Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yamdex, Crossbrowse, and more Issues [Solved]

Started by SteveClark180 , Aug 30 2015 11:24 PM

  • This topic is locked This topic is locked

#1
SteveClark180
Posted 30 August 2015 - 11:24 PM

SteveClark180

    New Member

  • Member
  • Pip
  • 9 posts

Hi!

 

My laptop is having some issues with Yamdex (in Russian), Feed.sonic-search, and Sidecube search engines in Google Chrome. These search engines appeared in Internet Explorer and Firefox without my consent.

Along with that, I have "apparently" installed Crossbrowse a few days before the search engine problems started. Other Trojan and Malware applications have infiltrated my 8.1 Windows laptop.

I went to Settings and Internet Options to find default browsers and tried to set Google as my default browser, but the pestering engines and other ad-filled tabs kept happening and slowed down my laptop. Ads kept popping up in new tabs, or otherwise they were covering up tabs I use- it really slows down my laptop.

I think I was gullible enough to accept some aggressive downloads when these things occurred. Afterwards, new apps with the "I Agree" forms have appeared while downloading the other apps, and I realized that I screwed up. I uninstalled most of the apps, but some of them won't budge. When I tried to uninstall some of the downloads it said that I needed Administrator permission to uninstall these things although I am the Administrator.

 

My laptop doesn't have much security anymore because my only security subscription ended a while ago.

 

 

Crossbrowse was installed in 8/20/15.

Downloads and the engine occurrences started in 8/28/15.

I hope that this battle will end before my school starts in 9/8/15, but I'm willing to go beyond this date if necessary.

 

I will be extremely grateful for your services!  :) 

 

 

 

Here's my FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Stevan (administrator) on HOMEDN-PC (30-08-2015 23:22:02)
Running from C:\Users\Stevan\Desktop
Loaded Profiles: Stevan (Available Profiles: DanaZ & Stevan & Branko & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\groover250820151255\TocbYsebre.exe
() C:\Program Files\groover250820151255\Ekoij.exe
() C:\Program Files\Konklight\Konklight.exe
() C:\Windows\msqy.exe
() C:\ProgramData\Saophase\Saophase.exe
() C:\Windows\sqy.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
() C:\Program Files\groover250820151255\Kufnemgawj.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
() C:\Program Files\groover250820151255\Ijateo.exe
() C:\Program Files\groover250820151255\Ijateo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe
(Softissimo) C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\Lexibase.exe
() C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\Program Files\groover250820151255\Exuinke.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\groover250820151255\csrcc.exe
() C:\Users\Stevan\AppData\Local\Citytech.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
() C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [groover250820151255] => C:\Program Files\groover250820151255\Ijateo.exe [429224 2015-08-25] ()
HKLM\...\Run: [groover25082015125564] => C:\Program Files\groover250820151255\Ijateo64.exe [460456 2015-08-25] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_005010074] => [X]
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [Bubble Dock] => "C:\Users\Stevan\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
AppInit_DLLs: C:\ProgramData\Saophase\K-eco.dll => C:\ProgramData\Saophase\K-eco.dll [212992 2015-08-30] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Tipstrong.dll => C:\ProgramData\Saophase\Tipstrong.dll [194560 2015-08-30] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-11-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexibase Express.lnk [2013-08-14]
ShortcutTarget: Lexibase Express.lnk -> C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe ()
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-11-09]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk [2014-05-25]
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk [2014-05-25]
ShortcutTarget: StormAlerts.lnk -> C:\Users\DanaZ\AppData\Local\StormAlerts\StormAlertsApp.exe ()
Startup: C:\Users\Ryan Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-17]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-28]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1001\User: Restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 208.91.112.53 208.91.112.52
Tcpip\..\Interfaces\{B9527D6F-AC6D-467E-8F06-DCF14892A299}: [DhcpNameServer] 208.91.112.53 208.91.112.52
Tcpip\..\Interfaces\{C4EC7C64-D342-4238-BA25-99C60714BC1F}: [DhcpNameServer] 208.91.112.53 208.91.112.52
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com/
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
SearchScopes: HKLM-x32 -> {EE51F551-5AD2-49F8-9E69-EB809495726A} URL = hxxp://www.globasearch.com/?serie=209&installkey=As4G5dDDQXkL6om6EwXe&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=b61f3012c03066e79077d587555400fc&text=
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva64.dll [2015-08-25] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva.dll [2015-08-25] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
DefaultPrefix-x32: => http://yamdex.net/?s...7555400fc&text=<==== ATTENTION
 
FireFox:
========
FF ProfilePath: C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828
FF NewTab: C:\\ProgramData\\Saophases\\ff.NT
FF DefaultSearchEngine.US: findit
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-05] (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ryan Stevan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3094508777-2562355391-1898814638-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stevan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\user.js [2015-08-30]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\searchplugins\findit.xml [2015-08-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-08-30]
FF HKLM\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
FF Extension: groover250820151255 - C:\Program Files\groover250820151255\Firefox [2015-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
 
Chrome: 
=======
CHR Profile: C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-28]
CHR Profile: C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Google Search) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (AdBlock) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 032E4D9E-99D1-47E4-8608-82244BD88146; C:\Program Files\groover250820151255\Exuinke.exe [281256 2015-08-25] ()
R3 csrcc; C:\Program Files\groover250820151255\csrcc.exe [1444520 2015-08-25] ()
R2 DaljiaEkuivu; C:\Program Files\groover250820151255\TocbYsebre.exe [171856 2015-08-25] ()
R2 groover250820151255 Updater; C:\Program Files\groover250820151255\Ekoij.exe [171176 2015-08-25] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 iosnload; C:\Users\Stevan\AppData\Local\Citytech.exe [52736 2015-08-30] () [File not signed]
R2 Konklight; C:\Program Files\Konklight\Konklight.exe [379904 2015-08-27] () [File not signed]
R3 Kufnemgawj; C:\Program Files\groover250820151255\Kufnemgawj.exe [2044240 2015-08-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 msqy; c:\windows\msqy.exe [408576 2015-08-28] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Saophase; C:\ProgramData\Saophase\Saophase.exe [33792 2015-08-27] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-29] (Enigma Software Group USA, LLC.)
R2 sqy; c:\windows\sqy.exe [417792 2015-08-28] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-08-29] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-08-29] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-29] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 23:22 - 2015-08-30 23:23 - 00023406 _____ C:\Users\Stevan\Desktop\FRST.txt
2015-08-30 21:24 - 2015-08-30 21:25 - 00279872 _____ C:\WINDOWS\Minidump\083015-40937-01.dmp
2015-08-30 21:24 - 2015-08-30 21:24 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-30 16:04 - 2015-08-30 16:04 - 00003918 _____ C:\WINDOWS\System32\Tasks\Update Mozilla Firefox
2015-08-30 15:22 - 2015-08-30 15:22 - 00000000 ____D C:\ProgramData\Saophases
2015-08-30 15:21 - 2015-08-30 21:28 - 00000000 ____D C:\ProgramData\Saophase
2015-08-30 15:19 - 2015-08-30 15:19 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 15:04 - 2015-08-30 15:04 - 00003156 _____ C:\WINDOWS\System32\Tasks\pn4le0nv
2015-08-30 15:03 - 2015-08-30 15:03 - 00000000 ____D C:\Program Files\Common Files\zmn5cqnr
2015-08-30 13:53 - 2015-08-30 14:53 - 00000000 ____D C:\Program Files\Konklight
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-30 01:25 - 2015-08-30 01:25 - 00000285 _____ C:\files.log
2015-08-30 01:15 - 2015-08-30 01:46 - 00000191 _____ C:\folders.log
2015-08-30 01:15 - 2015-08-30 01:46 - 00000000 ____D C:\zoek
2015-08-29 23:52 - 2015-08-30 01:46 - 00062576 _____ C:\Users\Stevan\Desktop\zoek-results.log
2015-08-29 23:09 - 2015-08-30 01:46 - 00004948 _____ C:\runcheck.txt
2015-08-29 23:08 - 2015-08-30 01:23 - 00000000 ____D C:\zoek_backup
2015-08-29 23:02 - 2015-08-29 23:11 - 00000000 ____D C:\ProgramData\Ebonmedia
2015-08-29 22:26 - 2015-08-29 22:26 - 01308672 _____ C:\Users\Stevan\Desktop\zoek.exe
2015-08-29 22:07 - 2015-08-29 22:07 - 00000000 ____D C:\Users\Stevan\Downloads\FRST-OlderVersion
2015-08-29 22:06 - 2015-08-30 23:22 - 00000000 ____D C:\FRST
2015-08-29 22:06 - 2015-08-29 22:07 - 02186752 _____ (Farbar) C:\Users\Stevan\Downloads\FRST64.exe
2015-08-29 22:01 - 2015-08-30 23:20 - 02188288 _____ (Farbar) C:\Users\Stevan\Desktop\FRST64.exe
2015-08-29 21:53 - 2015-08-29 21:54 - 00000000 ____D C:\AdwCleaner
2015-08-29 15:54 - 2015-08-29 15:54 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-29 15:52 - 2015-08-30 21:25 - 00004744 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\SysWOW64\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\system32\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-29 15:52 - 2015-08-25 04:57 - 00283472 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.dll
2015-08-29 15:51 - 2015-08-29 15:51 - 00003644 _____ C:\WINDOWS\System32\Tasks\Radqyvm
2015-08-29 15:51 - 2015-08-29 15:51 - 00000000 ____D C:\WINDOWS\system32\abis
2015-08-29 15:49 - 2015-08-29 15:54 - 00000000 ____D C:\Program Files\groover250820151255
2015-08-29 15:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-29 02:29 - 2015-08-29 02:29 - 00000000 _____ C:\autoexec.bat
2015-08-29 02:28 - 2015-08-29 02:28 - 00003332 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-08-29 02:28 - 2015-08-29 02:28 - 00001114 _____ C:\Users\Stevan\Desktop\SpyHunter.lnk
2015-08-29 02:28 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-29 02:27 - 2015-08-29 02:27 - 00000000 ____D C:\sh4ldr
2015-08-29 02:23 - 2015-08-29 02:23 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-08-29 02:14 - 2015-08-29 02:14 - 00000000 ____D C:\Users\Stevan\Documents\Old Firefox Data
2015-08-29 01:41 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Enigma Software Group
2015-08-29 01:41 - 2015-08-29 02:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-29 01:41 - 2015-08-29 01:41 - 00001109 _____ C:\Users\Stevan\Desktop\RegHunter.lnk
2015-08-29 01:41 - 2015-08-29 01:41 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2015-08-29 01:15 - 2015-08-30 15:23 - 00002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-28 22:35 - 2015-08-30 22:35 - 00001078 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-28 22:35 - 2015-08-28 22:35 - 00004082 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Ryan Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\DanaZ\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Branko\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-28 22:31 - 2015-08-29 00:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 22:30 - 2015-08-29 00:55 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V28.08
2015-08-28 22:29 - 2015-08-30 13:28 - 00000000 ___HD C:\ProgramData\sqy
2015-08-28 22:26 - 2015-08-28 22:26 - 00631808 _____ C:\WINDOWS\sqy.dat
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ C:\WINDOWS\msqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ C:\WINDOWS\sqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00001046 _____ C:\Users\Guest\Desktop\PepperZip.lnk
2015-08-28 22:25 - 2015-08-28 22:25 - 00001046 _____ C:\Users\DanaZ\Desktop\PepperZip.lnk
2015-08-28 22:25 - 2015-08-28 22:25 - 00001046 _____ C:\Users\Branko\Desktop\PepperZip.lnk
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-28 22:13 - 2015-08-28 22:13 - 00000000 ____D C:\Users\DanaZ\AppData\Local\GWX
2015-08-28 22:12 - 2015-08-28 22:12 - 00000000 ____D C:\Users\DanaZ\AppData\Local\CEF
2015-08-28 21:20 - 2015-08-28 21:20 - 00003234 _____ C:\WINDOWS\System32\Tasks\PROPCCleanerSoftware_Start
2015-08-28 21:19 - 2015-08-28 21:19 - 00000000 ____D C:\Users\Stevan\AppData\Local\Rainmaker_Software_Group_
2015-08-28 21:15 - 2015-08-28 21:15 - 00000000 ____D C:\Users\Stevan\AppData\Local\IsolatedStorage
2015-08-28 21:14 - 2015-08-28 22:19 - 00000000 ____D C:\Users\Stevan\Documents\PROPCCleanerSoftware
2015-08-28 21:12 - 2015-08-28 21:12 - 00000000 ____D C:\Users\Stevan\AppData\Local\Setup242812
2015-08-28 18:31 - 2015-08-30 21:26 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-28 18:31 - 2015-08-30 15:23 - 00001445 _____ C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-28 18:30 - 2015-08-29 00:59 - 00002067 _____ C:\WINDOWS\SysWOW64\debug.log
2015-08-28 18:28 - 2015-08-28 18:28 - 00000000 _____ C:\WINDOWS\SysWOW64\track
2015-08-28 18:26 - 2015-08-28 18:26 - 00000000 ____D C:\Users\Stevan\AppData\Local\CEF
2015-08-28 18:22 - 2015-08-28 18:22 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\Users\Stevan\Documents\DailyPCClean
2015-08-28 18:05 - 2015-08-29 01:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-28 17:58 - 2015-08-30 20:47 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-28 17:58 - 2015-08-28 17:58 - 00000000 ____D C:\ProgramData\Ufhnaeskuek
2015-08-28 17:56 - 2015-07-25 14:13 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Guest\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\DanaZ\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Branko\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Desktop Pool
2015-08-28 17:54 - 2015-08-29 22:24 - 00000000 ____D C:\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D
2015-08-28 17:52 - 2015-08-28 22:18 - 00000000 ____D C:\Users\Stevan\Documents\ProPCCleaner
2015-08-28 17:52 - 2015-08-28 17:52 - 00003200 _____ C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-08-28 17:52 - 2015-08-28 17:52 - 00000000 ____D C:\Users\Stevan\AppData\Local\Pro_PC_Cleaner
2015-08-28 17:35 - 2015-08-28 17:35 - 00003336 _____ C:\WINDOWS\System32\Tasks\PaintTool SAI
2015-08-22 18:53 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 18:53 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 10:10 - 2015-08-08 08:55 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-19 10:10 - 2015-08-08 08:55 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-18 14:55 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 14:55 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 22:56 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 22:56 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 22:56 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-14 22:55 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 22:55 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 22:55 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 22:55 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 22:55 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 22:55 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 22:55 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 22:55 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 22:55 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 22:55 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-14 22:49 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-14 22:49 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-14 22:49 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-14 22:49 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-14 22:49 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-14 22:49 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-14 22:49 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-14 22:49 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-14 22:49 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-14 22:48 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-14 22:48 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-14 22:48 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-14 22:48 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-14 22:48 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-14 22:48 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-14 22:48 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-14 22:48 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-14 22:48 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-14 22:48 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-14 22:48 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-14 22:48 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-14 22:48 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-14 22:48 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-14 22:48 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-14 22:48 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-14 22:48 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-14 22:48 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-14 22:48 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-14 22:48 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-14 22:48 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-14 22:48 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-14 22:48 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-14 22:48 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-14 22:48 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-14 22:48 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-14 22:48 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-14 22:48 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-14 22:48 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-14 22:47 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-14 22:47 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-14 22:47 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-14 22:47 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-14 22:47 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-14 22:47 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-14 22:47 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-14 22:47 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-14 22:47 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-14 22:45 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-14 22:45 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-14 22:45 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-14 22:45 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-14 22:44 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-14 22:44 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-14 22:44 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-14 22:44 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-14 22:44 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-14 22:44 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-14 22:44 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-14 22:44 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-14 22:44 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-14 22:40 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-14 22:40 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-14 22:40 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-14 22:40 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-14 22:40 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-14 22:40 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-14 22:40 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-14 22:40 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 21:19 - 2015-08-11 21:19 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-04 16:37 - 2015-08-04 16:37 - 00000000 ____D C:\Users\Stevan\AppData\Local\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 23:19 - 2013-06-17 19:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-30 23:16 - 2012-11-02 23:15 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 23:12 - 2014-02-24 21:20 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB021690-B451-41EF-AF6A-ADC322030651}
2015-08-30 23:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-30 22:31 - 2013-05-30 16:46 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA.job
2015-08-30 22:03 - 2013-05-21 23:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3094508777-2562355391-1898814638-1004
2015-08-30 21:39 - 2013-10-30 09:02 - 01572085 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-30 21:31 - 2013-05-30 16:46 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core.job
2015-08-30 21:27 - 2012-11-02 23:15 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 21:24 - 2013-09-29 22:55 - 01072096 _____ C:\WINDOWS\PFRO.log
2015-08-30 21:24 - 2013-08-22 09:46 - 00419235 _____ C:\WINDOWS\setupact.log
2015-08-30 21:24 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-30 21:24 - 2012-11-12 17:35 - 508257404 _____ C:\WINDOWS\MEMORY.DMP
2015-08-30 21:12 - 2013-09-24 17:13 - 00000000 ____D C:\Users\Stevan\AppData\Local\CrashDumps
2015-08-30 15:23 - 2013-12-01 16:43 - 00001445 _____ C:\Users\Branko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:23 - 2013-11-09 10:50 - 00001445 _____ C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:18 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-30 15:01 - 2014-05-26 00:45 - 00000296 _____ C:\WINDOWS\Tasks\_DEFAULT.job
2015-08-30 01:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-30 01:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-30 01:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-29 22:57 - 2013-10-30 08:39 - 00000000 ____D C:\Users\Stevan
2015-08-29 15:51 - 2015-03-09 23:04 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-29 15:51 - 2015-03-09 23:03 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-29 01:48 - 2012-11-24 17:58 - 00001462 _____ C:\Users\Ryan Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-29 01:26 - 2014-05-26 01:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-29 01:26 - 2014-05-26 01:29 - 00002050 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-08-29 01:26 - 2012-08-18 11:06 - 00000000 ____D C:\ProgramData\Adobe
2015-08-29 01:15 - 2012-11-02 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-29 00:55 - 2014-05-26 01:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-28 22:21 - 2013-10-31 16:27 - 00000610 __RSH C:\Users\Stevan\ntuser.pol
2015-08-28 18:53 - 2013-09-30 00:23 - 00000000 ____D C:\Users\Stevan\Documents\Book Place
2015-08-28 18:22 - 2013-10-31 16:28 - 00002071 ____R C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-08-28 18:21 - 2014-04-09 20:11 - 00001986 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-08-28 18:20 - 2012-08-18 11:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 18:18 - 2015-06-19 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-28 18:18 - 2014-04-09 20:11 - 00001974 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2015-08-28 17:37 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-28 16:43 - 2014-08-12 12:05 - 00000226 _____ C:\Users\Stevan\BullseyeCoverageError.txt
2015-08-28 16:04 - 2013-10-30 14:34 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 16:04 - 2013-06-30 12:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 17:11 - 2012-11-02 23:15 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 17:11 - 2012-11-02 23:15 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 14:32 - 2015-04-15 01:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-26 14:32 - 2015-03-13 01:23 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-23 21:44 - 2013-07-23 03:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-23 21:44 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-23 21:10 - 2012-12-13 02:35 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 10:09 - 2013-08-22 09:44 - 00522936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-18 19:10 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 19:10 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 15:01 - 2014-11-06 13:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-18 14:59 - 2012-11-03 00:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-18 14:29 - 2012-07-26 00:26 - 00000336 _____ C:\WINDOWS\win.ini
2015-08-16 20:44 - 2013-12-12 09:53 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6D45E8A3-2023-4539-B773-7B8E4E615878}
2015-08-16 19:28 - 2013-12-01 16:49 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3094508777-2562355391-1898814638-1005
2015-08-15 17:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-13 22:59 - 2013-10-30 11:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-11 22:40 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-11 21:21 - 2013-06-17 19:38 - 00003712 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-05 21:57 - 2013-05-21 23:32 - 00000000 ____D C:\Users\Stevan\AppData\Local\Packages
2015-08-04 16:37 - 2013-05-21 23:33 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2015-08-30 15:19 - 2015-08-30 15:19 - 4241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0000187 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe.config
2012-11-04 04:02 - 2012-12-17 01:28 - 0002816 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-03-09 23:04] - [2015-08-29 15:51] - 0657920 ____A (Microsoft Corporation) 69BE1F75EC278634C241501AEC6F4D5E
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-03-09 23:03] - [2015-08-29 15:51] - 0498688 ____A (Microsoft Corporation) 454F8AEEF9DE95B00078AEA0F85A16E3
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-27 18:44
 
==================== End of FRST.txt ============================
 
 
 
Here's my Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Stevan (2015-08-30 23:26:18)
Running from C:\Users\Stevan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3094508777-2562355391-1898814638-500 - Administrator - Disabled)
Branko (S-1-5-21-3094508777-2562355391-1898814638-1005 - Limited - Enabled) => C:\Users\Branko
DanaZ (S-1-5-21-3094508777-2562355391-1898814638-1001 - Limited - Enabled) => C:\Users\DanaZ
Guest (S-1-5-21-3094508777-2562355391-1898814638-501 - Limited - Disabled) => C:\Users\Guest
Stevan (S-1-5-21-3094508777-2562355391-1898814638-1004 - Administrator - Enabled) => C:\Users\Stevan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EaseUS Data Recovery Wizard 5.8.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version:  - EaseUS)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
groover250820151255 2.0.0.473 (HKLM\...\{B02524C5-EF2E-45ED-801E-33E9AB705B45}_is1) (Version: 2.0.0.473 - groover)
GUPlayer (remove only) (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\GUPlayer) (Version:  - ) <==== ATTENTION
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 2 Runtime Environment Standard Edition v1.3.1 (HKLM-x32\...\JRE 1.3.1) (Version:  - )
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Lexibase Standard (HKLM-x32\...\{22AE875F-B8B3-46AF-856C-CE858538D912}) (Version: 6.0 - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Math Odyssey Calculus (HKLM-x32\...\Math Odyssey Calculus) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SigningAvatar Illustrated Dictionary (HKLM-x32\...\SAID) (Version:  - )
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Talk to Me (HKLM-x32\...\TTM70) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Venues™ X3D Viewer and Simulation Engine (HKLM-x32\...\Venues™ X3D Viewer and Simulation Engine) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-08-2015 14:23:15 Windows Update
15-08-2015 17:24:31 Scheduled Checkpoint
18-08-2015 13:55:13 Windows Modules Installer
22-08-2015 18:52:23 Windows Update
29-08-2015 23:52:26 zoek.exe restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-07-25 14:13 - 00000854 ____N C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06A7A42B-BF09-446F-A415-A22844688A81} - System32\Tasks\{7D801F0F-ECB4-4A66-A79D-7951B37DFE50} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {0846558F-70E8-49B0-8C7D-B612DF4FA046} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {10890A8C-DDA7-4780-972D-0E464D30735E} - System32\Tasks\{A933A2FA-82F8-435E-A170-EFA1A7D021F1} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {11077B7C-C68A-4E69-8163-F5621F8834E7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {12540047-6CA1-4B26-85B4-CFF4063ED315} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {1453710B-D6F4-4B64-957E-D9CD74F707BE} - System32\Tasks\{B7A60EE3-C2D9-477D-99C0-AB8CF1F8712E} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {14DBE6F2-C65A-4EF2-A6CA-5E40F45DF5FD} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {190FF3A5-9FF4-4C18-A0E1-D446176E157F} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-08-28] () <==== ATTENTION
Task: {1E1BA39F-6C27-4432-B1CF-FDC661337B86} - \Ufhnaeskuek -> No File <==== ATTENTION
Task: {29863619-2D27-4729-B1F8-0B97055061A7} - System32\Tasks\{177B11F1-600B-4488-82A3-E6E65AF27102} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2B43FB43-F806-4FFB-8FAF-E9B75E20BF0D} - System32\Tasks\gg_uac_daemon_Ryan Stevan => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {2DF546B0-7F16-4D15-A6DA-45CC868166BE} - System32\Tasks\_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2EE866EC-8758-44B9-9494-1C06C41B0324} - System32\Tasks\_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {44E530AF-1A6A-4F8B-9F0D-F7FD5FE22D2B} - System32\Tasks\{F9C615D6-0839-45B2-A9E4-9BE2C0762775} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {4625B511-A5D1-4261-B2B2-0CBA23685716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {471BB366-78D3-4AD3-B9E3-7D6AD05EE71C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4E23FAC7-4304-43C0-8A4E-6349C755ADE9} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {5DE9BCCF-817C-4D42-9324-7A77A5C273A0} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {6CA8EF9A-AA05-403A-AD73-2247B967BF94} - System32\Tasks\{6A2C056C-BE5D-4732-A9F0-F872F4EF6785} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7559B2D3-36D2-4406-8722-B839D85A5AE5} - System32\Tasks\{1C7A89C0-E10D-4D0E-8F45-FF021F113A51} => pcalua.exe -a D:\start_ca.exe -d D:\
Task: {802E23C6-B296-4818-A9BD-45B4332A07CD} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {8037DC79-25B8-4983-A753-0EEEC1598773} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88F51287-7CDD-4411-9319-3C50046D1C6C} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {98104618-F0D0-4731-A6D3-57D39853342C} - System32\Tasks\Update Mozilla Firefox => C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe [2015-08-30] ()
Task: {9DF0FC7E-428E-4481-9F1D-202E6BF8B4F4} - System32\Tasks\pn4le0nv => C:\Program Files\Common Files\zmn5cqnr\dd5fbc1fjiaiz.exe [2015-08-18] ()
Task: {A0ADB587-D610-4C3C-9871-E3016DA0EDE9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A2C183FD-4F07-4320-91E3-E1F8DA74E933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A6142E1E-5488-47D4-BF37-FF4AB41A3974} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-08-29] (Enigma Software Group USA, LLC.)
Task: {B9091D2B-F5CF-4A52-B957-D729520C20BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {B9398A4A-E963-42EA-B061-C74F2BFB8654} - System32\Tasks\{98B64D1D-0D56-468C-B8C2-D287ED658A34} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B9648FCB-067A-4714-9F14-F4E58F308D9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C0EE1880-0F64-49B1-91CE-BB92D18970BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C3827B87-74BB-49D5-9886-5759C8ED7BF8} - \RegClean Pro -> No File <==== ATTENTION
Task: {C68ECD44-2082-4A97-904A-E971AAEAE619} - System32\Tasks\{53C3728E-69FB-402B-87C7-F01A8960CB68} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C852877A-C27B-4F95-B288-846E2936F609} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat [2015-08-25] ()
Task: {D34C2561-B185-4931-8893-D739F43C523B} - \EbonmediaUpdater -> No File <==== ATTENTION
Task: {DE0E7839-CDC6-4577-8C62-9F87E3339B56} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {E49DFC95-33C7-43D5-A5C8-462CEEC517D1} - System32\Tasks\PaintTool SAI => C:\Users\Stevan\AppData\Local\Temp\is-EC15A.tmp\prsetup.exe <==== ATTENTION
Task: {F0AF2BA8-0AAD-4E0B-8DB7-A57C328C0010} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {FC4D78D4-0C1E-4C10-8311-EDFD5B4AB9B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {FF07D1F5-C985-4336-996E-6EEA0B914D29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core.job => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA.job => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ () C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-25 04:57 - 2015-08-25 04:57 - 00171856 _____ () C:\Program Files\groover250820151255\TocbYsebre.exe
2015-08-29 15:50 - 2015-08-25 13:00 - 00171176 _____ () C:\Program Files\groover250820151255\Ekoij.exe
2015-08-27 03:22 - 2015-08-27 03:22 - 00379904 _____ () C:\Program Files\Konklight\Konklight.exe
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ () c:\windows\msqy.exe
2015-08-27 03:20 - 2015-08-27 03:20 - 00033792 _____ () C:\ProgramData\Saophase\Saophase.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ () c:\windows\sqy.exe
2015-08-25 04:57 - 2015-08-25 04:57 - 02044240 _____ () C:\Program Files\groover250820151255\Kufnemgawj.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00293544 _____ () C:\Program Files\groover250820151255\Mooxl64.DLL
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2015-08-29 15:49 - 2015-08-25 13:00 - 00429224 _____ () C:\Program Files\groover250820151255\Ijateo.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00460456 _____ () C:\Program Files\groover250820151255\Ijateo64.exe
2013-08-14 19:03 - 2005-07-26 11:56 - 00081920 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe
2015-08-30 14:54 - 2015-08-30 14:54 - 00855040 _____ () C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00281256 _____ () C:\Program Files\groover250820151255\Exuinke.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 01444520 _____ () C:\Program Files\groover250820151255\csrcc.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-28 17:58 - 2015-08-28 17:58 - 00157696 _____ () C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
2012-08-28 00:33 - 2012-08-28 00:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-28 00:33 - 2012-08-28 00:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-29 15:49 - 2015-08-25 13:00 - 00287400 _____ () C:\Program Files\groover250820151255\Mooxl.DLL
2013-08-14 19:03 - 2005-07-11 16:37 - 00024576 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\hkey.dll
2013-08-14 19:03 - 2005-07-11 17:47 - 00040960 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\resl_en.dll
2013-08-14 19:03 - 2004-09-27 17:47 - 00152064 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\unrar.dll
2013-08-14 19:03 - 2005-07-11 17:48 - 00024576 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\UnicodeUI.dll
2015-08-30 15:22 - 2015-08-30 15:22 - 00194560 _____ () C:\ProgramData\Saophase\Tipstrong.dll
2015-08-21 14:16 - 2015-08-18 00:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 14:16 - 2015-08-18 00:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-21 14:16 - 2015-08-18 00:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kufnemgawj => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\Blue.jpg
DNS Servers: 208.91.112.53 - 208.91.112.52
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{102C747A-3660-4192-AD83-2CCE6E7E7AC5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D6E6AC71-1E12-4571-B94C-032C10CF69DB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{2103A16A-0CA7-486C-95BB-2CD27F898B7A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F440F913-1BB2-4D34-9D7A-F729A7D31BF4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{43FFBF1A-C79D-4DF4-8143-E584A8E4FFB9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [UDP Query User{63D56538-BEB8-404F-819E-B228626EF7C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B6815AAD-B599-45D0-B195-A5229BBF4F16}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADDD48FD-6FD4-4456-B738-6E0FDAA025BA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F0967642-A0BB-49D4-981B-0D374B7396FF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{0A6A19F1-12F5-4F64-B9EB-7F9A68909578}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{4C223433-8523-48E3-A61C-392714911506}] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{9654E21A-4BD0-4DAC-B5C1-C4A7BC7DE4C0}] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{BF9FE651-40B8-4EB7-81ED-B6A74DEAAC74}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{6C01F60D-137C-40A7-8EC9-506339816286}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{27489440-1C2A-40D2-B698-BE3B14CC2325}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{37D7702D-B6CF-40B6-9E16-1C26887D8895}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{56EA567F-BF03-4FB8-ABAA-D77E30BBAA7E}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{2FC3F243-31AA-4946-B97C-8F787FBFB1A5}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{797F4E7D-CB03-4076-A7F1-F91B1FED7009}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{190363F5-9BE6-4382-8743-376CB083A19A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{FCEBA05F-8BCC-4A13-BF06-87B89C830C6F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{FC8205BA-2590-4B64-BC4F-0DD47A141C31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BD04358-096C-4813-9962-2A54FD7FBBA4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A53A1DAC-B0C0-4FC6-A913-520832DE211B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9F83ED-50CF-42FC-8C08-5907D51D7573}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4012ED84-0EBA-4E52-9D02-C957479262A8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{67697294-1C42-41D0-B260-0E4A114D65FA}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{309C1AA6-D85D-496A-A73D-7F68CBE5EC39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{0CBBF9FD-3CA3-453D-96E0-D794897C94FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{7DFFDF80-B366-4A20-9549-4D25870298EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C8FE94BA-C1ED-4B62-9D11-3128D53242C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C1BDCFC1-3645-48C9-82C0-AC5128F14123}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{63D33559-3D7D-450B-94E7-786350317401}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E50A617F-2B83-443F-8A67-2893019BE8EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{168ECC8F-6395-481C-8F1B-0D58F76C3030}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FD1C6910-D9EB-49FB-99AF-B8139FFE4634}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{C3ACE5FA-B911-4016-B5E4-FB4C39AA6366}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F15853CC-1DBD-4AED-AE39-8F7F22719025}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{339F090E-9BBC-4C3D-A34B-0DB05BF53919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3482F4B4-CCFA-48A0-9B1C-CE8353164675}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{B4C704BD-3470-47BC-9014-4714C42ACCC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{CF5A5343-2FD1-4717-8010-EF7A2A2FFD40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5D61CBD7-D54E-4027-A4BD-675B527047AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B2563A70-9B9B-46C6-A3C4-94313D105FB7}] => (Allow) C:\Users\DanaZ\AppData\Local\Temp\7zS7B79\setup\hpznui40.exe
FirewallRules: [{C42BB232-8824-4FA2-B4A0-DEC3C027AA5B}] => (Allow) LPort=1900
FirewallRules: [{1F3CB673-D176-4B2D-B903-82330101BD96}] => (Allow) LPort=2869
FirewallRules: [{9800EFF7-D517-488C-B0C6-111E93E44B4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E16B3112-CA72-4CD0-BAF3-6A55676D5547}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{0F60934D-8C01-409A-AC49-14C80D9328EE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [TCP Query User{A43AED5C-2F2C-4D32-B261-270C3BFDD3FB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{DD4C9686-531D-4020-A517-814074017F6A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{C20977CE-3CDC-4DCB-A2C1-E59CD4D29630}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A129431D-4BAF-47E3-9370-6B8757EF788F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C666E8DD-A9F6-4BAA-95B8-97A2559B27C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{365B2375-98EE-4A04-B314-3A81BA37E69D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{99CC9D98-A3D5-4FDA-AB2D-C075A913323E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{454073A4-DA64-4DD5-8513-EC13A9489970}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EB67AD5-72EF-417E-87D6-F27EB44FC6AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{310CF68C-0971-43DE-B794-701E3BA18D14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{50AFCDB8-6B96-4F3A-967A-4FCD48F3EADF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6D7BEB34-6754-4E08-9158-57868B7E427B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{2A825662-80FB-4D27-A3D3-49C5580CBE4C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{36906AB0-7B21-4E86-8EF6-2AE57441649B}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{9A4F3174-BE2E-4EFD-876A-869CBDE3560F}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe
FirewallRules: [{EB8CC70E-034C-4595-BC65-8B7DB2E3D8C9}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{6BCACF81-E441-4122-B432-DDA7184B7E03}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{2A3E90B2-7FE8-4CC1-861C-1565F133C626}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣湩瑥捰攮數
FirewallRules: [{4F664E03-1090-4C43-9572-3AEB861E80E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣敲瑳湩灴⹣硥e
FirewallRules: [{532C276B-C85D-41F6-8C7F-CCC625B4221F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{B6C29E43-5C29-4AE1-B20F-2A86E3E26799}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2015 11:19:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d38
 
Start Time: 01d0e3a431ed52a9
 
Termination Time: 63
 
Application Path: C:\Users\Stevan\Desktop\FRST64.exe
 
Report Id: 7c6d2793-4f97-11e5-803f-00266c2d634d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/30/2015 09:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 38.0.5.5623, time stamp: 0x5563b224
Faulting module name: Rankflex.dll, version: 1.0.0.24846, time stamp: 0x55d5c8fb
Exception code: 0xc0000005
Fault offset: 0x000049d8
Faulting process id: 0x124c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5
 
Error: (08/30/2015 09:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc000000d
Fault offset: 0x000f5084
Faulting process id: 0x1594
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
 
Error: (08/30/2015 08:50:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1438
 
Start Time: 01d0e38f53fc58e7
 
Termination Time: 656
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: ad93f3e9-4f82-11e5-803e-00266c2d634d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/30/2015 08:47:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
 
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
 
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
 
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250
 
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250
 
 
System errors:
=============
Error: (08/30/2015 11:26:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/30/2015 09:28:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (08/30/2015 09:28:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Lexi Andox service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (08/30/2015 09:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 09:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/30/2015 09:25:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft .Net Framework v2.0.50729 ALP (X86) service failed to start due to the following error: 
%%2
 
Error: (08/30/2015 09:25:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x000000000000003c, 0x0000000000000002, 0x0000000000000001, 0xfffff800a232e192)C:\WINDOWS\MEMORY.DMP083015-40937-01
 
Error: (08/30/2015 09:24:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (08/30/2015 09:24:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:03:04 PM on ‎8/‎30/‎2015 was unexpected.
 
Error: (08/30/2015 01:16:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
 
Microsoft Office:
=========================
Error: (08/30/2015 11:19:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe29.8.2015.01d3801d0e3a431ed52a963C:\Users\Stevan\Desktop\FRST64.exe7c6d2793-4f97-11e5-803f-00266c2d634d
 
Error: (08/30/2015 09:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224Rankflex.dll1.0.0.2484655d5c8fbc0000005000049d8124c01d0e3932eff6c12C:\PROGRA~2\MOZILL~1\firefox.exeC:\ProgramData\Saophase\Rankflex.dll6ef64e7a-4f86-11e5-803e-00266c2d634d
 
Error: (08/30/2015 09:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17840555fe1bbntdll.dll6.3.9600.1793655a68dd1c000000d000f5084159401d0e391e6a29beeC:\PROGRA~2\INTERN~1\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll2a9940e6-4f85-11e5-803e-00266c2d634d
 
Error: (08/30/2015 08:50:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840143801d0e38f53fc58e7656C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEad93f3e9-4f82-11e5-803e-00266c2d634d
 
Error: (08/30/2015 08:47:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
 
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
 
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
 
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250
 
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250
 
 
CodeIntegrity:
===================================
  Date: 2015-08-30 17:22:53.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:51.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:46.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:44.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:42.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:40.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:37.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:36.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 15:26:32.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 15:26:31.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 61%
Total physical RAM: 3678.26 MB
Available physical RAM: 1423.79 MB
Total Virtual: 7390.26 MB
Available Virtual: 4420.55 MB
 
==================== Drives ================================
 
Drive c: (TI10649800F) (Fixed) (Total:287.51 GB) (Free:159.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
Please contact me!

 


  • 0

Advertisements

#2
Nevan
Posted 31 August 2015 - 03:39 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, SteveClark180. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

 
I'll check the log provided and be back with appropriate instructions once they are approved by my teacher.

Stay calm :)
  • 0

#3
Nevan
Posted 31 August 2015 - 07:08 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, SteveClark180.

That's a pretty nice collection you have here :lol:

Let's try to get rid of all that mess :)

Step #1
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Crossbrowse
  • groover250820151255 2.0.0.473
  • GUPlayer (remove only)
  • SavingsBull
  • Setup
If you can't remove some of them, ignore that program and move forward.

 
Step #2
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   19.52KB   303 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #4
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[C1].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • Please tell me if you have successfully uninstalled all the programs I've asked you to remove
  • Fixlog.txt log content
  • JRT.txt log content
  • AdwCleaner log content

  • 0

#4
SteveClark180
Posted 31 August 2015 - 02:37 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

All of the described programs have been successfully uninstalled.   :thumbsup:

 

Fixlog.txt content

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Stevan (2015-08-31 12:37:22) Run:1
Running from C:\Users\Stevan\Desktop
Loaded Profiles: Stevan (Available Profiles: DanaZ & Stevan & Branko & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\Program Files\groover250820151255
C:\Program Files\Konklight
C:\Windows\msqy.exe
C:\ProgramData\Saophase
C:\Windows\sqy.exe
C:\Users\Stevan\AppData\Local\Citytech.exe
C:\ProgramData\Ufhnaeskuek
HKLM\...\Run: [groover250820151255] => C:\Program Files\groover250820151255\Ijateo.exe [429224 2015-08-25] ()
HKLM\...\Run: [groover25082015125564] => C:\Program Files\groover250820151255\Ijateo64.exe [460456 2015-08-25] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_us_005010074] => [X]
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [Bubble Dock] => "C:\Users\Stevan\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
C:\Users\Stevan\AppData\Roaming\Nosibay
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
AppInit_DLLs: C:\ProgramData\Saophase\K-eco.dll => C:\ProgramData\Saophase\K-eco.dll [212992 2015-08-30] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Tipstrong.dll => C:\ProgramData\Saophase\Tipstrong.dll [194560 2015-08-30] ()
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk [2014-05-25]
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk [2014-05-25]
ShortcutTarget: StormAlerts.lnk -> C:\Users\DanaZ\AppData\Local\StormAlerts\StormAlertsApp.exe ()
Startup: C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-28]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1001\User: Restriction detected <======= ATTENTION
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
C:\WINDOWS\system32\Kufnemgawj64.dll
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
earchScopes: HKLM-x32 -> {EE51F551-5AD2-49F8-9E69-EB809495726A} URL = hxxp://www.globasearch.com/?serie=209&installkey=As4G5dDDQXkL6om6EwXe&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=b61f3012c03066e79077d587555400fc&text=
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
BHO: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva64.dll [2015-08-25] ()
BHO-x32: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva.dll [2015-08-25] ()
DefaultPrefix-x32: => http://yamdex.net/?s...00fc&text=<====ATTENTION
FF NewTab: C:\\ProgramData\\Saophases\\ff.NT
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF user.js: detected! => C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\user.js [2015-08-30]
FF HKLM\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
FF Extension: groover250820151255 - C:\Program Files\groover250820151255\Firefox [2015-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
CHR Extension: (No Name) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-28]
R3 032E4D9E-99D1-47E4-8608-82244BD88146; C:\Program Files\groover250820151255\Exuinke.exe [281256 2015-08-25] ()
R3 csrcc; C:\Program Files\groover250820151255\csrcc.exe [1444520 2015-08-25] ()
R2 DaljiaEkuivu; C:\Program Files\groover250820151255\TocbYsebre.exe [171856 2015-08-25] ()
R2 groover250820151255 Updater; C:\Program Files\groover250820151255\Ekoij.exe [171176 2015-08-25] ()
R2 iosnload; C:\Users\Stevan\AppData\Local\Citytech.exe [52736 2015-08-30] () [File not signed]
R2 Konklight; C:\Program Files\Konklight\Konklight.exe [379904 2015-08-27] () [File not signed]
R3 Kufnemgawj; C:\Program Files\groover250820151255\Kufnemgawj.exe [2044240 2015-08-25] ()
R2 msqy; c:\windows\msqy.exe [408576 2015-08-28] () [File not signed]
R2 Saophase; C:\ProgramData\Saophase\Saophase.exe [33792 2015-08-27] () [File not signed]
R2 sqy; c:\windows\sqy.exe [417792 2015-08-28] () [File not signed]
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
2015-08-30 15:22 - 2015-08-30 15:22 - 00000000 ____D C:\ProgramData\Saophases
2015-08-30 15:21 - 2015-08-30 21:28 - 00000000 ____D C:\ProgramData\Saophase
2015-08-30 15:19 - 2015-08-30 15:19 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 15:04 - 2015-08-30 15:04 - 00003156 _____ C:\WINDOWS\System32\Tasks\pn4le0nv
2015-08-30 15:03 - 2015-08-30 15:03 - 00000000 ____D C:\Program Files\Common Files\zmn5cqnr
2015-08-30 13:53 - 2015-08-30 14:53 - 00000000 ____D C:\Program Files\Konklight
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-29 23:02 - 2015-08-29 23:11 - 00000000 ____D C:\ProgramData\Ebonmedia
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-08-29] ()
2015-08-29 15:54 - 2015-08-29 15:54 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-29 15:52 - 2015-08-30 21:25 - 00004744 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\SysWOW64\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\system32\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-29 15:52 - 2015-08-25 04:57 - 00283472 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.dll
2015-08-29 15:51 - 2015-08-29 15:51 - 00003644 _____ C:\WINDOWS\System32\Tasks\Radqyvm
2015-08-29 15:51 - 2015-08-29 15:51 - 00000000 ____D C:\WINDOWS\system32\abis
2015-08-29 15:49 - 2015-08-29 15:54 - 00000000 ____D C:\Program Files\groover250820151255
2015-08-29 15:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-28 22:35 - 2015-08-30 22:35 - 00001078 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-28 22:35 - 2015-08-28 22:35 - 00004082 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Ryan Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\DanaZ\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Branko\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-28 22:31 - 2015-08-29 00:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 22:30 - 2015-08-29 00:55 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V28.08
2015-08-28 22:29 - 2015-08-30 13:28 - 00000000 ___HD C:\ProgramData\sqy
2015-08-28 22:26 - 2015-08-28 22:26 - 00631808 _____ C:\WINDOWS\sqy.dat
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ C:\WINDOWS\msqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ C:\WINDOWS\sqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-28 21:20 - 2015-08-28 21:20 - 00003234 _____ C:\WINDOWS\System32\Tasks\PROPCCleanerSoftware_Start
2015-08-28 21:19 - 2015-08-28 21:19 - 00000000 ____D C:\Users\Stevan\AppData\Local\Rainmaker_Software_Group_
2015-08-28 21:15 - 2015-08-28 21:15 - 00000000 ____D C:\Users\Stevan\AppData\Local\IsolatedStorage
2015-08-28 21:14 - 2015-08-28 22:19 - 00000000 ____D C:\Users\Stevan\Documents\PROPCCleanerSoftware
2015-08-28 21:12 - 2015-08-28 21:12 - 00000000 ____D C:\Users\Stevan\AppData\Local\Setup242812
2015-08-28 18:22 - 2015-08-28 18:22 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\Users\Stevan\Documents\DailyPCClean
2015-08-28 18:05 - 2015-08-29 01:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-28 17:58 - 2015-08-30 20:47 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-28 17:58 - 2015-08-28 17:58 - 00000000 ____D C:\ProgramData\Ufhnaeskuek
2015-08-28 17:56 - 2015-07-25 14:13 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Guest\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\DanaZ\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Branko\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Desktop Pool
2015-08-28 17:54 - 2015-08-29 22:24 - 00000000 ____D C:\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D
2015-08-28 17:52 - 2015-08-28 22:18 - 00000000 ____D C:\Users\Stevan\Documents\ProPCCleaner
2015-08-28 17:52 - 2015-08-28 17:52 - 00003200 _____ C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-08-28 17:52 - 2015-08-28 17:52 - 00000000 ____D C:\Users\Stevan\AppData\Local\Pro_PC_Cleaner
2015-08-30 15:19 - 2015-08-30 15:19 - 4241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0000187 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe.config
Task: {06A7A42B-BF09-446F-A415-A22844688A81} - System32\Tasks\{7D801F0F-ECB4-4A66-A79D-7951B37DFE50} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {10890A8C-DDA7-4780-972D-0E464D30735E} - System32\Tasks\{A933A2FA-82F8-435E-A170-EFA1A7D021F1} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {1453710B-D6F4-4B64-957E-D9CD74F707BE} - System32\Tasks\{B7A60EE3-C2D9-477D-99C0-AB8CF1F8712E} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {190FF3A5-9FF4-4C18-A0E1-D446176E157F} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-08-28] () <==== ATTENTION
Task: {1E1BA39F-6C27-4432-B1CF-FDC661337B86} - \Ufhnaeskuek -> No File <==== ATTENTION
Task: {29863619-2D27-4729-B1F8-0B97055061A7} - System32\Tasks\{177B11F1-600B-4488-82A3-E6E65AF27102} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2DF546B0-7F16-4D15-A6DA-45CC868166BE} - System32\Tasks\_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2EE866EC-8758-44B9-9494-1C06C41B0324} - System32\Tasks\_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {44E530AF-1A6A-4F8B-9F0D-F7FD5FE22D2B} - System32\Tasks\{F9C615D6-0839-45B2-A9E4-9BE2C0762775} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {4E23FAC7-4304-43C0-8A4E-6349C755ADE9} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {5DE9BCCF-817C-4D42-9324-7A77A5C273A0} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {6CA8EF9A-AA05-403A-AD73-2247B967BF94} - System32\Tasks\{6A2C056C-BE5D-4732-A9F0-F872F4EF6785} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7559B2D3-36D2-4406-8722-B839D85A5AE5} - System32\Tasks\{1C7A89C0-E10D-4D0E-8F45-FF021F113A51} => pcalua.exe -a D:\start_ca.exe -d D:\
Task: {802E23C6-B296-4818-A9BD-45B4332A07CD} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {88F51287-7CDD-4411-9319-3C50046D1C6C} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {98104618-F0D0-4731-A6D3-57D39853342C} - System32\Tasks\Update Mozilla Firefox => C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe [2015-08-30] ()
Task: {9DF0FC7E-428E-4481-9F1D-202E6BF8B4F4} - System32\Tasks\pn4le0nv => C:\Program Files\Common Files\zmn5cqnr\dd5fbc1fjiaiz.exe [2015-08-18] ()
C:\Program Files\Common Files\zmn5cqnr
Task: {B9398A4A-E963-42EA-B061-C74F2BFB8654} - System32\Tasks\{98B64D1D-0D56-468C-B8C2-D287ED658A34} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C3827B87-74BB-49D5-9886-5759C8ED7BF8} - \RegClean Pro -> No File <==== ATTENTION
Task: {C68ECD44-2082-4A97-904A-E971AAEAE619} - System32\Tasks\{53C3728E-69FB-402B-87C7-F01A8960CB68} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C852877A-C27B-4F95-B288-846E2936F609} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat [2015-08-25] ()
Task: {D34C2561-B185-4931-8893-D739F43C523B} - \EbonmediaUpdater -> No File <==== ATTENTION
Task: {E49DFC95-33C7-43D5-A5C8-462CEEC517D1} - System32\Tasks\PaintTool SAI => C:\Users\Stevan\AppData\Local\Temp\is-EC15A.tmp\prsetup.exe <==== ATTENTION
Task: {F0AF2BA8-0AAD-4E0B-8DB7-A57C328C0010} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ () C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-25 04:57 - 2015-08-25 04:57 - 00171856 _____ () C:\Program Files\groover250820151255\TocbYsebre.exe
2015-08-29 15:50 - 2015-08-25 13:00 - 00171176 _____ () C:\Program Files\groover250820151255\Ekoij.exe
2015-08-27 03:22 - 2015-08-27 03:22 - 00379904 _____ () C:\Program Files\Konklight\Konklight.exe
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ () c:\windows\msqy.exe
2015-08-27 03:20 - 2015-08-27 03:20 - 00033792 _____ () C:\ProgramData\Saophase\Saophase.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ () c:\windows\sqy.exe
2015-08-25 04:57 - 2015-08-25 04:57 - 02044240 _____ () C:\Program Files\groover250820151255\Kufnemgawj.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00293544 _____ () C:\Program Files\groover250820151255\Mooxl64.DLL
2015-08-29 15:49 - 2015-08-25 13:00 - 00429224 _____ () C:\Program Files\groover250820151255\Ijateo.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00460456 _____ () C:\Program Files\groover250820151255\Ijateo64.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00281256 _____ () C:\Program Files\groover250820151255\Exuinke.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 01444520 _____ () C:\Program Files\groover250820151255\csrcc.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-28 17:58 - 2015-08-28 17:58 - 00157696 _____ () C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00287400 _____ () C:\Program Files\groover250820151255\Mooxl.DLL
2015-08-30 15:22 - 2015-08-30 15:22 - 00194560 _____ () C:\ProgramData\Saophase\Tipstrong.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kufnemgawj => ""="service"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
2015-08-28 18:22 - 2013-10-31 16:28 - 00002071 ____R C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-08-28 18:21 - 2014-04-09 20:11 - 00001986 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-08-28 18:18 - 2014-04-09 20:11 - 00001974 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
FirewallRules: [{2A3E90B2-7FE8-4CC1-861C-1565F133C626}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣湩瑥捰攮數
FirewallRules: [{4F664E03-1090-4C43-9572-3AEB861E80E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣敲瑳湩灴⹣硥e
FirewallRules: [{532C276B-C85D-41F6-8C7F-CCC625B4221F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll 
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset 
*****************
 
Processes closed successfully.
Restore point was successfully created.
"C:\Program Files\groover250820151255" => File/Folder not found.
C:\Program Files\Konklight => moved successfully
C:\Windows\msqy.exe => moved successfully
C:\ProgramData\Saophase => moved successfully
C:\Windows\sqy.exe => moved successfully
C:\Users\Stevan\AppData\Local\Citytech.exe => moved successfully
C:\ProgramData\Ufhnaeskuek => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\groover250820151255 => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\groover25082015125564 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010074 => value removed successfully
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Bubble Dock => value removed successfully
"C:\Users\Stevan\AppData\Roaming\Nosibay" => File/Folder not found.
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46 => value not found.
"C:\ProgramData\Saophase\K-eco.dll" => Value data removed successfully.
"C:\ProgramData\Saophase\Tipstrong.dll" => Value data removed successfully.
C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk => moved successfully
C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk => moved successfully
C:\Users\DanaZ\AppData\Local\StormAlerts\StormAlertsApp.exe => moved successfully
C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk not found.
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => not found.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1004\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1001\User => moved successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015" => key removed successfully
C:\WINDOWS\system32\Kufnemgawj64.dll => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
earchScopes: HKLM-x32 -> {EE51F551-5AD2-49F8-9E69-EB809495726A} URL = hxxp://www.globasearch.com/?serie=209&installkey=As4G5dDDQXkL6om6EwXe&b=3&q={searchTerms} => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} => key not found. 
"HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02524C5-EF2E-45ED-801E-33E9AB705B45} => key not found. 
HKCR\CLSID\{B02524C5-EF2E-45ED-801E-33E9AB705B45} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B02524C5-EF2E-45ED-801E-33E9AB705B45} => key not found. 
HKCR\Wow6432Node\CLSID\{B02524C5-EF2E-45ED-801E-33E9AB705B45} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\\Default => value restored successfully
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\user.js => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{B02524C5-EF2E-45ED-801E-33E9AB705B45} => value removed successfully
C:\Program Files\groover250820151255\Firefox => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{B02524C5-EF2E-45ED-801E-33E9AB705B45} => value removed successfully
C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp => moved successfully
032E4D9E-99D1-47E4-8608-82244BD88146 => service not found.
csrcc => service not found.
DaljiaEkuivu => service not found.
groover250820151255 Updater => service not found.
iosnload => Unable to stop service.
iosnload => service removed successfully
Konklight => Unable to stop service.
Konklight => service removed successfully
Kufnemgawj => service not found.
msqy => service removed successfully
Saophase => service removed successfully
sqy => service removed successfully
ppfd_vw_1_10_0_21 => service removed successfully
wsafd_1_10_0_19 => service removed successfully
C:\ProgramData\Saophases => moved successfully
"C:\ProgramData\Saophase" => File/Folder not found.
C:\Program Files\Common Files\vzhlectj.exe => moved successfully
C:\WINDOWS\System32\Tasks\pn4le0nv => moved successfully
C:\Program Files\Common Files\zmn5cqnr => moved successfully
"C:\Program Files\Konklight" => File/Folder not found.
"C:\Users\Stevan\AppData\Local\Citytech.exe" => File/Folder not found.
C:\ProgramData\Ebonmedia => moved successfully
cherimoya => service removed successfully
bsdriver => service not found.
"C:\WINDOWS\system32\Drivers\bsdriver.sys" => File/Folder not found.
C:\WINDOWS\SysWOW64\Kufnemgawj.ini => moved successfully
C:\WINDOWS\SysWOW64\KufnemgawjOff.ini => moved successfully
C:\WINDOWS\system32\KufnemgawjOff.ini => moved successfully
"C:\WINDOWS\system32\Kufnemgawj64.dll" => File/Folder not found.
C:\WINDOWS\SysWOW64\Kufnemgawj.dll => moved successfully
"C:\WINDOWS\System32\Tasks\Radqyvm" => File/Folder not found.
C:\WINDOWS\system32\abis => moved successfully
"C:\Program Files\groover250820151255" => File/Folder not found.
"C:\WINDOWS\system32\Drivers\cherimoya.sys" => File/Folder not found.
"C:\WINDOWS\Tasks\Crossbrowse.job" => File/Folder not found.
"C:\WINDOWS\System32\Tasks\Crossbrowse" => File/Folder not found.
C:\Users\Stevan\AppData\Local\Crossbrowse => moved successfully
C:\Users\Ryan Stevan\AppData\Local\Crossbrowse => moved successfully
C:\Users\Guest\AppData\Local\Crossbrowse => moved successfully
C:\Users\DanaZ\AppData\Local\Crossbrowse => moved successfully
C:\Users\Branko\AppData\Local\Crossbrowse => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse" => File/Folder not found.
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\Program Files (x86)\CinePlus-1.44V28.08 => moved successfully
C:\ProgramData\sqy => moved successfully
C:\WINDOWS\sqy.dat => moved successfully
"C:\WINDOWS\msqy.exe" => File/Folder not found.
"C:\WINDOWS\sqy.exe" => File/Folder not found.
"C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer" => File/Folder not found.
C:\Program Files (x86)\GUPlayer => moved successfully
C:\WINDOWS\System32\Tasks\PROPCCleanerSoftware_Start => moved successfully
C:\Users\Stevan\AppData\Local\Rainmaker_Software_Group_ => moved successfully
C:\Users\Stevan\AppData\Local\IsolatedStorage => moved successfully
C:\Users\Stevan\Documents\PROPCCleanerSoftware => moved successfully
C:\Users\Stevan\AppData\Local\Setup242812 => moved successfully
"C:\Program Files (x86)\Crossbrowse" => File/Folder not found.
C:\Users\Stevan\Documents\DailyPCClean => moved successfully
C:\Program Files (x86)\DailyPcClean Support => moved successfully
C:\ProgramData\MSNetCore => moved successfully
"C:\ProgramData\Ufhnaeskuek" => File/Folder not found.
C:\WINDOWS\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\Guest\Desktop\Real Desktop Pool.lnk => moved successfully
C:\Users\DanaZ\Desktop\Real Desktop Pool.lnk => moved successfully
C:\Users\Branko\Desktop\Real Desktop Pool.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Desktop Pool => moved successfully
C:\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D => moved successfully
C:\Users\Stevan\Documents\ProPCCleaner => moved successfully
C:\WINDOWS\System32\Tasks\ProPCCleaner_Start => moved successfully
C:\Users\Stevan\AppData\Local\Pro_PC_Cleaner => moved successfully
"C:\Program Files\Common Files\vzhlectj.exe" => File/Folder not found.
"C:\Users\Stevan\AppData\Local\Citytech.exe" => File/Folder not found.
C:\Users\Stevan\AppData\Local\Citytech.exe.config => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06A7A42B-BF09-446F-A415-A22844688A81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06A7A42B-BF09-446F-A415-A22844688A81}" => key removed successfully
C:\WINDOWS\System32\Tasks\{7D801F0F-ECB4-4A66-A79D-7951B37DFE50} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D801F0F-ECB4-4A66-A79D-7951B37DFE50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10890A8C-DDA7-4780-972D-0E464D30735E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10890A8C-DDA7-4780-972D-0E464D30735E}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A933A2FA-82F8-435E-A170-EFA1A7D021F1} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A933A2FA-82F8-435E-A170-EFA1A7D021F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1453710B-D6F4-4B64-957E-D9CD74F707BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1453710B-D6F4-4B64-957E-D9CD74F707BE}" => key removed successfully
C:\WINDOWS\System32\Tasks\{B7A60EE3-C2D9-477D-99C0-AB8CF1F8712E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B7A60EE3-C2D9-477D-99C0-AB8CF1F8712E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190FF3A5-9FF4-4C18-A0E1-D446176E157F} => key not found. 
C:\WINDOWS\System32\Tasks\Crossbrowse => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E1BA39F-6C27-4432-B1CF-FDC661337B86} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ufhnaeskuek => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29863619-2D27-4729-B1F8-0B97055061A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29863619-2D27-4729-B1F8-0B97055061A7}" => key removed successfully
C:\WINDOWS\System32\Tasks\{177B11F1-600B-4488-82A3-E6E65AF27102} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{177B11F1-600B-4488-82A3-E6E65AF27102}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DF546B0-7F16-4D15-A6DA-45CC868166BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DF546B0-7F16-4D15-A6DA-45CC868166BE}" => key removed successfully
C:\WINDOWS\System32\Tasks\_UPDATES => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\_UPDATES" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EE866EC-8758-44B9-9494-1C06C41B0324}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EE866EC-8758-44B9-9494-1C06C41B0324}" => key removed successfully
C:\WINDOWS\System32\Tasks\_DEFAULT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\_DEFAULT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44E530AF-1A6A-4F8B-9F0D-F7FD5FE22D2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44E530AF-1A6A-4F8B-9F0D-F7FD5FE22D2B}" => key removed successfully
C:\WINDOWS\System32\Tasks\{F9C615D6-0839-45B2-A9E4-9BE2C0762775} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9C615D6-0839-45B2-A9E4-9BE2C0762775}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E23FAC7-4304-43C0-8A4E-6349C755ADE9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E23FAC7-4304-43C0-8A4E-6349C755ADE9}" => key removed successfully
C:\WINDOWS\System32\Tasks\ProPCCleaner_Start => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DE9BCCF-817C-4D42-9324-7A77A5C273A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DE9BCCF-817C-4D42-9324-7A77A5C273A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CA8EF9A-AA05-403A-AD73-2247B967BF94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CA8EF9A-AA05-403A-AD73-2247B967BF94}" => key removed successfully
C:\WINDOWS\System32\Tasks\{6A2C056C-BE5D-4732-A9F0-F872F4EF6785} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A2C056C-BE5D-4732-A9F0-F872F4EF6785}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7559B2D3-36D2-4406-8722-B839D85A5AE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7559B2D3-36D2-4406-8722-B839D85A5AE5}" => key removed successfully
C:\WINDOWS\System32\Tasks\{1C7A89C0-E10D-4D0E-8F45-FF021F113A51} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C7A89C0-E10D-4D0E-8F45-FF021F113A51}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{802E23C6-B296-4818-A9BD-45B4332A07CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{802E23C6-B296-4818-A9BD-45B4332A07CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{88F51287-7CDD-4411-9319-3C50046D1C6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88F51287-7CDD-4411-9319-3C50046D1C6C}" => key removed successfully
C:\WINDOWS\System32\Tasks\PROPCCleanerSoftware_Start => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoftware_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98104618-F0D0-4731-A6D3-57D39853342C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98104618-F0D0-4731-A6D3-57D39853342C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Update Mozilla Firefox => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Mozilla Firefox" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9DF0FC7E-428E-4481-9F1D-202E6BF8B4F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DF0FC7E-428E-4481-9F1D-202E6BF8B4F4}" => key removed successfully
C:\WINDOWS\System32\Tasks\pn4le0nv => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pn4le0nv" => key removed successfully
"C:\Program Files\Common Files\zmn5cqnr" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9398A4A-E963-42EA-B061-C74F2BFB8654}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9398A4A-E963-42EA-B061-C74F2BFB8654}" => key removed successfully
C:\WINDOWS\System32\Tasks\{98B64D1D-0D56-468C-B8C2-D287ED658A34} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{98B64D1D-0D56-468C-B8C2-D287ED658A34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C3827B87-74BB-49D5-9886-5759C8ED7BF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3827B87-74BB-49D5-9886-5759C8ED7BF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C68ECD44-2082-4A97-904A-E971AAEAE619}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C68ECD44-2082-4A97-904A-E971AAEAE619}" => key removed successfully
C:\WINDOWS\System32\Tasks\{53C3728E-69FB-402B-87C7-F01A8960CB68} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53C3728E-69FB-402B-87C7-F01A8960CB68}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C852877A-C27B-4F95-B288-846E2936F609} => key not found. 
C:\WINDOWS\System32\Tasks\Radqyvm => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Radqyvm => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D34C2561-B185-4931-8893-D739F43C523B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D34C2561-B185-4931-8893-D739F43C523B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EbonmediaUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E49DFC95-33C7-43D5-A5C8-462CEEC517D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E49DFC95-33C7-43D5-A5C8-462CEEC517D1}" => key removed successfully
C:\WINDOWS\System32\Tasks\PaintTool SAI => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PaintTool SAI" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0AF2BA8-0AAD-4E0B-8DB7-A57C328C0010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0AF2BA8-0AAD-4E0B-8DB7-A57C328C0010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System~Protector_startup" => key removed successfully
C:\WINDOWS\Tasks\Crossbrowse.job => not found.
C:\WINDOWS\Tasks\_DEFAULT.job => moved successfully
C:\WINDOWS\Tasks\_UPDATES.job => moved successfully
"C:\WINDOWS\system32\Kufnemgawj64.dll" => File/Folder not found.
"C:\Program Files\groover250820151255\TocbYsebre.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\Ekoij.exe" => File/Folder not found.
"C:\Program Files\Konklight\Konklight.exe" => File/Folder not found.
"c:\windows\msqy.exe" => File/Folder not found.
"C:\ProgramData\Saophase\Saophase.exe" => File/Folder not found.
"c:\windows\sqy.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\Kufnemgawj.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\Mooxl64.DLL" => File/Folder not found.
"C:\Program Files\groover250820151255\Ijateo.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\Ijateo64.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\Exuinke.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\csrcc.exe" => File/Folder not found.
"C:\Users\Stevan\AppData\Local\Citytech.exe" => File/Folder not found.
"C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe" => File/Folder not found.
"C:\Program Files\groover250820151255\Mooxl.DLL" => File/Folder not found.
"C:\ProgramData\Saophase\Tipstrong.dll" => File/Folder not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Kufnemgawj => key not found. 
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\StartupFolder: => "crossbrowse.lnk" => Error: No automatic fix found for this entry.
C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk => moved successfully
C:\Users\Public\Desktop\Моzillа Firеfох.lnk => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A3E90B2-7FE8-4CC1-861C-1565F133C626} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F664E03-1090-4C43-9572-3AEB861E80E2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{532C276B-C85D-41F6-8C7F-CCC625B4221F} => value not found.
 
=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
 
 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d   
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t . 
 
 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 
 
 
 
 
 T h e r e   i s   a   s y s t e m   r e p a i r   p e n d i n g   w h i c h   r e q u i r e s   r e b o o t   t o   c o m p l e t e .     R e s t a r t   
 
 
 W i n d o w s   a n d   r u n   s f c   a g a i n . 
 
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {2AD06BBB-9443-4AD4-8137-EBBC58E61AF0}.
{5A232B1C-D87D-45C8-BFC8-FA862DCADCF6} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::2820:8c83:170e:a411%3
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : Home
   Link-local IPv6 Address . . . . . : fe80::2820:8c83:170e:a411%3
   IPv4 Address. . . . . . . . . . . : 192.168.1.50
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Interface, OK!
Resetting , failed.
Access is denied.
 
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => 642.8 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 12:42:55 ====
 
JRT.txt content
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 8.1 x64
Ran by Stevan on Mon 08/31/2015 at 15:02:32.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EE51F551-5AD2-49F8-9E69-EB809495726A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Stevan\Appdata\LocalLow\company
Successfully deleted: [Folder] C:\Users\Stevan\Appdata\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
 
 
 
~~~ Chrome
 
 
[C:\Users\Stevan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Stevan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Stevan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Stevan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/31/2015 at 15:11:23.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner content
 
# AdwCleaner v5.004 - Logfile created 31/08/2015 at 15:21:52
# Updated 26/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Stevan - HOMEDN-PC
# Running from : C:\Users\Stevan\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\MovieDeaConfig
[-] Folder Deleted : C:\Users\Branko\Favorites\StumbleUpon
[-] Folder Deleted : C:\Users\DanaZ\Favorites\StumbleUpon
[-] Folder Deleted : C:\Users\Guest\Favorites\StumbleUpon
[-] Folder Deleted : C:\Users\Stevan\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\Stevan\Favorites\StumbleUpon
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
[-] File Deleted : C:\Users\Branko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Branko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\cm1wsiiy.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\cm1wsiiy.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\cm1wsiiy.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\Branko\Desktop\PepperZip.lnk
[-] File Deleted : C:\Users\DanaZ\AppData\Roaming\Mozilla\Firefox\Profiles\17pvbe17.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\DanaZ\AppData\Roaming\Mozilla\Firefox\Profiles\17pvbe17.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\DanaZ\AppData\Roaming\Mozilla\Firefox\Profiles\17pvbe17.default\searchplugins\findit.xml
[-] File Deleted : C:\Users\DanaZ\Desktop\Live PC Help.lnk
[-] File Deleted : C:\Users\DanaZ\Desktop\PepperZip.lnk
[-] File Deleted : C:\Users\Guest\Desktop\PepperZip.lnk
[-] File Deleted : C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\searchplugins\findit.xml
[-] File Deleted : C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\searchplugins\findit.xml
[-] File Deleted : C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\searchplugins\findit.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\PepperZip
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\GAMESDESKTOP
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\ORBTR
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\MovieDea
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\Nosibay
[!] Key Not Deleted : [x64] HKCU\Software\Store
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\GAMESDESKTOP
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
[-] Key Deleted : [x64] HKLM\SOFTWARE\Savings Bull
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Ebonmedia
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\DynConIE
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
 
***** [ Web browsers ] *****
 
[-] [C:\Users\DanaZ\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search
[-] [C:\Users\Branko\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Branko\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8002 bytes] ##########
 
 
Anything I should do next?

  • 0

#5
Nevan
Posted 31 August 2015 - 02:45 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Anything I should do next?

Yep. Please stay with me until I say that we're done :)

I'd like too see what we're sitting on now and for that I'll need a new FRST log. Could you make a new one using the instructions below?

Also, please tell me if you can still see any problems with your system. Take your time, check if everything works properly. It's late in my time zone and I'll be back in around 12 hours.

4rr98tz.pngFRST Scan
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Please tell me if you can still see any problems with your system.

  • 0

#6
SteveClark180
Posted 31 August 2015 - 03:56 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Stevan (administrator) on HOMEDN-PC (31-08-2015 16:49:39)
Running from C:\Users\Stevan\Desktop
Loaded Profiles: Stevan (Available Profiles: DanaZ & Stevan & Branko & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe
(Softissimo) C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\Lexibase.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-11-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexibase Express.lnk [2013-08-14]
ShortcutTarget: Lexibase Express.lnk -> C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe ()
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-11-09]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
Startup: C:\Users\Ryan Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-17]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 216.114.192.10 216.114.208.186
Tcpip\..\Interfaces\{B9527D6F-AC6D-467E-8F06-DCF14892A299}: [DhcpNameServer] 208.91.112.53 208.91.112.52
Tcpip\..\Interfaces\{C4EC7C64-D342-4238-BA25-99C60714BC1F}: [DhcpNameServer] 216.114.192.10 216.114.208.186
 
Internet Explorer:
==================
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828
FF DefaultSearchEngine.US: findit
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-05] (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ryan Stevan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3094508777-2562355391-1898814638-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stevan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "https://www.google.com/"
CHR DefaultSuggestURL: Profile 1 -> https://search.yahoo...d={searchTerms}
CHR Profile: C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Google Search) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (AdBlock) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-29] (Enigma Software Group USA, LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-08-29] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-29] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 16:45 - 2015-08-31 16:45 - 00000000 ____D C:\Users\Stevan\Desktop\PC Cleaners
2015-08-31 15:21 - 2015-08-31 15:21 - 00008185 _____ C:\Users\Stevan\Desktop\AdwCleaner[C1].txt
2015-08-31 15:11 - 2015-08-31 15:11 - 00001946 _____ C:\Users\Stevan\Desktop\JRT.txt
2015-08-31 12:33 - 2015-08-31 12:33 - 00019985 _____ C:\Users\Stevan\Downloads\fixlist.txt
2015-08-31 12:18 - 2015-08-31 12:18 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-08-31 12:10 - 2015-08-31 12:10 - 00002131 _____ C:\Users\Myra\Desktop\Google Chrome.lnk
2015-08-31 12:10 - 2015-08-31 12:10 - 00002131 _____ C:\Users\Branko\Desktop\Google Chrome.lnk
2015-08-30 23:26 - 2015-08-30 23:29 - 00049725 _____ C:\Users\Stevan\Desktop\Addition.txt
2015-08-30 23:22 - 2015-08-31 16:50 - 00015595 _____ C:\Users\Stevan\Desktop\FRST.txt
2015-08-30 21:24 - 2015-08-30 21:25 - 00279872 _____ C:\WINDOWS\Minidump\083015-40937-01.dmp
2015-08-30 21:24 - 2015-08-30 21:24 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-30 01:15 - 2015-08-30 01:46 - 00000000 ____D C:\zoek
2015-08-29 23:08 - 2015-08-30 01:23 - 00000000 ____D C:\zoek_backup
2015-08-29 22:06 - 2015-08-31 16:49 - 00000000 ____D C:\FRST
2015-08-29 22:06 - 2015-08-29 22:07 - 02186752 _____ (Farbar) C:\Users\Stevan\Downloads\FRST64.exe
2015-08-29 21:53 - 2015-08-31 15:25 - 00000000 ____D C:\AdwCleaner
2015-08-29 02:29 - 2015-08-29 02:29 - 00000000 _____ C:\autoexec.bat
2015-08-29 02:28 - 2015-08-29 02:28 - 00003332 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-08-29 02:28 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-29 02:27 - 2015-08-29 02:27 - 00000000 ____D C:\sh4ldr
2015-08-29 02:23 - 2015-08-29 02:23 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-08-29 02:14 - 2015-08-29 02:14 - 00000000 ____D C:\Users\Stevan\Documents\Old Firefox Data
2015-08-29 01:41 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Enigma Software Group
2015-08-29 01:41 - 2015-08-29 02:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-29 01:41 - 2015-08-29 01:41 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2015-08-29 01:15 - 2015-08-31 12:10 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-28 22:13 - 2015-08-28 22:13 - 00000000 ____D C:\Users\DanaZ\AppData\Local\GWX
2015-08-28 22:12 - 2015-08-28 22:12 - 00000000 ____D C:\Users\DanaZ\AppData\Local\CEF
2015-08-28 18:31 - 2015-08-30 15:23 - 00001445 _____ C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-28 18:30 - 2015-08-29 00:59 - 00002067 _____ C:\WINDOWS\SysWOW64\debug.log
2015-08-28 18:28 - 2015-08-28 18:28 - 00000000 _____ C:\WINDOWS\SysWOW64\track
2015-08-28 18:26 - 2015-08-28 18:26 - 00000000 ____D C:\Users\Stevan\AppData\Local\CEF
2015-08-22 18:53 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 18:53 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 10:10 - 2015-08-08 08:55 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-19 10:10 - 2015-08-08 08:55 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-18 14:55 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 14:55 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 22:56 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 22:56 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 22:56 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-14 22:55 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 22:55 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 22:55 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 22:55 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 22:55 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 22:55 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 22:55 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 22:55 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 22:55 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 22:55 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-14 22:49 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-14 22:49 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-14 22:49 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-14 22:49 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-14 22:49 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-14 22:49 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-14 22:49 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-14 22:49 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-14 22:49 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-14 22:48 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-14 22:48 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-14 22:48 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-14 22:48 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-14 22:48 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-14 22:48 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-14 22:48 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-14 22:48 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-14 22:48 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-14 22:48 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-14 22:48 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-14 22:48 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-14 22:48 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-14 22:48 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-14 22:48 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-14 22:48 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-14 22:48 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-14 22:48 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-14 22:48 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-14 22:48 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-14 22:48 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-14 22:48 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-14 22:48 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-14 22:48 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-14 22:48 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-14 22:48 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-14 22:48 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-14 22:48 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-14 22:48 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-14 22:47 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-14 22:47 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-14 22:47 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-14 22:47 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-14 22:47 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-14 22:47 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-14 22:47 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-14 22:47 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-14 22:47 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-14 22:45 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-14 22:45 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-14 22:45 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-14 22:45 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-14 22:44 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-14 22:44 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-14 22:44 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-14 22:44 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-14 22:44 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-14 22:44 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-14 22:44 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-14 22:44 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-14 22:44 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-14 22:40 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-14 22:40 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-14 22:40 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-14 22:40 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-14 22:40 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-14 22:40 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-14 22:40 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-14 22:40 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 21:19 - 2015-08-11 21:19 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-04 16:37 - 2015-08-04 16:37 - 00000000 ____D C:\Users\Stevan\AppData\Local\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 16:44 - 2014-02-24 21:20 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB021690-B451-41EF-AF6A-ADC322030651}
2015-08-31 16:41 - 2013-10-30 09:02 - 01170126 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-31 16:40 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-31 16:40 - 2012-11-02 23:15 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 15:31 - 2013-05-30 16:46 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA.job
2015-08-31 15:23 - 2013-08-22 09:46 - 00419543 _____ C:\WINDOWS\setupact.log
2015-08-31 15:23 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-31 15:20 - 2013-05-21 23:40 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3094508777-2562355391-1898814638-1004
2015-08-31 15:19 - 2013-06-17 19:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-31 15:16 - 2012-11-02 23:15 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 15:04 - 2013-10-30 08:39 - 00000000 ____D C:\Users\Stevan
2015-08-31 12:51 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-31 12:47 - 2013-09-29 22:55 - 01074224 _____ C:\WINDOWS\PFRO.log
2015-08-31 12:38 - 2014-05-25 22:46 - 00000000 ____D C:\Users\DanaZ\AppData\Local\StormAlerts
2015-08-31 12:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-30 21:31 - 2013-05-30 16:46 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core.job
2015-08-30 21:24 - 2012-11-12 17:35 - 508257404 _____ C:\WINDOWS\MEMORY.DMP
2015-08-30 21:12 - 2013-09-24 17:13 - 00000000 ____D C:\Users\Stevan\AppData\Local\CrashDumps
2015-08-30 15:23 - 2013-12-01 16:43 - 00001445 _____ C:\Users\Branko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:23 - 2013-11-09 10:50 - 00001445 _____ C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 01:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-30 01:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-29 15:51 - 2015-03-09 23:03 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-29 01:48 - 2012-11-24 17:58 - 00001462 _____ C:\Users\Ryan Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-29 01:26 - 2014-05-26 01:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-29 01:26 - 2014-05-26 01:29 - 00002050 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-08-29 01:26 - 2012-08-18 11:06 - 00000000 ____D C:\ProgramData\Adobe
2015-08-29 01:15 - 2012-11-02 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-29 00:55 - 2014-05-26 01:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-28 18:53 - 2013-09-30 00:23 - 00000000 ____D C:\Users\Stevan\Documents\Book Place
2015-08-28 18:20 - 2012-08-18 11:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 18:18 - 2015-06-19 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-28 17:37 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-28 16:43 - 2014-08-12 12:05 - 00000226 _____ C:\Users\Stevan\BullseyeCoverageError.txt
2015-08-28 16:04 - 2013-10-30 14:34 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 16:04 - 2013-06-30 12:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 17:11 - 2012-11-02 23:15 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 17:11 - 2012-11-02 23:15 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 14:32 - 2015-04-15 01:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-26 14:32 - 2015-03-13 01:23 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-23 21:44 - 2013-07-23 03:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-23 21:44 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-23 21:10 - 2012-12-13 02:35 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 10:09 - 2013-08-22 09:44 - 00522936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-18 19:10 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 19:10 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 15:01 - 2014-11-06 13:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-18 14:59 - 2012-11-03 00:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-18 14:29 - 2012-07-26 00:26 - 00000336 _____ C:\WINDOWS\win.ini
2015-08-16 20:44 - 2013-12-12 09:53 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6D45E8A3-2023-4539-B773-7B8E4E615878}
2015-08-16 19:28 - 2013-12-01 16:49 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3094508777-2562355391-1898814638-1005
2015-08-15 17:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-13 22:59 - 2013-10-30 11:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-11 22:40 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-11 21:21 - 2013-06-17 19:38 - 00003712 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-05 21:57 - 2013-05-21 23:32 - 00000000 ____D C:\Users\Stevan\AppData\Local\Packages
2015-08-04 16:37 - 2013-05-21 23:33 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2012-11-04 04:02 - 2012-12-17 01:28 - 0002816 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Stevan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-03-09 23:03] - [2015-08-29 15:51] - 0498688 ____A (Microsoft Corporation) 454F8AEEF9DE95B00078AEA0F85A16E3
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-27 18:44
 

 

==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Stevan (2015-08-31 16:52:24)
Running from C:\Users\Stevan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3094508777-2562355391-1898814638-500 - Administrator - Disabled)
Branko (S-1-5-21-3094508777-2562355391-1898814638-1005 - Limited - Enabled) => C:\Users\Branko
DanaZ (S-1-5-21-3094508777-2562355391-1898814638-1001 - Limited - Enabled) => C:\Users\DanaZ
Guest (S-1-5-21-3094508777-2562355391-1898814638-501 - Limited - Disabled) => C:\Users\Guest
Stevan (S-1-5-21-3094508777-2562355391-1898814638-1004 - Administrator - Enabled) => C:\Users\Stevan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EaseUS Data Recovery Wizard 5.8.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version:  - EaseUS)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 2 Runtime Environment Standard Edition v1.3.1 (HKLM-x32\...\JRE 1.3.1) (Version:  - )
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Lexibase Standard (HKLM-x32\...\{22AE875F-B8B3-46AF-856C-CE858538D912}) (Version: 6.0 - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Math Odyssey Calculus (HKLM-x32\...\Math Odyssey Calculus) (Version:  - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SigningAvatar Illustrated Dictionary (HKLM-x32\...\SAID) (Version:  - )
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Talk to Me (HKLM-x32\...\TTM70) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Venues™ X3D Viewer and Simulation Engine (HKLM-x32\...\Venues™ X3D Viewer and Simulation Engine) (Version:  - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version:  - Sakar)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-08-2015 14:23:15 Windows Update
15-08-2015 17:24:31 Scheduled Checkpoint
18-08-2015 13:55:13 Windows Modules Installer
22-08-2015 18:52:23 Windows Update
29-08-2015 23:52:26 zoek.exe restore point
31-08-2015 12:37:33 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-07-25 14:13 - 00000854 ____N C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0846558F-70E8-49B0-8C7D-B612DF4FA046} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {11077B7C-C68A-4E69-8163-F5621F8834E7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {12540047-6CA1-4B26-85B4-CFF4063ED315} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {14DBE6F2-C65A-4EF2-A6CA-5E40F45DF5FD} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {2B43FB43-F806-4FFB-8FAF-E9B75E20BF0D} - System32\Tasks\gg_uac_daemon_Ryan Stevan => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {4625B511-A5D1-4261-B2B2-0CBA23685716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {471BB366-78D3-4AD3-B9E3-7D6AD05EE71C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8037DC79-25B8-4983-A753-0EEEC1598773} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0ADB587-D610-4C3C-9871-E3016DA0EDE9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A2C183FD-4F07-4320-91E3-E1F8DA74E933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A6142E1E-5488-47D4-BF37-FF4AB41A3974} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-08-29] (Enigma Software Group USA, LLC.)
Task: {B9091D2B-F5CF-4A52-B957-D729520C20BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {B9648FCB-067A-4714-9F14-F4E58F308D9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C0EE1880-0F64-49B1-91CE-BB92D18970BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DE0E7839-CDC6-4577-8C62-9F87E3339B56} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {FC4D78D4-0C1E-4C10-8311-EDFD5B4AB9B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {FF07D1F5-C985-4336-996E-6EEA0B914D29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core.job => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA.job => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-08-14 19:03 - 2005-07-26 11:56 - 00081920 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\Blue.jpg
DNS Servers: 216.114.192.10 - 216.114.208.186
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2015 12:37:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bfc1b3cf-04a7-4cc9-a894-03d2d9a13ce9}
 
Error: (08/31/2015 12:21:57 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2752) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (08/31/2015 12:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nsd304.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fb8
 
Start Time: 01d0e4109cf91d22
 
Termination Time: 4294967295
 
Application Path: C:\Users\Stevan\AppData\Local\Temp\nsd304.exe
 
Report Id: ff83d85d-5003-11e5-803f-00266c2d634d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/31/2015 12:31:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46625
 
Error: (08/31/2015 12:31:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46625
 
Error: (08/31/2015 12:31:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2015 12:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30906
 
Error: (08/31/2015 12:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30906
 
Error: (08/31/2015 12:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2015 12:31:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15391
 
 
System errors:
=============
Error: (08/31/2015 03:34:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
 
Error: (08/31/2015 03:23:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft .Net Framework v2.0.50729 ALP (X86) service failed to start due to the following error: 
%%2
 
Error: (08/31/2015 03:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (08/31/2015 03:22:21 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (08/31/2015 03:21:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/31/2015 03:21:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/31/2015 03:21:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/31/2015 03:21:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/31/2015 03:21:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/31/2015 03:05:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office:
=========================
Error: (08/31/2015 12:37:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bfc1b3cf-04a7-4cc9-a894-03d2d9a13ce9}
 
Error: (08/31/2015 12:21:57 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail2752WindowsMail0:
 
Error: (08/31/2015 12:16:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: nsd304.exe0.0.0.0fb801d0e4109cf91d224294967295C:\Users\Stevan\AppData\Local\Temp\nsd304.exeff83d85d-5003-11e5-803f-00266c2d634d
 
Error: (08/31/2015 12:31:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46625
 
Error: (08/31/2015 12:31:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46625
 
Error: (08/31/2015 12:31:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2015 12:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30906
 
Error: (08/31/2015 12:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30906
 
Error: (08/31/2015 12:31:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2015 12:31:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15391
 
 
CodeIntegrity:
===================================
  Date: 2015-08-30 23:48:46.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 23:48:44.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:53.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:51.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:46.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:44.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:42.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:40.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:37.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-30 17:22:36.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 3678.26 MB
Available physical RAM: 2310.82 MB
Total Virtual: 7390.26 MB
Available Virtual: 5908.14 MB
 
==================== Drives ================================
 
Drive c: (TI10649800F) (Fixed) (Total:287.51 GB) (Free:160.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 

  • 0

#7
SteveClark180
Posted 31 August 2015 - 08:05 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Yamdex and Crossbrowse disappeared, so that's a good sign.

 

Snap.Do or known as SideCubes.com is still in Internet Explorer.

Google Chrome used to have it, but I somehow got rid of it. But for some reason it has a stronger grip on Internet Explorer- I tried to reset IE and tried to find out why it keeps coming back, but I don't know how. I tried to put it into restricted sites on Internet Options, and disabled third-party applications, but it's still prevalent when I open up IE- it's the first tab that pops up. On the bar where you type and search things, I saw that Snap.Do first appears, then redirects/changes to SideCubes.com.

 

Firefox looks okay, no difficulties or unusual activity whatsoever.

 

Since I don't have much security, what do you advise I should get?

 

Thanks!   :lol:


  • 0

#8
SteveClark180
Posted 31 August 2015 - 09:09 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

I got rid of Internet Explorer in my user.

I checked the other users on my laptop and the other users didn't show any suspicious content or other engine switches; including their Internet Explorers.


  • 0

#9
Nevan
Posted 01 September 2015 - 12:56 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, SteveClark180

I'm a little bit confused now. Does Snap.Do still appear anywhere?

 
About Antivirus, I personally use Avast and haven't been infected for a few years, but it's still a matter of what sites you visit, etc.. Another one that I could recommend is Microsoft Security Essentials.
Remember to install only one and to download the one you want from its official which is this for Avast, and this for MSE.

 
Step #1
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.96KB   232 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[C1].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • AdwCleaner log content
  • Tell me if you have successfully installed an Antivirus
  • Answer to my question about Snap.Do

  • 0

#10
SteveClark180
Posted 01 September 2015 - 02:38 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Snap.Do doesn't appear anywhere anymore. 

I installed an antivirus, AVAST.

 

Fixlog.txt content:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Stevan (2015-09-01 15:04:35) Run:2
Running from C:\Users\Stevan\Desktop
Loaded Profiles: Stevan (Available Profiles: DanaZ & Stevan & Branko & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
FF DefaultSearchEngine.US: findit
2015-08-31 12:38 - 2014-05-25 22:46 - 00000000 ____D C:\Users\DanaZ\AppData\Local\StormAlerts
sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
Unlock: HKCU\Software\GlobalUpdate
Unlock: HKCU\Software\IM
Unlock: HKCU\Software\Nosibay
Unlock: HKCU\Software\Store
Unlock: HKCU\Software\systweak
Unlock: HKCU\Software\GAMESDESKTOP
Unlock: HKCU\Software\Crossbrowse
Unlock: HKCU\Software\YorkNewCin
Unlock: HKCU\Software\HighDefAction
Unlock: HKCU\Software\ArenaHD
Unlock: HKCU\Software\PRODUCTSETUP
Unlock: HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Unlock: HKCU\Software\DAILYPCCLEAN
Unlock: HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Unlock: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\Crossrider
Unlock: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\DynConIE
Unlock: HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Reg: reg delete HKCU\Software\GlobalUpdate /f
Reg: reg delete HKCU\Software\IM /f
Reg: reg delete HKCU\Software\Nosibay /f
Reg: reg delete HKCU\Software\Store /f
Reg: reg delete HKCU\Software\systweak /f
Reg: reg delete HKCU\Software\GAMESDESKTOP /f
Reg: reg delete HKCU\Software\Crossbrowse /f
Reg: reg delete HKCU\Software\YorkNewCin /f
Reg: reg delete HKCU\Software\HighDefAction /f
Reg: reg delete HKCU\Software\ArenaHD /f
Reg: reg delete HKCU\Software\PRODUCTSETUP
Reg: reg delete HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} /f
Reg: reg delete HKCU\Software\DAILYPCCLEAN /f
Reg: reg delete HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ /f
Reg: reg delete HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\Crossrider /f
Reg: reg delete HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\DynConIE /f
Reg: reg delete HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ /f
*****************
 
FF DefaultSearchEngine.US: findit => not found
C:\Users\DanaZ\AppData\Local\StormAlerts => moved successfully
sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll => Error: No automatic fix found for this entry.
"HKCU\Software\GlobalUpdate" => key could not be unlocked
"HKCU\Software\IM" => key could not be unlocked
"HKCU\Software\Nosibay" => key could not be unlocked
"HKCU\Software\Store" => key could not be unlocked
"HKCU\Software\systweak" => key could not be unlocked
"HKCU\Software\GAMESDESKTOP" => key could not be unlocked
"HKCU\Software\Crossbrowse" => key could not be unlocked
"HKCU\Software\YorkNewCin" => key could not be unlocked
"HKCU\Software\HighDefAction" => key could not be unlocked
"HKCU\Software\ArenaHD" => key could not be unlocked
"HKCU\Software\PRODUCTSETUP" => key could not be unlocked
"HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}" => key could not be unlocked
"HKCU\Software\DAILYPCCLEAN" => key could not be unlocked
"HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_" => key could not be unlocked
"HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\Crossrider" => key could not be unlocked
"HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\DynConIE" => key could not be unlocked
"HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_" => key could not be unlocked
 
========= reg delete HKCU\Software\GlobalUpdate /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\IM /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\Nosibay /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\Store /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\systweak /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\GAMESDESKTOP /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\Crossbrowse /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\YorkNewCin /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\HighDefAction /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\ArenaHD /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\PRODUCTSETUP =========
 
Permanently delete the registry key HKEY_CURRENT_USER\Software\PRODUCTSETUP (Yes/No)? ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKCU\Software\DAILYPCCLEAN /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\Crossrider /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\AppDataLow\Software\DynConIE /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 15:04:41 ====
 
 
 
AdwCleaner  content:
 
# AdwCleaner v5.004 - Logfile created 01/09/2015 at 15:15:07
# Updated 26/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Stevan - HOMEDN-PC
# Running from : C:\Users\Stevan\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Stevan\Desktop\PC Cleaners
[-] Folder Deleted : C:\Users\Stevan\Favorites\StumbleUpon
[!] Folder Not Deleted : C:\Users\Stevan\Favorites\StumbleUpon
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\DanaZ\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\DanaZ\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1007 bytes] ##########
 
 
Thank you!   :D

  • 0

Advertisements

#11
Nevan
Posted 02 September 2015 - 08:11 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, SteveClark180.

I'm glad to hear that your problems are gone, although we still have something to do just to make sure that everything's been taken care of.

Please follow the instructions below.

Step #1
Command Prompt

Click Start>type cmd in the Search Box>right-click the cmd program that appears on the list and click Run as Administrator.

In the window that appears, type the following:
sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
then click Enter. Let the program finish it's operation.

Make sure that you reboot your computer after the process.

 
Step #2
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #3
jyv2Te8.png ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click RYa1k8g.png
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #4
bABuPc2.pngSecurity Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
EOEdyWG.png Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content

  • 0

#12
SteveClark180
Posted 03 September 2015 - 02:10 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Checkup.txt log content

 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 2 Runtime Environment Standard Edition v1.3.1 
 Java 7 Update 80  
 Java 8 Update 60  
 Adobe Flash Player 18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox (40.0.3) 
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
Malwarebytes Anti-Malware log content
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/2/2015
Scan Time: 10:17 AM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.02.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Stevan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 608420
Time Elapsed: 2 hr, 0 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 28
Trojan.Proxy, HKLM\SOFTWARE\CLASSES\prsetup.DynamicNS, Quarantined, [b46abd6eafdc00367bdd6c30a65c768a], 
Trojan.Proxy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prsetup.DynamicNS, Quarantined, [1707b17aaae165d12d2bcdcf9e647d83], 
Trojan.Proxy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\prsetup.DynamicNS, Quarantined, [1707b17aaae165d12d2bcdcf9e647d83], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\PROPCCleanerSoftware_RASAPI32, Quarantined, [c95578b3d4b77fb7a5e11c8be71d56aa], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\PROPCCleanerSoftware_RASMANCS, Quarantined, [2af4a586a0ebb284f393c5e2689c48b8], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, Quarantined, [17072902375476c02660c5e2e4203ec2], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, Quarantined, [0e10d55699f22313bfc790177c88af51], 
PUP.Optional.PhraseProfessor, HKLM\SOFTWARE\WOW6432NODE\PhraseProfessor_1.10.0.21, Quarantined, [0915a487117a979fdeed3a6af70d42be], 
PUP.Optional.WordSurfer, HKLM\SOFTWARE\WOW6432NODE\WordSurfer_1.10.0.19, Quarantined, [0d11a08ba8e349ed24a4bc00ba4abc44], 
PUP.Optional.CinePlus, HKU\S-1-5-18\SOFTWARE\CinePlus-1.44V28.08-nv, Quarantined, [29f59f8c9fec55e1a5e5d6abaa5a2cd4], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{F118632E-2328-439C-AE48-3DA2CA0CE0B7}, Quarantined, [938bef3c701b63d3bec83c3ad52f2fd1], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{F118632E-2328-439C-AE48-3DA2CA0CE0B7}, Quarantined, [3be34dde870459ddbdc99bdb8480c63a], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{F118632E-2328-439C-AE48-3DA2CA0CE0B7}, Quarantined, [f02e2dfe7912999d7214d6a0a55f6d93], 
PUP.Optional.ConsumerInput, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\ConsumerInput, Quarantined, [5ec0cd5e216a6bcbc1c8e2a19a6a42be], 
PUP.Optional.InstallCore, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\InstallCore, Quarantined, [d94542e94c3fc86ec88a890dcf35ea16], 
PUP.Optional.SpeedDial, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\speedial, Quarantined, [26f8bb700d7ecf67eb3c05ac24e03ec2], 
PUP.Optional.SavingsBull, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\APPDATALOW\SOFTWARE\Savings Bull, Quarantined, [908eda5107847bbb6386dbcf56ae0ef2], 
PUP.Optional.OutBrowse, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\OB, Quarantined, [d24ce348d7b441f54441297a8381d42c], 
PUP.Optional.SearchProtect, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\SEARCHPROTECTINT, Quarantined, [2bf39a91800ba98d8ec504a8788c8f71], 
PUP.Optional.AdvancedSystemProtector, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\SYSTWEAK\Advanced System Protector, Quarantined, [4cd23eedb0dbcb6b6da99cddf113946c], 
PUP.Optional.RegCleanerPro, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [fd2116150b809c9a38a73276ee160ff1], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\SYSTWEAK\ssd, Quarantined, [9c82b07b49422313781039fb47bc19e7], 
PUP.Optional.Tuto4PC, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [af6fc4675e2d52e4d964c2f5d52fbe42], 
PUP.Optional.RegCleanerPro, HKU\S-1-5-21-3094508777-2562355391-1898814638-1002\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [e13d72b915762b0bdf004b5d37cdb050], 
PUP.Optional.CinePlus, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\CinePlus-1.44V28.08-nv-ie, Quarantined, [60becb60b9d21c1ac8c296eb3bc920e0], 
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\ProPCCleanerLanguage, Quarantined, [958970bb5338e84e7a079314c143ae52], 
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\PROPCCleanerSoftwareLanguage, Quarantined, [ad71c9620c7fc274e1a1c4e325df30d0], 
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\{F118632E-2328-439C-AE48-3DA2CA0CE0B7}, Quarantined, [50cebf6cdcaf75c1aadc87ef2adaed13], 
 
Registry Values: 13
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{F118632E-2328-439C-aE48-3DA2CA0CE0B7}|Name, C:\Program Files\groover250820151255\Ijateo.exe, Quarantined, [938bef3c701b63d3bec83c3ad52f2fd1]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-19\SOFTWARE\{F118632E-2328-439C-aE48-3DA2CA0CE0B7}|Name, C:\Program Files\groover250820151255\Ijateo.exe, Quarantined, [3be34dde870459ddbdc99bdb8480c63a]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-20\SOFTWARE\{F118632E-2328-439C-aE48-3DA2CA0CE0B7}|Name, C:\Program Files\groover250820151255\Ijateo.exe, Quarantined, [f02e2dfe7912999d7214d6a0a55f6d93]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\OB|monitype2, 4/6/14 13:33:3, Quarantined, [d24ce348d7b441f54441297a8381d42c]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\OB|monitype3, 4/6/14 13:33:3, Quarantined, [34ea2a014a4157df8500455ee81cc937]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\OB|monitype4, 4/6/14 13:35:17, Quarantined, [aa743fec315a270f493cebb8ee16f30d]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\OB|monitype1, 4/6/14 13:35:21, Quarantined, [9c82bb70b1dad5618cf9158ed232867a]
PUP.Optional.OutBrowse, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\OB|monitype6, 4/6/14 13:35:42, Quarantined, [36e8f536a6e53006cbba1c87788cd32d]
PUP.Optional.SearchProtect, HKU\S-1-5-21-3094508777-2562355391-1898814638-1001\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [2bf39a91800ba98d8ec504a8788c8f71]
PUP.Optional.Linkury, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=US&userid=5676bf0f-4905-99d6-0878-e4a9b409d0fb&searchtype=sc&installDate=30/08/2015&barcodeid=50045888&channelid=888, Quarantined, [76a86ac1a0ebab8b52d32b6e9c687c84]
PUP.Optional.Linkury, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\ENVIRONMENT|SNF, C:\ProgramData\Saophases\snp.sc, Quarantined, [ef2f67c41e6d1a1c22021485ad578c74]
PUP.Optional.IEAudioAds, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\INSTALLPATH\STATUS|NuvisionDataRemarketer, R, Quarantined, [8a944dde3259fd39f7bc6d278a7a956b]
PUP.Optional.Groover.BrwsrFlsh, HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\{F118632E-2328-439C-aE48-3DA2CA0CE0B7}|Name, C:\Program Files\groover250820151255\Ijateo.exe, Quarantined, [50cebf6cdcaf75c1aadc87ef2adaed13]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.StormAlerts, C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts, Quarantined, [75a93fec4d3eb77feb8211a149bb17e9], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Setup Support for Consumer Input, Quarantined, [fb2327044942d2642d73dc217a88758b], 
 
Files: 12
PUP.Optional.QuickDownloader, C:\Users\DanaZ\Downloads\Adobe_Reader_Setup.exe, Quarantined, [150948e33e4d2a0c9a09021c1de8b947], 
PUP.Optional.Amonetize, C:\Users\Ryan Stevan\Downloads\FlashPlayer__2114_i14341228_il42840.exe, Quarantined, [f42ac269c8c380b699984685bb4625db], 
PUP.Optional.Linkury.ShrtCln, C:\Users\Myra\AppData\Roaming\Mozilla\Firefox\Profiles\dwf56rvb.default\searchplugins\findit.xml, Quarantined, [35e94fdc503bcf679a7f294bca3ac739], 
PUP.Optional.Linkury.ShrtCln, C:\Users\Ryan Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\8ubzw4on.default\searchplugins\findit.xml, Quarantined, [51cd0d1efe8d7eb8d6437ef6ce36e31d], 
PUP.Optional.StormAlerts, C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk, Quarantined, [75a93fec4d3eb77feb8211a149bb17e9], 
PUP.Optional.ConsumerInput, C:\Program Files (x86)\Setup Support for Consumer Input\uninst.exe, Quarantined, [fb2327044942d2642d73dc217a88758b], 
PUP.Optional.Linkury.ShrtCln, C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\cm1wsiiy.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\\ProgramData\\Saophases\\ff.NT");), Replaced,[6db11813fb9084b28f92f89fb3526898]
PUP.Optional.Linkury.ShrtCln, C:\Users\DanaZ\AppData\Roaming\Mozilla\Firefox\Profiles\17pvbe17.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\\ProgramData\\Saophases\\ff.NT");), Replaced,[37e7d05be3a87fb724fdddba48bd8a76]
PUP.Optional.Linkury.ShrtCln, C:\Users\Myra\AppData\Roaming\Mozilla\Firefox\Profiles\dwf56rvb.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\ProgramData\Saophases\ff.NT");), Replaced,[4bd3ef3c4a413ff75fc2455226df03fd]
PUP.Optional.Linkury.ShrtCln, C:\Users\Myra\AppData\Roaming\Mozilla\Firefox\Profiles\dwf56rvb.default\prefs.js, Good: (browser.startup.homepage", "https://www.malwareb...storebrowser/),Bad: (browser.startup.homepage", "C:\ProgramData\Saophases\ff.HP), Replaced,[77a7e84393f8b284553b633a8a7b1ce4]
PUP.Optional.Linkury.ShrtCln, C:\Users\Ryan Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\8ubzw4on.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\ProgramData\Saophases\ff.NT");), Replaced,[4ad4cb606c1f48ee0c15851210f5a45c]
PUP.Optional.Linkury.ShrtCln, C:\Users\Ryan Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\8ubzw4on.default\prefs.js, Good: (browser.startup.homepage", "https://www.malwareb...storebrowser/),Bad: (browser.startup.homepage", "C:\ProgramData\Saophases\ff.HP), Replaced,[051940eb38534ee8c1cf05984db8956b]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
And Checkup.txt log content
 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8d9f393343fc66418d6296fc3d639271
# end=init
# utc_time=2015-09-02 07:45:26
# local_time=2015-09-02 02:45:26 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25571
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8d9f393343fc66418d6296fc3d639271
# end=updated
# utc_time=2015-09-02 07:52:28
# local_time=2015-09-02 02:52:28 (-0600, Central Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8d9f393343fc66418d6296fc3d639271
# engine=25571
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-03 07:29:37
# local_time=2015-09-03 02:29:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 0 2291887 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 169977 5011746 0 0
# scanned=419853
# found=54
# cleaned=0
# scan_time=85028
sh=55B5F6A639D137AAF94997F0EAD5F5E5664A358A ft=1 fh=5c934443d7ed2105 vn="MSIL/Toolbar.Linkury.AG potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Common Files\zmn5cqnr\dd5fbc1fjiaiz.exe"
sh=C7D1D5B34615918F533B8838941346361E74EC1D ft=1 fh=63d37f3feeb1a979 vn="a variant of MSIL/Amonetize.AB potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe"
sh=4DCDE28B5594834BD70C3BB3D4833D041916392F ft=1 fh=23286c9510d3f8e5 vn="Win32/OpenCandy.F potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\setup\Firefox_Update.40.0.3.exe"
sh=0071DA8E904BE4119BFEBD24CB423D05CDD67555 ft=1 fh=00631df9234dd3ab vn="Win32/OpenCandy.F potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\setup\Java_Update.8.0.450.exe"
sh=5F14D287B4D3DAF9C990B2769933CCFDE7ED6961 ft=1 fh=9c31fbbf76c0ef84 vn="Win32/OpenCandy.F potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\setup\Winrar_Update.5.21.0.exe"
sh=8D956E9AA5567B5EACDD403AF5B4561F17CD315A ft=1 fh=6b95c96d08ee0f59 vn="Win32/OpenCandy.F potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\temp\run.exe"
sh=CF01D19973F7B200F45C938D01297789B90B1301 ft=1 fh=00c1549a143e0b50 vn="a variant of Win32/Adware.ConvertAd.XV application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D\hnsj8CEC.tmp"
sh=D1C0E97F6D845212AF77FF02DBDF6BECC0C87520 ft=1 fh=b8dc0cbef7ffb9bf vn="Win32/Adware.ConvertAd.XU application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D\jnsl5168.tmp"
sh=3C6FCD21F645A0A38AE9CC314E55432CDD4CBE25 ft=1 fh=6dbec1eba07cc8b1 vn="a variant of Win32/Adware.ConvertAd.WY application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D\knsbA33A.tmp"
sh=A5584BE66A5382805D67B0535CF0828822E1E1E7 ft=1 fh=8fecad7e1e979413 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D\vnsaF93D.tmp"
sh=451C5EC53080FACD25C785FDC84FFD4AC6BDBA85 ft=1 fh=4f39dceef29425db vn="a variant of Win64/Toolbar.Crossrider.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\CinePlus-1.44V28.08\62f56c52-5c0a-4e1b-b505-f3a4d5ae4381-64.exe"
sh=D5820513651D4FECEB8EAD2B70648DA3D60A3B9D ft=1 fh=8203b0acf6b19312 vn="a variant of Win32/Adware.SpeedingUpMyPC.AS application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\DailyPcClean Support\DailyPCClean.exe"
sh=4D98FEAF710AEE5C928CF79FB2DC825A516F9AF7 ft=1 fh=b0f1cc637696b485 vn="a variant of Win32/InstallCore.TR potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\MSNetCore\cached\ms_chromeupda_125.exe"
sh=008312D1FE965AE64AD9567AF64953CFC6E48F6A ft=1 fh=89c8f34e4ca9e9be vn="a variant of Win64/Toolbar.Linkury.D.gen potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Saophase\BioSing.dll"
sh=B07E524609CAFCC691FE715D31D2B10F6FFD3685 ft=1 fh=7851b492d1e95c18 vn="a variant of Win64/Toolbar.Linkury.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Saophase\K-eco.dll"
sh=94C0F4786BD516B096D8E44A15481617394A3AF8 ft=1 fh=1c1d92655d912850 vn="a variant of Win32/Toolbar.Linkury.U.gen potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Saophase\Rankflex.dll"
sh=2D1E12C998041AB330D7CE994F6FEBC4609258DD ft=1 fh=89520033a400838a vn="a variant of MSIL/Toolbar.Linkury.AD potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Saophase\Saophase.dll"
sh=DC49836529C9E840DAC74A04396345B08ABEAE2E ft=1 fh=4380faf6a4c00263 vn="a variant of MSIL/Toolbar.Linkury.H potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\Saophase\Sunflex.exe"
sh=F5107D4315C28F6E6A0F94CAD8414D0EE4B1B1E5 ft=1 fh=36723e1fa1633655 vn="a variant of Win32/Amonetize.BQ potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sqy\2D31AF0434944B37BEE28339D65B6B83\setup.exe"
sh=F5107D4315C28F6E6A0F94CAD8414D0EE4B1B1E5 ft=1 fh=36723e1fa1633655 vn="a variant of Win32/Amonetize.BQ potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\sqy\8AF76401E7E04BC485E4B3E3E8020DD8\setup.exe"
sh=764485C1DB5052226EF61FA190D84B7EE0D49ED4 ft=1 fh=5a9dadbec7b312fe vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\FRST\Quarantine\C\Users\DanaZ\AppData\Local\StormAlerts\StormAlertsApp.exe.xBAD"
sh=AB4B5AEE9EB1532D96FFA16E6298567D8E923D0D ft=1 fh=f96a1b549b5e6bdf vn="a variant of MSIL/Smeazymo.A trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Stevan\AppData\Local\Citytech.exe.xBAD"
sh=478281413488ACDA8350FFFBA63370A9EA3505C5 ft=1 fh=a7217baf6b569f55 vn="Win32/TrojanDownloader.Adcurl.D trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\msqy.exe.xBAD"
sh=C1758D4D043766BC92B541E5A2F5FD1CF8F7520E ft=1 fh=e77459d1cebadb1d vn="a variant of Win32/TrojanDownloader.Adcurl.D trojan" ac=I fn="C:\FRST\Quarantine\C\Windows\sqy.exe.xBAD"
sh=56079F6BE7390293C5F89EB99BA89B84FE389962 ft=0 fh=0000000000000000 vn="BAT/StartPage.NHN trojan" ac=I fn="C:\Program Files (x86)\Google\Chrome\Application\chrome.bat"
sh=9F0124C0558AE3F4A42C6B7109B56B60BD8ED0FA ft=0 fh=0000000000000000 vn="BAT/StartPage.NHN trojan" ac=I fn="C:\Program Files (x86)\Internet Explorer\iexplore.bat"
sh=FDF2B38ED210B923877223259EB7D34AA0EBCDD6 ft=1 fh=52a6080249f37d8e vn="a variant of Win32/Adware.Dowsserve.A application" ac=I fn="C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe"
sh=E7F02C0DF7038FEB1F25B438C412872501EB3DF3 ft=1 fh=a29003e61dbc59af vn="a variant of MSIL/Adware.Dowsserve.A application" ac=I fn="C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe"
sh=6B6105C0BF9C8942B523C7BC6279BF1D241909BA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\temp\InstallFilter64.msi"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\temp\t.msi"
sh=B46766B1F1795D63B683BBDC1E52C57137767E2C ft=1 fh=81d8934ba63cae75 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\DanaZ\Documents\Documents 2012nov2\Food and receipt\brownie sour cream.exe"
sh=B46766B1F1795D63B683BBDC1E52C57137767E2C ft=1 fh=81d8934ba63cae75 vn="Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\DanaZ\Documents\Food and receipt\brownie sour cream.exe"
sh=F95FE57714470B7BE46E31860238B1F2B18F16D8 ft=1 fh=c71c0011272e990b vn="a variant of Win32/InstallCore.WT potentially unwanted application" ac=I fn="C:\zoek\in\RECYCLE.BIN\S-1-5-21-3094508777-2562355391-1898814638-1001\$RED0AU9.exe"
sh=BE6E857DFE0F501BB73727DF658C78DE4F5F7E07 ft=0 fh=0000000000000000 vn="a variant of MSIL/Smeazymo.A trojan" ac=I fn="C:\zoek\in\USERTEMP\sn1t8.tmp"
sh=6954A09FDED4592C3A66B69549F291253925DDA6 ft=1 fh=9b1ee0065e402ef1 vn="MSIL/Toolbar.Linkury.AG potentially unwanted application" ac=I fn="C:\zoek\in\WINDOWSTEMP\tmp8349.tmp"
sh=DED936971D20545E61E7B38971F62E9C6E424F7F ft=0 fh=0000000000000000 vn="a variant of MSIL/Amonetize.AB potentially unwanted application" ac=I fn="C:\zoek\in\WINDOWSTEMP\tmp97B7.tmp"
sh=3A9931D33197DED185E516BF82D9279C67DB1F5B ft=1 fh=3c3af114defdd332 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\zoek_backup\C_windows_SysNative_drivers_wStLibG64.sys.vir"
sh=5A93A804686B78F4E45638C095384F990157B0C1 ft=1 fh=4dc8f6538cfdfeb5 vn="Win64/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_WINDOWS_SysNative_sasnative64.exe.vir"
sh=74192FE61C39A819A364E4DD9E3FB47310B3D95E ft=1 fh=8360b93a93df7fd5 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_ASP\AspManager.exe"
sh=BD6AFD1342CF1B5C54C2D54069E66018938F3739 ft=1 fh=d18c5d2bfc4e2112 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_ASP\ASPUninstall.exe"
sh=15B25EC8D73296E8FBD83E5732E0E8041957E0DA ft=1 fh=2ba0b3ad838744df vn="a variant of Win32/Systweak.F potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_ASP\Communication.dll"
sh=62D83736AAC6EEA6973C4BD662DECEC88605C221 ft=1 fh=cee2102f16f2449f vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_ASP\filetypehelper.exe"
sh=4F4D3A3571FF44967FC118BB04B41CE6C1827A50 ft=1 fh=ffb2c2e1cbaeaa2f vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_ASP\scandll.dll"
sh=98D9959BE63611B581E4F8BCD9CA807A8B00A8EA ft=1 fh=497b5456620ee795 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_RegClean Pro\99foc.exe"
sh=7ADB36FABD0B612731C59D48E7940BAFD465E4F0 ft=1 fh=a8cbba5c56573703 vn="a variant of MSIL/Adware.PullUpdate.L.gen application" ac=I fn="C:\zoek_backup\C_PROGRA~3_Browser\prompt.exe"
sh=9EAE736B90B312243443D3D913AD761D9551B199 ft=1 fh=53d14236c143ecdc vn="a variant of Win32/Adware.CouponMarvel.P application" ac=I fn="C:\zoek_backup\C_PROGRA~3_FlashBeat\NSISHelper.dll"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_DanaZ_AppData_Roaming_Systweak\ssd\SSDPTstub.exe"
sh=C0093C80E56E3D0954B9C6F3A10745A7210A8B40 ft=1 fh=7c704831bda2a0ea vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_DanaZ_AppData_Roaming_UpdaterEX\UpdateProc\UpdateTask.exe"
sh=2A425F147AB2A4AC068FB106401ED0C06AAAFBEE ft=1 fh=5ed6a5bb48f787d4 vn="Win32/Adware.ConvertAd.XQ application" ac=I fn="C:\zoek_backup\C_Users_Stevan_AppData_Local_9088868A-1440784587-E111-A182-00266C2D634D\onshAC8D.tmp"
sh=95553B38A01DC5AD580143A99DFBD0FAC3E35607 ft=1 fh=458166caae7b0ddd vn="Win32/Adware.ConvertAd.YB application" ac=I fn="C:\zoek_backup\C_Users_Stevan_AppData_Local_9088868A-1440784587-E111-A182-00266C2D634D\pnshAC8E.exe"
sh=ECB2CF98F30FBB6AEF30462EBDDD1BBD96D4834A ft=1 fh=08fd6876d332e9a3 vn="a variant of Win32/Adware.ConvertAd.YF application" ac=I fn="C:\zoek_backup\C_Users_Stevan_AppData_Local_9088868A-1440784587-E111-A182-00266C2D634D\rnshAC8C.exe"
sh=491164FE123DB6DA6E777864326D6213AD986A78 ft=1 fh=3cc6bbefcd819d9d vn="Win32/Adware.ConvertAd.UC application" ac=I fn="C:\zoek_backup\C_Users_Stevan_AppData_Local_9088868A-1440784587-E111-A182-00266C2D634D\snshAC8B.tmp"
sh=2621A9F295EC376317AFD4B9C891031A28E66301 ft=1 fh=39f77e0ced2f3eae vn="a variant of Win32/BubbleDock.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Stevan_AppData_Roaming_Nosibay\Bubble Dock\Bubble Dock.exe"
sh=48EA509A14257F3C064ED208EFDFDA23FD663352 ft=1 fh=b8103a1110ce7380 vn="a variant of Win32/BubbleDock.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_Stevan_AppData_Roaming_Nosibay\Bubble Dock\LBubble Dock.exe"
 
 

  • 0

#13
Nevan
Posted 03 September 2015 - 03:06 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, SteveClark180.

We're almost done. Please perform the following instructions and answer my question.

4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   431bytes   415 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
As your logs look good, could you tell me if you have any other problems with your system that you'd like to mention?

 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • Answer to my question

  • 0

#14
SteveClark180
Posted 05 September 2015 - 12:19 PM

SteveClark180

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Stevan (2015-09-05 13:11:49) Run:3
Running from C:\Users\Stevan\Desktop
Loaded Profiles: Stevan (Available Profiles: DanaZ & Stevan & Branko & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe
C:\temp\InstallFilter64.msi
C:\temp\t.msi
C:\Users\DanaZ\Documents\Documents 2012nov2\Food and receipt\brownie sour cream.exe
C:\Users\DanaZ\Documents\Food and receipt\brownie sour cream.exe
*****************
 
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat => moved successfully
C:\Program Files (x86)\Internet Explorer\iexplore.bat => moved successfully
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe => moved successfully
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe => moved successfully
C:\temp\InstallFilter64.msi => moved successfully
C:\temp\t.msi => moved successfully
C:\Users\DanaZ\Documents\Documents 2012nov2\Food and receipt\brownie sour cream.exe => moved successfully
C:\Users\DanaZ\Documents\Food and receipt\brownie sour cream.exe => moved successfully
 
==== End of Fixlog 13:11:53 ====
 
 
I don't have any other problems or concerns with my computer.

  • 0

#15
Nevan
Posted 05 September 2015 - 02:07 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, SteveClark180.

Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

 
DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.
  • Note: Make sure that the following options are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset System Settings
k0dPuvD.png
After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

 
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove ESET Online Scanner v3

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
Read this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
Adobe products have to always be updated, because they also are being used to infect your computer.
  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.
  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.
 
Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

 
Recommendations for security programs
  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • NoScript is a Firefox add-on that increases safety during surfing online by blocking malicious scripts.
  • Unchecky will help you to avoid adware and PUPs by automatically removing checkmarks for these when installing programs.
  • Web of Trust is an add-on for multiple browsers that warns you before entering websites with bad reputation.
 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.

 

Remember to post the Delfix log :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP