Hi!
My laptop is having some issues with Yamdex (in Russian), Feed.sonic-search, and Sidecube search engines in Google Chrome. These search engines appeared in Internet Explorer and Firefox without my consent.
Along with that, I have "apparently" installed Crossbrowse a few days before the search engine problems started. Other Trojan and Malware applications have infiltrated my 8.1 Windows laptop.
I went to Settings and Internet Options to find default browsers and tried to set Google as my default browser, but the pestering engines and other ad-filled tabs kept happening and slowed down my laptop. Ads kept popping up in new tabs, or otherwise they were covering up tabs I use- it really slows down my laptop.
I think I was gullible enough to accept some aggressive downloads when these things occurred. Afterwards, new apps with the "I Agree" forms have appeared while downloading the other apps, and I realized that I screwed up. I uninstalled most of the apps, but some of them won't budge. When I tried to uninstall some of the downloads it said that I needed Administrator permission to uninstall these things although I am the Administrator.
My laptop doesn't have much security anymore because my only security subscription ended a while ago.
Crossbrowse was installed in 8/20/15.
Downloads and the engine occurrences started in 8/28/15.
I hope that this battle will end before my school starts in 9/8/15, but I'm willing to go beyond this date if necessary.
I will be extremely grateful for your services!
Here's my FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Stevan (administrator) on HOMEDN-PC (30-08-2015 23:22:02)
Running from C:\Users\Stevan\Desktop
Loaded Profiles: Stevan (Available Profiles: DanaZ & Stevan & Branko & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\groover250820151255\TocbYsebre.exe
() C:\Program Files\groover250820151255\Ekoij.exe
() C:\Program Files\Konklight\Konklight.exe
() C:\Windows\msqy.exe
() C:\ProgramData\Saophase\Saophase.exe
() C:\Windows\sqy.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
() C:\Program Files\groover250820151255\Kufnemgawj.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
() C:\Program Files\groover250820151255\Ijateo.exe
() C:\Program Files\groover250820151255\Ijateo64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe
(Softissimo) C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\Lexibase.exe
() C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\Program Files\groover250820151255\Exuinke.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\groover250820151255\csrcc.exe
() C:\Users\Stevan\AppData\Local\Citytech.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
() C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [groover250820151255] => C:\Program Files\groover250820151255\Ijateo.exe [429224 2015-08-25] ()
HKLM\...\Run: [groover25082015125564] => C:\Program Files\groover250820151255\Ijateo64.exe [460456 2015-08-25] ()
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_005010074] => [X]
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [Bubble Dock] => "C:\Users\Stevan\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Run: [GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
AppInit_DLLs: C:\ProgramData\Saophase\K-eco.dll => C:\ProgramData\Saophase\K-eco.dll [212992 2015-08-30] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Tipstrong.dll => C:\ProgramData\Saophase\Tipstrong.dll [194560 2015-08-30] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Stevan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-11-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lexibase Express.lnk [2013-08-14]
ShortcutTarget: Lexibase Express.lnk -> C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe ()
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-11-09]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk [2014-05-25]
Startup: C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk [2014-05-25]
ShortcutTarget: StormAlerts.lnk -> C:\Users\DanaZ\AppData\Local\StormAlerts\StormAlertsApp.exe ()
Startup: C:\Users\Ryan Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-17]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-28]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3094508777-2562355391-1898814638-1001\User: Restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Kufnemgawj64.dll [353616 2015-08-29] ()
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 208.91.112.53 208.91.112.52
Tcpip\..\Interfaces\{B9527D6F-AC6D-467E-8F06-DCF14892A299}: [DhcpNameServer] 208.91.112.53 208.91.112.52
Tcpip\..\Interfaces\{C4EC7C64-D342-4238-BA25-99C60714BC1F}: [DhcpNameServer] 208.91.112.53 208.91.112.52
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com/
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
SearchScopes: HKLM-x32 -> {EE51F551-5AD2-49F8-9E69-EB809495726A} URL = hxxp://www.globasearch.com/?serie=209&installkey=As4G5dDDQXkL6om6EwXe&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=b61f3012c03066e79077d587555400fc&text=
SearchScopes: HKU\S-1-5-21-3094508777-2562355391-1898814638-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8ee96l84opYeGK7PTout86uYVUpJORM5aMPSKpHujg-rpnqdfeyyjj7CEZVsu5ZkOP0tSD29BNZ_fXpz3TV3c28tnIf7e3oT77YWfNsJ6BF_z-6NvsrRha5vcQl8cRB9n3R3cz9IvaLxme2Y&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva64.dll [2015-08-25] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: groover250820151255 -> {B02524C5-EF2E-45ED-801E-33E9AB705B45} -> C:\Program Files\groover250820151255\Sysvovva.dll [2015-08-25] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828
FF NewTab: C:\\ProgramData\\Saophases\\ff.NT
FF DefaultSearchEngine.US: findit
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-10-05] (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ryan Stevan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3094508777-2562355391-1898814638-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stevan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\user.js [2015-08-30]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Stevan\AppData\Roaming\Mozilla\Firefox\Profiles\lq5d9h76.default-1440832493828\searchplugins\findit.xml [2015-08-30]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-08-30]
FF HKLM\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
FF Extension: groover250820151255 - C:\Program Files\groover250820151255\Firefox [2015-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{B02524C5-EF2E-45ED-801E-33E9AB705B45}] - C:\Program Files\groover250820151255\Firefox
Chrome:
=======
CHR Profile: C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-28]
CHR Profile: C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-22]
CHR Extension: (YouTube) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-22]
CHR Extension: (Google Search) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-22]
CHR Extension: (AdBlock) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Stevan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-22]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 032E4D9E-99D1-47E4-8608-82244BD88146; C:\Program Files\groover250820151255\Exuinke.exe [281256 2015-08-25] ()
R3 csrcc; C:\Program Files\groover250820151255\csrcc.exe [1444520 2015-08-25] ()
R2 DaljiaEkuivu; C:\Program Files\groover250820151255\TocbYsebre.exe [171856 2015-08-25] ()
R2 groover250820151255 Updater; C:\Program Files\groover250820151255\Ekoij.exe [171176 2015-08-25] ()
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 iosnload; C:\Users\Stevan\AppData\Local\Citytech.exe [52736 2015-08-30] () [File not signed]
R2 Konklight; C:\Program Files\Konklight\Konklight.exe [379904 2015-08-27] () [File not signed]
R3 Kufnemgawj; C:\Program Files\groover250820151255\Kufnemgawj.exe [2044240 2015-08-25] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 msqy; c:\windows\msqy.exe [408576 2015-08-28] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Saophase; C:\ProgramData\Saophase\Saophase.exe [33792 2015-08-27] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-29] (Enigma Software Group USA, LLC.)
R2 sqy; c:\windows\sqy.exe [417792 2015-08-28] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 msdotnetserv_v2050729; C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-08-29] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56736 2015-08-20] (Windows ® Win 7 DDK provider)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-08-29] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-29] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-30 23:22 - 2015-08-30 23:23 - 00023406 _____ C:\Users\Stevan\Desktop\FRST.txt
2015-08-30 21:24 - 2015-08-30 21:25 - 00279872 _____ C:\WINDOWS\Minidump\083015-40937-01.dmp
2015-08-30 21:24 - 2015-08-30 21:24 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-30 16:04 - 2015-08-30 16:04 - 00003918 _____ C:\WINDOWS\System32\Tasks\Update Mozilla Firefox
2015-08-30 15:22 - 2015-08-30 15:22 - 00000000 ____D C:\ProgramData\Saophases
2015-08-30 15:21 - 2015-08-30 21:28 - 00000000 ____D C:\ProgramData\Saophase
2015-08-30 15:19 - 2015-08-30 15:19 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 15:04 - 2015-08-30 15:04 - 00003156 _____ C:\WINDOWS\System32\Tasks\pn4le0nv
2015-08-30 15:03 - 2015-08-30 15:03 - 00000000 ____D C:\Program Files\Common Files\zmn5cqnr
2015-08-30 13:53 - 2015-08-30 14:53 - 00000000 ____D C:\Program Files\Konklight
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-30 01:25 - 2015-08-30 01:25 - 00000285 _____ C:\files.log
2015-08-30 01:15 - 2015-08-30 01:46 - 00000191 _____ C:\folders.log
2015-08-30 01:15 - 2015-08-30 01:46 - 00000000 ____D C:\zoek
2015-08-29 23:52 - 2015-08-30 01:46 - 00062576 _____ C:\Users\Stevan\Desktop\zoek-results.log
2015-08-29 23:09 - 2015-08-30 01:46 - 00004948 _____ C:\runcheck.txt
2015-08-29 23:08 - 2015-08-30 01:23 - 00000000 ____D C:\zoek_backup
2015-08-29 23:02 - 2015-08-29 23:11 - 00000000 ____D C:\ProgramData\Ebonmedia
2015-08-29 22:26 - 2015-08-29 22:26 - 01308672 _____ C:\Users\Stevan\Desktop\zoek.exe
2015-08-29 22:07 - 2015-08-29 22:07 - 00000000 ____D C:\Users\Stevan\Downloads\FRST-OlderVersion
2015-08-29 22:06 - 2015-08-30 23:22 - 00000000 ____D C:\FRST
2015-08-29 22:06 - 2015-08-29 22:07 - 02186752 _____ (Farbar) C:\Users\Stevan\Downloads\FRST64.exe
2015-08-29 22:01 - 2015-08-30 23:20 - 02188288 _____ (Farbar) C:\Users\Stevan\Desktop\FRST64.exe
2015-08-29 21:53 - 2015-08-29 21:54 - 00000000 ____D C:\AdwCleaner
2015-08-29 15:54 - 2015-08-29 15:54 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-29 15:52 - 2015-08-30 21:25 - 00004744 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\SysWOW64\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-30 21:25 - 00002456 _____ C:\WINDOWS\system32\KufnemgawjOff.ini
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-29 15:52 - 2015-08-25 04:57 - 00283472 _____ C:\WINDOWS\SysWOW64\Kufnemgawj.dll
2015-08-29 15:51 - 2015-08-29 15:51 - 00003644 _____ C:\WINDOWS\System32\Tasks\Radqyvm
2015-08-29 15:51 - 2015-08-29 15:51 - 00000000 ____D C:\WINDOWS\system32\abis
2015-08-29 15:49 - 2015-08-29 15:54 - 00000000 ____D C:\Program Files\groover250820151255
2015-08-29 15:49 - 2015-08-20 11:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-29 02:29 - 2015-08-29 02:29 - 00000000 _____ C:\autoexec.bat
2015-08-29 02:28 - 2015-08-29 02:28 - 00003332 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-08-29 02:28 - 2015-08-29 02:28 - 00001114 _____ C:\Users\Stevan\Desktop\SpyHunter.lnk
2015-08-29 02:28 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-29 02:27 - 2015-08-29 02:27 - 00000000 ____D C:\sh4ldr
2015-08-29 02:23 - 2015-08-29 02:23 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-08-29 02:14 - 2015-08-29 02:14 - 00000000 ____D C:\Users\Stevan\Documents\Old Firefox Data
2015-08-29 01:41 - 2015-08-29 02:28 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Enigma Software Group
2015-08-29 01:41 - 2015-08-29 02:22 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-29 01:41 - 2015-08-29 01:41 - 00001109 _____ C:\Users\Stevan\Desktop\RegHunter.lnk
2015-08-29 01:41 - 2015-08-29 01:41 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2015-08-29 01:15 - 2015-08-30 15:23 - 00002302 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-28 22:35 - 2015-08-30 22:35 - 00001078 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-28 22:35 - 2015-08-28 22:35 - 00004082 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Ryan Stevan\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\DanaZ\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\Users\Branko\AppData\Local\Crossbrowse
2015-08-28 22:35 - 2015-08-28 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-28 22:31 - 2015-08-29 00:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 22:30 - 2015-08-29 00:55 - 00000000 ____D C:\Program Files (x86)\CinePlus-1.44V28.08
2015-08-28 22:29 - 2015-08-30 13:28 - 00000000 ___HD C:\ProgramData\sqy
2015-08-28 22:26 - 2015-08-28 22:26 - 00631808 _____ C:\WINDOWS\sqy.dat
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ C:\WINDOWS\msqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ C:\WINDOWS\sqy.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00001046 _____ C:\Users\Guest\Desktop\PepperZip.lnk
2015-08-28 22:25 - 2015-08-28 22:25 - 00001046 _____ C:\Users\DanaZ\Desktop\PepperZip.lnk
2015-08-28 22:25 - 2015-08-28 22:25 - 00001046 _____ C:\Users\Branko\Desktop\PepperZip.lnk
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-28 22:25 - 2015-08-28 22:25 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-08-28 22:13 - 2015-08-28 22:13 - 00000000 ____D C:\Users\DanaZ\AppData\Local\GWX
2015-08-28 22:12 - 2015-08-28 22:12 - 00000000 ____D C:\Users\DanaZ\AppData\Local\CEF
2015-08-28 21:20 - 2015-08-28 21:20 - 00003234 _____ C:\WINDOWS\System32\Tasks\PROPCCleanerSoftware_Start
2015-08-28 21:19 - 2015-08-28 21:19 - 00000000 ____D C:\Users\Stevan\AppData\Local\Rainmaker_Software_Group_
2015-08-28 21:15 - 2015-08-28 21:15 - 00000000 ____D C:\Users\Stevan\AppData\Local\IsolatedStorage
2015-08-28 21:14 - 2015-08-28 22:19 - 00000000 ____D C:\Users\Stevan\Documents\PROPCCleanerSoftware
2015-08-28 21:12 - 2015-08-28 21:12 - 00000000 ____D C:\Users\Stevan\AppData\Local\Setup242812
2015-08-28 18:31 - 2015-08-30 21:26 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-28 18:31 - 2015-08-30 15:23 - 00001445 _____ C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-28 18:30 - 2015-08-29 00:59 - 00002067 _____ C:\WINDOWS\SysWOW64\debug.log
2015-08-28 18:28 - 2015-08-28 18:28 - 00000000 _____ C:\WINDOWS\SysWOW64\track
2015-08-28 18:26 - 2015-08-28 18:26 - 00000000 ____D C:\Users\Stevan\AppData\Local\CEF
2015-08-28 18:22 - 2015-08-28 18:22 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\Users\Stevan\Documents\DailyPCClean
2015-08-28 18:05 - 2015-08-29 01:00 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-28 17:58 - 2015-08-30 20:47 - 00000000 ____D C:\ProgramData\MSNetCore
2015-08-28 17:58 - 2015-08-28 17:58 - 00000000 ____D C:\ProgramData\Ufhnaeskuek
2015-08-28 17:56 - 2015-07-25 14:13 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Guest\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\DanaZ\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00002030 _____ C:\Users\Branko\Desktop\Real Desktop Pool.lnk
2015-08-28 17:55 - 2015-08-28 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Desktop Pool
2015-08-28 17:54 - 2015-08-29 22:24 - 00000000 ____D C:\Program Files (x86)\9088868A-1440802479-E111-A182-00266C2D634D
2015-08-28 17:52 - 2015-08-28 22:18 - 00000000 ____D C:\Users\Stevan\Documents\ProPCCleaner
2015-08-28 17:52 - 2015-08-28 17:52 - 00003200 _____ C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-08-28 17:52 - 2015-08-28 17:52 - 00000000 ____D C:\Users\Stevan\AppData\Local\Pro_PC_Cleaner
2015-08-28 17:35 - 2015-08-28 17:35 - 00003336 _____ C:\WINDOWS\System32\Tasks\PaintTool SAI
2015-08-22 18:53 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-22 18:53 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 10:10 - 2015-08-08 08:55 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-19 10:10 - 2015-08-08 08:55 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-18 14:55 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-18 14:55 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 22:56 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-14 22:56 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-14 22:56 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-14 22:56 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-14 22:55 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-14 22:55 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-14 22:55 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-14 22:55 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-14 22:55 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-14 22:55 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-14 22:55 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-14 22:55 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-14 22:55 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-14 22:55 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-14 22:49 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-14 22:49 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-14 22:49 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-14 22:49 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-14 22:49 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-14 22:49 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-14 22:49 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-14 22:49 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-14 22:49 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-14 22:49 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-14 22:48 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-14 22:48 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-14 22:48 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-14 22:48 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-14 22:48 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-14 22:48 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-14 22:48 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-14 22:48 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-14 22:48 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-14 22:48 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-14 22:48 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-14 22:48 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-14 22:48 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-14 22:48 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-14 22:48 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-14 22:48 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-14 22:48 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-14 22:48 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-14 22:48 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-14 22:48 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-14 22:48 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-14 22:48 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-14 22:48 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-14 22:48 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-14 22:48 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-14 22:48 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-14 22:48 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-14 22:48 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-14 22:48 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-14 22:47 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-14 22:47 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-14 22:47 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-14 22:47 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-14 22:47 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-14 22:47 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-14 22:47 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-14 22:47 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-14 22:47 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-14 22:45 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-14 22:45 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-14 22:45 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-14 22:45 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-14 22:44 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-14 22:44 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-14 22:44 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-14 22:44 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-14 22:44 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-14 22:44 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-14 22:44 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-14 22:44 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-14 22:44 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-14 22:40 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-14 22:40 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-14 22:40 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-14 22:40 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-14 22:40 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-14 22:40 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-14 22:40 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-14 22:40 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 21:19 - 2015-08-11 21:19 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-04 16:37 - 2015-08-04 16:37 - 00000000 ____D C:\Users\Stevan\AppData\Local\Adobe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-30 23:19 - 2013-06-17 19:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-30 23:16 - 2012-11-02 23:15 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 23:12 - 2014-02-24 21:20 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB021690-B451-41EF-AF6A-ADC322030651}
2015-08-30 23:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-30 22:31 - 2013-05-30 16:46 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA.job
2015-08-30 22:03 - 2013-05-21 23:40 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3094508777-2562355391-1898814638-1004
2015-08-30 21:39 - 2013-10-30 09:02 - 01572085 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-30 21:31 - 2013-05-30 16:46 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core.job
2015-08-30 21:27 - 2012-11-02 23:15 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 21:24 - 2013-09-29 22:55 - 01072096 _____ C:\WINDOWS\PFRO.log
2015-08-30 21:24 - 2013-08-22 09:46 - 00419235 _____ C:\WINDOWS\setupact.log
2015-08-30 21:24 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-30 21:24 - 2012-11-12 17:35 - 508257404 _____ C:\WINDOWS\MEMORY.DMP
2015-08-30 21:12 - 2013-09-24 17:13 - 00000000 ____D C:\Users\Stevan\AppData\Local\CrashDumps
2015-08-30 15:23 - 2013-12-01 16:43 - 00001445 _____ C:\Users\Branko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:23 - 2013-11-09 10:50 - 00001445 _____ C:\Users\DanaZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-30 15:18 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-30 15:01 - 2014-05-26 00:45 - 00000296 _____ C:\WINDOWS\Tasks\_DEFAULT.job
2015-08-30 01:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-30 01:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-30 01:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-08-29 22:57 - 2013-10-30 08:39 - 00000000 ____D C:\Users\Stevan
2015-08-29 15:51 - 2015-03-09 23:04 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-08-29 15:51 - 2015-03-09 23:03 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-08-29 01:48 - 2012-11-24 17:58 - 00001462 _____ C:\Users\Ryan Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-29 01:26 - 2014-05-26 01:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-29 01:26 - 2014-05-26 01:29 - 00002050 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-08-29 01:26 - 2012-08-18 11:06 - 00000000 ____D C:\ProgramData\Adobe
2015-08-29 01:15 - 2012-11-02 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-29 00:55 - 2014-05-26 01:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-28 22:21 - 2013-10-31 16:27 - 00000610 __RSH C:\Users\Stevan\ntuser.pol
2015-08-28 18:53 - 2013-09-30 00:23 - 00000000 ____D C:\Users\Stevan\Documents\Book Place
2015-08-28 18:22 - 2013-10-31 16:28 - 00002071 ____R C:\Users\Stevan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-08-28 18:21 - 2014-04-09 20:11 - 00001986 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2015-08-28 18:20 - 2012-08-18 11:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 18:18 - 2015-06-19 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-28 18:18 - 2014-04-09 20:11 - 00001974 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2015-08-28 17:37 - 2013-08-22 08:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-28 16:43 - 2014-08-12 12:05 - 00000226 _____ C:\Users\Stevan\BullseyeCoverageError.txt
2015-08-28 16:04 - 2013-10-30 14:34 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 16:04 - 2013-06-30 12:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 17:11 - 2012-11-02 23:15 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 17:11 - 2012-11-02 23:15 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 14:32 - 2015-04-15 01:23 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-26 14:32 - 2015-03-13 01:23 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 14:32 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-23 21:44 - 2013-07-23 03:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-23 21:44 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-23 21:10 - 2012-12-13 02:35 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 10:09 - 2013-08-22 09:44 - 00522936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-18 19:10 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 19:10 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 15:01 - 2014-11-06 13:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-18 14:59 - 2012-11-03 00:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-18 14:29 - 2012-07-26 00:26 - 00000336 _____ C:\WINDOWS\win.ini
2015-08-16 20:44 - 2013-12-12 09:53 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6D45E8A3-2023-4539-B773-7B8E4E615878}
2015-08-16 19:28 - 2013-12-01 16:49 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3094508777-2562355391-1898814638-1005
2015-08-15 17:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-13 22:59 - 2013-10-30 11:25 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-11 22:40 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-11 21:21 - 2013-06-17 19:38 - 00003712 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-05 21:57 - 2013-05-21 23:32 - 00000000 ____D C:\Users\Stevan\AppData\Local\Packages
2015-08-04 16:37 - 2013-05-21 23:33 - 00000000 ____D C:\Users\Stevan\AppData\Roaming\Adobe
==================== Files in the root of some directories =======
2015-08-30 15:19 - 2015-08-30 15:19 - 4241742 _____ (Bycatch) C:\Program Files\Common Files\vzhlectj.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 0000187 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe.config
2012-11-04 04:02 - 2012-12-17 01:28 - 0002816 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-03-09 23:04] - [2015-08-29 15:51] - 0657920 ____A (Microsoft Corporation) 69BE1F75EC278634C241501AEC6F4D5E
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-03-09 23:03] - [2015-08-29 15:51] - 0498688 ____A (Microsoft Corporation) 454F8AEEF9DE95B00078AEA0F85A16E3
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-27 18:44
==================== End of FRST.txt ============================
Here's my Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-08-2015
Ran by Stevan (2015-08-30 23:26:18)
Running from C:\Users\Stevan\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3094508777-2562355391-1898814638-500 - Administrator - Disabled)
Branko (S-1-5-21-3094508777-2562355391-1898814638-1005 - Limited - Enabled) => C:\Users\Branko
DanaZ (S-1-5-21-3094508777-2562355391-1898814638-1001 - Limited - Enabled) => C:\Users\DanaZ
Guest (S-1-5-21-3094508777-2562355391-1898814638-501 - Limited - Disabled) => C:\Users\Guest
Stevan (S-1-5-21-3094508777-2562355391-1898814638-1004 - Administrator - Enabled) => C:\Users\Stevan
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EaseUS Data Recovery Wizard 5.8.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 5.8.5_is1) (Version: - EaseUS)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
groover250820151255 2.0.0.473 (HKLM\...\{B02524C5-EF2E-45ED-801E-33E9AB705B45}_is1) (Version: 2.0.0.473 - groover)
GUPlayer (remove only) (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\GUPlayer) (Version: - ) <==== ATTENTION
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{9C57D227-1FE7-4F40-BD49-2BCA7761B083}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 2 Runtime Environment Standard Edition v1.3.1 (HKLM-x32\...\JRE 1.3.1) (Version: - )
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Lexibase Standard (HKLM-x32\...\{22AE875F-B8B3-46AF-856C-CE858538D912}) (Version: 6.0 - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Math Odyssey Calculus (HKLM-x32\...\Math Odyssey Calculus) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RegHunter (HKLM-x32\...\RegHunter) (Version: 1.3.3.1613 - Enigma Software Group, LLC)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SigningAvatar Illustrated Dictionary (HKLM-x32\...\SAID) (Version: - )
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
Talk to Me (HKLM-x32\...\TTM70) (Version: - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Venues X3D Viewer and Simulation Engine (HKLM-x32\...\Venues X3D Viewer and Simulation Engine) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - Sakar)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
02-08-2015 14:23:15 Windows Update
15-08-2015 17:24:31 Scheduled Checkpoint
18-08-2015 13:55:13 Windows Modules Installer
22-08-2015 18:52:23 Windows Update
29-08-2015 23:52:26 zoek.exe restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2015-07-25 14:13 - 00000854 ____N C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06A7A42B-BF09-446F-A415-A22844688A81} - System32\Tasks\{7D801F0F-ECB4-4A66-A79D-7951B37DFE50} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {0846558F-70E8-49B0-8C7D-B612DF4FA046} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {10890A8C-DDA7-4780-972D-0E464D30735E} - System32\Tasks\{A933A2FA-82F8-435E-A170-EFA1A7D021F1} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {11077B7C-C68A-4E69-8163-F5621F8834E7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {12540047-6CA1-4B26-85B4-CFF4063ED315} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {1453710B-D6F4-4B64-957E-D9CD74F707BE} - System32\Tasks\{B7A60EE3-C2D9-477D-99C0-AB8CF1F8712E} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {14DBE6F2-C65A-4EF2-A6CA-5E40F45DF5FD} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {190FF3A5-9FF4-4C18-A0E1-D446176E157F} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-08-28] () <==== ATTENTION
Task: {1E1BA39F-6C27-4432-B1CF-FDC661337B86} - \Ufhnaeskuek -> No File <==== ATTENTION
Task: {29863619-2D27-4729-B1F8-0B97055061A7} - System32\Tasks\{177B11F1-600B-4488-82A3-E6E65AF27102} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2B43FB43-F806-4FFB-8FAF-E9B75E20BF0D} - System32\Tasks\gg_uac_daemon_Ryan Stevan => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()
Task: {2DF546B0-7F16-4D15-A6DA-45CC868166BE} - System32\Tasks\_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {2EE866EC-8758-44B9-9494-1C06C41B0324} - System32\Tasks\_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {44E530AF-1A6A-4F8B-9F0D-F7FD5FE22D2B} - System32\Tasks\{F9C615D6-0839-45B2-A9E4-9BE2C0762775} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {4625B511-A5D1-4261-B2B2-0CBA23685716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {471BB366-78D3-4AD3-B9E3-7D6AD05EE71C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4E23FAC7-4304-43C0-8A4E-6349C755ADE9} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {5DE9BCCF-817C-4D42-9324-7A77A5C273A0} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
Task: {6CA8EF9A-AA05-403A-AD73-2247B967BF94} - System32\Tasks\{6A2C056C-BE5D-4732-A9F0-F872F4EF6785} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7559B2D3-36D2-4406-8722-B839D85A5AE5} - System32\Tasks\{1C7A89C0-E10D-4D0E-8F45-FF021F113A51} => pcalua.exe -a D:\start_ca.exe -d D:\
Task: {802E23C6-B296-4818-A9BD-45B4332A07CD} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {8037DC79-25B8-4983-A753-0EEEC1598773} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88F51287-7CDD-4411-9319-3C50046D1C6C} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {98104618-F0D0-4731-A6D3-57D39853342C} - System32\Tasks\Update Mozilla Firefox => C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe [2015-08-30] ()
Task: {9DF0FC7E-428E-4481-9F1D-202E6BF8B4F4} - System32\Tasks\pn4le0nv => C:\Program Files\Common Files\zmn5cqnr\dd5fbc1fjiaiz.exe [2015-08-18] ()
Task: {A0ADB587-D610-4C3C-9871-E3016DA0EDE9} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A2C183FD-4F07-4320-91E3-E1F8DA74E933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A6142E1E-5488-47D4-BF37-FF4AB41A3974} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-08-29] (Enigma Software Group USA, LLC.)
Task: {B9091D2B-F5CF-4A52-B957-D729520C20BC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {B9398A4A-E963-42EA-B061-C74F2BFB8654} - System32\Tasks\{98B64D1D-0D56-468C-B8C2-D287ED658A34} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B9648FCB-067A-4714-9F14-F4E58F308D9D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C0EE1880-0F64-49B1-91CE-BB92D18970BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C3827B87-74BB-49D5-9886-5759C8ED7BF8} - \RegClean Pro -> No File <==== ATTENTION
Task: {C68ECD44-2082-4A97-904A-E971AAEAE619} - System32\Tasks\{53C3728E-69FB-402B-87C7-F01A8960CB68} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {C852877A-C27B-4F95-B288-846E2936F609} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat [2015-08-25] ()
Task: {D34C2561-B185-4931-8893-D739F43C523B} - \EbonmediaUpdater -> No File <==== ATTENTION
Task: {DE0E7839-CDC6-4577-8C62-9F87E3339B56} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {E49DFC95-33C7-43D5-A5C8-462CEEC517D1} - System32\Tasks\PaintTool SAI => C:\Users\Stevan\AppData\Local\Temp\is-EC15A.tmp\prsetup.exe <==== ATTENTION
Task: {F0AF2BA8-0AAD-4E0B-8DB7-A57C328C0010} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {FC4D78D4-0C1E-4C10-8311-EDFD5B4AB9B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {FF07D1F5-C985-4336-996E-6EEA0B914D29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002Core.job => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3094508777-2562355391-1898814638-1002UA.job => C:\Users\Ryan Stevan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
2015-08-29 15:52 - 2015-08-25 04:57 - 00353616 _____ () C:\WINDOWS\system32\Kufnemgawj64.dll
2015-08-25 04:57 - 2015-08-25 04:57 - 00171856 _____ () C:\Program Files\groover250820151255\TocbYsebre.exe
2015-08-29 15:50 - 2015-08-25 13:00 - 00171176 _____ () C:\Program Files\groover250820151255\Ekoij.exe
2015-08-27 03:22 - 2015-08-27 03:22 - 00379904 _____ () C:\Program Files\Konklight\Konklight.exe
2015-08-28 22:25 - 2015-08-28 22:26 - 00408576 _____ () c:\windows\msqy.exe
2015-08-27 03:20 - 2015-08-27 03:20 - 00033792 _____ () C:\ProgramData\Saophase\Saophase.exe
2015-08-28 22:25 - 2015-08-28 22:25 - 00417792 _____ () c:\windows\sqy.exe
2015-08-25 04:57 - 2015-08-25 04:57 - 02044240 _____ () C:\Program Files\groover250820151255\Kufnemgawj.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00293544 _____ () C:\Program Files\groover250820151255\Mooxl64.DLL
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2015-08-29 15:49 - 2015-08-25 13:00 - 00429224 _____ () C:\Program Files\groover250820151255\Ijateo.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00460456 _____ () C:\Program Files\groover250820151255\Ijateo64.exe
2013-08-14 19:03 - 2005-07-26 11:56 - 00081920 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\L-Express.exe
2015-08-30 14:54 - 2015-08-30 14:54 - 00855040 _____ () C:\Program Files\Konklight\packages\4d476283-cc5e-4596-965d-35d07905e087\zathplus.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 00281256 _____ () C:\Program Files\groover250820151255\Exuinke.exe
2015-08-29 15:49 - 2015-08-25 13:00 - 01444520 _____ () C:\Program Files\groover250820151255\csrcc.exe
2015-08-30 13:52 - 2015-08-30 13:42 - 00052736 _____ () C:\Users\Stevan\AppData\Local\Citytech.exe
2015-08-28 17:58 - 2015-08-28 17:58 - 00157696 _____ () C:\ProgramData\Ufhnaeskuek\1.0.4.1\idepaase.exe
2012-08-28 00:33 - 2012-08-28 00:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-28 00:33 - 2012-08-28 00:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-29 15:49 - 2015-08-25 13:00 - 00287400 _____ () C:\Program Files\groover250820151255\Mooxl.DLL
2013-08-14 19:03 - 2005-07-11 16:37 - 00024576 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\hkey.dll
2013-08-14 19:03 - 2005-07-11 17:47 - 00040960 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\resl_en.dll
2013-08-14 19:03 - 2004-09-27 17:47 - 00152064 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\unrar.dll
2013-08-14 19:03 - 2005-07-11 17:48 - 00024576 _____ () C:\Program Files (x86)\Softissimo\Lexibase Standard\exe\UnicodeUI.dll
2015-08-30 15:22 - 2015-08-30 15:22 - 00194560 _____ () C:\ProgramData\Saophase\Tipstrong.dll
2015-08-21 14:16 - 2015-08-18 00:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 14:16 - 2015-08-18 00:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-21 14:16 - 2015-08-18 00:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kufnemgawj => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\Blue.jpg
DNS Servers: 208.91.112.53 - 208.91.112.52
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\StartupFolder: => "crossbrowse.lnk"
HKU\S-1-5-21-3094508777-2562355391-1898814638-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_371A0487FC476B04C111CD7F9EF56B46"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{102C747A-3660-4192-AD83-2CCE6E7E7AC5}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D6E6AC71-1E12-4571-B94C-032C10CF69DB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{2103A16A-0CA7-486C-95BB-2CD27F898B7A}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F440F913-1BB2-4D34-9D7A-F729A7D31BF4}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{43FFBF1A-C79D-4DF4-8143-E584A8E4FFB9}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [UDP Query User{63D56538-BEB8-404F-819E-B228626EF7C0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B6815AAD-B599-45D0-B195-A5229BBF4F16}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADDD48FD-6FD4-4456-B738-6E0FDAA025BA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F0967642-A0BB-49D4-981B-0D374B7396FF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{0A6A19F1-12F5-4F64-B9EB-7F9A68909578}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{4C223433-8523-48E3-A61C-392714911506}] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{9654E21A-4BD0-4DAC-B5C1-C4A7BC7DE4C0}] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{BF9FE651-40B8-4EB7-81ED-B6A74DEAAC74}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [TCP Query User{6C01F60D-137C-40A7-8EC9-506339816286}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{27489440-1C2A-40D2-B698-BE3B14CC2325}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{37D7702D-B6CF-40B6-9E16-1C26887D8895}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{56EA567F-BF03-4FB8-ABAA-D77E30BBAA7E}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{2FC3F243-31AA-4946-B97C-8F787FBFB1A5}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{797F4E7D-CB03-4076-A7F1-F91B1FED7009}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [UDP Query User{190363F5-9BE6-4382-8743-376CB083A19A}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{FCEBA05F-8BCC-4A13-BF06-87B89C830C6F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{FC8205BA-2590-4B64-BC4F-0DD47A141C31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BD04358-096C-4813-9962-2A54FD7FBBA4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A53A1DAC-B0C0-4FC6-A913-520832DE211B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9F83ED-50CF-42FC-8C08-5907D51D7573}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4012ED84-0EBA-4E52-9D02-C957479262A8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{67697294-1C42-41D0-B260-0E4A114D65FA}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{309C1AA6-D85D-496A-A73D-7F68CBE5EC39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{0CBBF9FD-3CA3-453D-96E0-D794897C94FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{7DFFDF80-B366-4A20-9549-4D25870298EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C8FE94BA-C1ED-4B62-9D11-3128D53242C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C1BDCFC1-3645-48C9-82C0-AC5128F14123}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{63D33559-3D7D-450B-94E7-786350317401}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E50A617F-2B83-443F-8A67-2893019BE8EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{168ECC8F-6395-481C-8F1B-0D58F76C3030}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FD1C6910-D9EB-49FB-99AF-B8139FFE4634}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{C3ACE5FA-B911-4016-B5E4-FB4C39AA6366}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F15853CC-1DBD-4AED-AE39-8F7F22719025}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{339F090E-9BBC-4C3D-A34B-0DB05BF53919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3482F4B4-CCFA-48A0-9B1C-CE8353164675}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{B4C704BD-3470-47BC-9014-4714C42ACCC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{CF5A5343-2FD1-4717-8010-EF7A2A2FFD40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5D61CBD7-D54E-4027-A4BD-675B527047AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B2563A70-9B9B-46C6-A3C4-94313D105FB7}] => (Allow) C:\Users\DanaZ\AppData\Local\Temp\7zS7B79\setup\hpznui40.exe
FirewallRules: [{C42BB232-8824-4FA2-B4A0-DEC3C027AA5B}] => (Allow) LPort=1900
FirewallRules: [{1F3CB673-D176-4B2D-B903-82330101BD96}] => (Allow) LPort=2869
FirewallRules: [{9800EFF7-D517-488C-B0C6-111E93E44B4A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E16B3112-CA72-4CD0-BAF3-6A55676D5547}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{0F60934D-8C01-409A-AC49-14C80D9328EE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [TCP Query User{A43AED5C-2F2C-4D32-B261-270C3BFDD3FB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{DD4C9686-531D-4020-A517-814074017F6A}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{C20977CE-3CDC-4DCB-A2C1-E59CD4D29630}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A129431D-4BAF-47E3-9370-6B8757EF788F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C666E8DD-A9F6-4BAA-95B8-97A2559B27C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{365B2375-98EE-4A04-B314-3A81BA37E69D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{99CC9D98-A3D5-4FDA-AB2D-C075A913323E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{454073A4-DA64-4DD5-8513-EC13A9489970}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EB67AD5-72EF-417E-87D6-F27EB44FC6AF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{310CF68C-0971-43DE-B794-701E3BA18D14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{50AFCDB8-6B96-4F3A-967A-4FCD48F3EADF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6D7BEB34-6754-4E08-9158-57868B7E427B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{2A825662-80FB-4D27-A3D3-49C5580CBE4C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{36906AB0-7B21-4E86-8EF6-2AE57441649B}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
FirewallRules: [{9A4F3174-BE2E-4EFD-876A-869CBDE3560F}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msbuild.exe
FirewallRules: [{EB8CC70E-034C-4595-BC65-8B7DB2E3D8C9}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{6BCACF81-E441-4122-B432-DDA7184B7E03}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{2A3E90B2-7FE8-4CC1-861C-1565F133C626}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣湩瑥捰攮數
FirewallRules: [{4F664E03-1090-4C43-9572-3AEB861E80E2}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣敲瑳湩灴硥e
FirewallRules: [{532C276B-C85D-41F6-8C7F-CCC625B4221F}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{B6C29E43-5C29-4AE1-B20F-2A86E3E26799}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: TOSHIBA Web Camera - HD
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/30/2015 11:19:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 29.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1d38
Start Time: 01d0e3a431ed52a9
Termination Time: 63
Application Path: C:\Users\Stevan\Desktop\FRST64.exe
Report Id: 7c6d2793-4f97-11e5-803f-00266c2d634d
Faulting package full name:
Faulting package-relative application ID:
Error: (08/30/2015 09:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 38.0.5.5623, time stamp: 0x5563b224
Faulting module name: Rankflex.dll, version: 1.0.0.24846, time stamp: 0x55d5c8fb
Exception code: 0xc0000005
Fault offset: 0x000049d8
Faulting process id: 0x124c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5
Error: (08/30/2015 09:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc000000d
Fault offset: 0x000f5084
Faulting process id: 0x1594
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5
Error: (08/30/2015 08:50:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1438
Start Time: 01d0e38f53fc58e7
Termination Time: 656
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: ad93f3e9-4f82-11e5-803e-00266c2d634d
Faulting package full name:
Faulting package-relative application ID:
Error: (08/30/2015 08:47:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250
System errors:
=============
Error: (08/30/2015 11:26:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
Error: (08/30/2015 09:28:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (08/30/2015 09:28:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Lexi Andox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (08/30/2015 09:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (08/30/2015 09:28:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
Error: (08/30/2015 09:25:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft .Net Framework v2.0.50729 ALP (X86) service failed to start due to the following error:
%%2
Error: (08/30/2015 09:25:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x000000000000003c, 0x0000000000000002, 0x0000000000000001, 0xfffff800a232e192)C:\WINDOWS\MEMORY.DMP083015-40937-01
Error: (08/30/2015 09:24:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275
Error: (08/30/2015 09:24:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:03:04 PM on 8/30/2015 was unexpected.
Error: (08/30/2015 01:16:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.
Microsoft Office:
=========================
Error: (08/30/2015 11:19:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe29.8.2015.01d3801d0e3a431ed52a963C:\Users\Stevan\Desktop\FRST64.exe7c6d2793-4f97-11e5-803f-00266c2d634d
Error: (08/30/2015 09:17:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe38.0.5.56235563b224Rankflex.dll1.0.0.2484655d5c8fbc0000005000049d8124c01d0e3932eff6c12C:\PROGRA~2\MOZILL~1\firefox.exeC:\ProgramData\Saophase\Rankflex.dll6ef64e7a-4f86-11e5-803e-00266c2d634d
Error: (08/30/2015 09:08:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17840555fe1bbntdll.dll6.3.9600.1793655a68dd1c000000d000f5084159401d0e391e6a29beeC:\PROGRA~2\INTERN~1\iexplore.exeC:\WINDOWS\SYSTEM32\ntdll.dll2a9940e6-4f85-11e5-803e-00266c2d634d
Error: (08/30/2015 08:50:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840143801d0e38f53fc58e7656C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEad93f3e9-4f82-11e5-803e-00266c2d634d
Error: (08/30/2015 08:47:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook
Error: (08/30/2015 08:47:09 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Outlook4
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250
Error: (08/30/2015 04:45:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250
CodeIntegrity:
===================================
Date: 2015-08-30 17:22:53.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:51.150
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:46.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:44.761
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:42.390
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:40.443
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:37.962
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 17:22:36.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 15:26:32.990
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-08-30 15:26:31.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\Kufnemgawj64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon HD Graphics
Percentage of memory in use: 61%
Total physical RAM: 3678.26 MB
Available physical RAM: 1423.79 MB
Total Virtual: 7390.26 MB
Available Virtual: 4420.55 MB
==================== Drives ================================
Drive c: (TI10649800F) (Fixed) (Total:287.51 GB) (Free:159.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Please contact me!