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8D4815BF-C331-4AC1-8537-D6FEE45715D8}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{FD9121D0-CCD1-4339-8C12-545C16608EA1}] => (Allow) C:\Users\Kathy\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{B1EDAE99-499C-4E97-B76E-5BABD06EB34B}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{57FAFCFF-2275-4BD7-ABA3-ED9FC909C651}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{7129562E-A0C2-410F-B5C6-233F4B07C18F}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{BD397738-D987-4F9C-9428-8ED28F2A3056}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{5B5678E7-8F8A-4971-B590-5273734B3839}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe
FirewallRules: [{B73AFB0A-002E-4938-897D-9817CB63CB66}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{4B4AB129-F247-4FC0-99D9-96B00ED433F0}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/19/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IObitUninstaler.exe version 4.3.0.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 370c
Start Time: 01d0da841eaf97fc
Termination Time: 7
Application Path: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Report Id: 2a7b197c-4678-11e5-9888-70f1a1e80b86
Error: (08/16/2015 04:38:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2015 04:35:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 1.1.0.1, time stamp: 0x558d0604
Faulting module name: cpx.exe, version: 1.1.0.1, time stamp: 0x558d0604
Exception code: 0xc0000409
Fault offset: 0x0003a8dc
Faulting process id: 0x13f4
Faulting application start time: 0xcpx.exe0
Faulting application path: cpx.exe1
Faulting module path: cpx.exe2
Report Id: cpx.exe3
Error: (08/16/2015 04:35:07 PM) (Source: CoupoonService64) (EventID: 1) (User: )
Description: CoupoonService64StartServiceCtrlDispatcher error 1063
failed with 1063
Error: (07/28/2015 08:44:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/28/2015 08:44:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/28/2015 08:42:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).
Error: (07/28/2015 08:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 43.0.2357.132, time stamp: 0x559b2699
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xaabb1010
Faulting process id: 0x3ab4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Error: (07/28/2015 08:29:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2c3c
Start Time: 01d0c9958673ecdb
Termination Time: 7
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (07/28/2015 08:29:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: c98
Start Time: 01d0c9955acf015c
Termination Time: 985
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
System errors:
=============
Error: (08/19/2015 09:51:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.5.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:51:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:51:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:51:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY59
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:43:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.5.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:43:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:43:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:43:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY59
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:41:40 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 115.5.0.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/19/2015 09:41:40 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.203.712.0
Update Source: %NT AUTHORITY51
Update Stage: 4.8.0204.00
Source Path: 4.8.0204.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Microsoft Office:
=========================
Error: (08/19/2015 09:42:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IObitUninstaler.exe4.3.0.5370c01d0da841eaf97fc7C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe2a7b197c-4678-11e5-9888-70f1a1e80b86
Error: (08/16/2015 04:38:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (08/16/2015 04:35:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cpx.exe1.1.0.1558d0604cpx.exe1.1.0.1558d0604c00004090003a8dc13f401d0d862f219501bC:\Program Files (x86)\cpx\cpx.exeC:\Program Files (x86)\cpx\cpx.exe50f87ae5-4456-11e5-9888-70f1a1e80b86
Error: (08/16/2015 04:35:07 PM) (Source: CoupoonService64) (EventID: 1) (User: )
Description: CoupoonService64StartServiceCtrlDispatcher error 1063
failed with 1063
Error: (07/28/2015 08:44:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/28/2015 08:44:25 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
Error: (07/28/2015 08:42:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101
Error: (07/28/2015 08:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.132559b2699unknown0.0.0.000000000c0000005aabb10103ab401d0c99602a2af19C:\Program Files (x86)\Google\Chrome\Application\chrome.exeunknown77323b50-3589-11e5-ab64-1c7508113231
Error: (07/28/2015 08:29:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178402c3c01d0c9958673ecdb7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (07/28/2015 08:29:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840c9801d0c9955acf015c985C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==================== Memory info ===========================
Processor: AMD Phenom™ II N830 Triple-Core Processor
Percentage of memory in use: 64%
Total physical RAM: 3834.9 MB
Available physical RAM: 1347.59 MB
Total Virtual: 7668 MB
Available Virtual: 4560.26 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:452.66 GB) (Free:198.86 GB) NTFS
Drive e: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.45 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F836E349)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: 1342406A)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
==================== End of log ============================
Thanks in Advance for the help
)
Sign In
Create Account
