Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't download [Closed]


  • This topic is locked This topic is locked

#1
Snapples

Snapples

    New Member

  • Member
  • Pip
  • 8 posts

Hi, my computer suddenly stopped being able to download anything. 

When I say it won't download anything, I mean not just browser downloads, but also application downloads, anti-virus updates.

My current anti-virus is Kaspersky Anti-Virus. 

Windows 7 

 

I've tried:

-deleting cache and cookies from chrome (main browser)

-switching to firefox

-turning on and off anti-virus

-restarting the computer

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Cherryckjj (administrator) on CHERRYCKJJ-PC (23-09-2015 15:01:08)
Running from C:\Users\Cherryckjj\Desktop
Loaded Profiles: Cherryckjj (Available Profiles: Cherryckjj)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Scarlet.Crush Productions) D:\Emulators\PS2 emu\PCSX2 1.0.0\ScpServer\bin\ScpService.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Send Anywhere\sendanywhere.exe
(Akamai Technologies, Inc.) C:\Users\Cherryckjj\AppData\Local\Akamai\netsession_win.exe
(Mega Limited) C:\Users\Cherryckjj\AppData\Local\MEGAsync\MEGAsync.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Akamai Technologies, Inc.) C:\Users\Cherryckjj\AppData\Local\Akamai\netsession_win.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe
(Microsoft) C:\Windows\wnavga.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Sogou.com Inc.) C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouCloud.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dfrgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567568 2015-08-16] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DigiDo] => C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158088 2015-06-16] (Affinegy, Inc.)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [GoogleChromeAutoLaunch_8CFDF07D37CE5E5F3B9804491D6ADF08] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-18] (Google Inc.)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [SendAnywhere] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe [4338424 2015-07-31] ()
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Cherryckjj\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: {7c147bf9-ee0d-11e4-9754-d43d7e5533ee} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: {7c147bff-ee0d-11e4-9754-d43d7e5533ee} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: {7c147e91-ee0d-11e4-9754-d43d7e5533ee} - H:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: C:\PROGRA~3\{0856E~1\1172~1.1\sefe.dll => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Cherryckjj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-09-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Cherryckjj\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [HKLM-x32] => file://C:\Windows\system32\Drivers\winpacket.pac
AutoConfigURL: [S-1-5-19] => file://C:\Windows\system32\Drivers\winpacket.pac
AutoConfigURL: [S-1-5-20] => file://C:\Windows\system32\Drivers\winpacket.pac
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{05BD9E34-F03B-47C1-9DC2-6FEC0944002F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{60A7FF7D-47BC-41E8-8811-75334F76CFC6}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{688D561C-113E-4669-A1F9-BDC37D44C1EB}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={3A1A2A65-EC57-4A84-97F9-7D1A245F9877}&mid=59f70ab6364747cd9dc4057438b1da1d-552b5f342637007c4dea6ceb503561ea649e57c8&lang=en&ds=px011&coid=avgtbdispx&cmpid=0615tb&pr=sa&d=2015-05-21 21:43:41&v=18.8.0.179&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = 
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> DefaultScope {1E3E820D-4195-4FA7-9075-AA5DB659CB8E} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir=
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> {1E3E820D-4195-4FA7-9075-AA5DB659CB8E} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir=
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A1A2A65-EC57-4A84-97F9-7D1A245F9877}&mid=59f70ab6364747cd9dc4057438b1da1d-552b5f342637007c4dea6ceb503561ea649e57c8&lang=en&ds=px011&coid=avgtbdispx&cmpid=0615tb&pr=sa&d=2015-05-21 21:43:41&v=18.6.0.922&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Glass Bottle -> {88803a01-4125-443b-b869-4062a160ceea} -> C:\Program Files (x86)\Glass Bottle\Extensions\88803a01-4125-443b-b869-4062a160ceea.dll No File
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.8.0.179\AVG SafeGuard toolbar_toolbar.dll [2015-08-16] (AVG Secure Search)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.8.0\ViProtocol.dll [2015-08-16] (AVG Secure Search)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAEVeVhaBQFBDFFCcF8VVQ1FQxhBdQwPTABHFFQSeQsOBVpDRRNBNARaB0tXUUEeGGlxR1dMZllCM0p6Dk0FTVA=
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggXdgBZA11JERhHIQleTA1FFVcOIgwNVhRIFwBCcQAKV10SE1EFIk0FA18DB0VXfWFoKB8fHHJPIUpLI1YFVVlG
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-09-20] (Nexon)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-24] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3730196113-1156908693-4138991567-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cherryckjj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\user.js [2015-05-21]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\avg-secure-search.xml [2015-08-28]
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\default.xml [2015-09-17]
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\dregol.xml [2015-05-21]
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\yahoo_ff.xml [2015-06-22]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-08-16]
FF Extension: AVG SafeGuard toolbar - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-05-21]
FF Extension: Firefox Security Update - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-03-12]
FF Extension: AdBlock for YouTube™ - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-04-28]
FF Extension: Dealz - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-02-23]
FF Extension: Glass Bottle - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\{ff3f1ffa-691d-45c1-8847-4f0666b522a5}.xpi [2015-05-21]
FF Extension: Firefox Security Update - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-08-28]
FF Extension: Dealz - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-08-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=","hxxp://www.dregol.com/?f=7&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir="
CHR Profile: C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-28]
CHR Extension: (Google Search) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-04-28]
CHR Extension: (AdBlock) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-28]
CHR Extension: (MS Updater) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\iadddcofhgaeeniecnhpopipbhijnphj [2015-05-29]
CHR Extension: (Arcane Legends) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-04-28]
CHR Extension: (EverSave) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmfogomafbmjkfcpfpnjfgecnjffng [2015-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-28]
CHR Extension: (Furniture Guru) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopcjmbilgeapfldddijpgpahphngjdk [2015-09-01]
CHR Extension: (AVG Secure Search) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-28]
CHR Extension: (Gmail) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592840 2015-06-16] (Affinegy, Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
R2 Ds3Service; D:\Emulators\PS2 emu\PCSX2 1.0.0\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-07-14] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouUpdate.exe [369256 2015-08-03] (Sogou.com Inc.)
R2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-08-16] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WinGraph; C:\Windows\wnavga.exe [8192 2015-04-23] (Microsoft) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-23] (Kaspersky Lab ZAO)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [989272 2015-06-13] (TENCENT)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 15:01 - 2015-09-23 15:01 - 00032768 _____ C:\Users\Cherryckjj\Desktop\FRST.txt
2015-09-23 15:00 - 2015-09-23 15:01 - 00000000 ____D C:\FRST
2015-09-23 15:00 - 2015-09-23 14:59 - 02192384 _____ (Farbar) C:\Users\Cherryckjj\Desktop\FRST64.exe
2015-09-20 15:44 - 2015-09-20 15:44 - 00000198 _____ C:\Users\Public\Desktop\MapleStory.url
2015-09-20 15:44 - 2015-09-20 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2015-09-20 14:34 - 2015-09-20 14:34 - 00009886 _____ C:\Users\Cherryckjj\Desktop\snapples.bsproj
2015-09-20 12:59 - 2015-09-20 12:59 - 00000000 ___RD C:\Users\Cherryckjj\Documents\MEGAsync
2015-09-20 12:59 - 2015-09-20 12:59 - 00000000 ____D C:\Users\Cherryckjj\Documents\MEGA
2015-09-20 12:57 - 2015-09-20 12:57 - 00001084 _____ C:\Users\Cherryckjj\Desktop\MEGAsync.lnk
2015-09-20 12:57 - 2015-09-20 12:57 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-09-20 12:57 - 2015-09-20 12:57 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\MEGAsync
2015-09-20 12:57 - 2015-09-20 12:57 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\Mega Limited
2015-09-07 16:11 - 2015-09-21 16:53 - 00000000 ____D C:\Users\Cherryckjj\Desktop\For Annie
2015-08-28 20:33 - 2015-09-21 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-28 20:31 - 2015-08-28 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-28 20:31 - 2015-08-28 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-28 20:31 - 2015-08-28 20:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 15:21 - 2015-08-26 15:21 - 00001166 _____ C:\Users\Public\Desktop\TWC WiFi.lnk
2015-08-26 15:21 - 2015-08-26 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Time Warner Cable
2015-08-26 15:21 - 2015-08-26 15:21 - 00000000 ____D C:\ProgramData\Apple
2015-08-26 15:21 - 2015-08-26 15:21 - 00000000 ____D C:\Program Files\Bonjour
2015-08-26 15:21 - 2015-08-26 15:21 - 00000000 ____D C:\Program Files (x86)\Time Warner Cable
2015-08-26 15:21 - 2015-08-26 15:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-26 15:20 - 2015-08-26 15:21 - 00000000 ____D C:\ProgramData\Affinegy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 15:00 - 2009-07-13 21:51 - 00052014 _____ C:\Windows\setupact.log
2015-09-23 14:43 - 2015-04-28 21:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 14:39 - 2015-04-28 19:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-09-23 14:18 - 2015-04-28 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-23 13:43 - 2015-04-28 21:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-23 13:06 - 2015-06-14 01:06 - 00000356 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2015-09-23 10:40 - 2009-07-13 21:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-23 10:40 - 2009-07-13 21:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 10:37 - 2015-06-10 14:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-23 10:36 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-23 10:34 - 2015-04-28 15:14 - 02055178 _____ C:\Windows\WindowsUpdate.log
2015-09-23 10:32 - 2015-04-28 15:46 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\Raptr
2015-09-23 10:31 - 2015-05-29 00:30 - 00000338 _____ C:\Windows\Tasks\Notifier PLUS.job
2015-09-23 10:31 - 2015-04-29 02:41 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\HTC MediaHub
2015-09-23 10:31 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-21 17:18 - 2015-04-28 15:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 17:18 - 2015-04-28 15:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 17:18 - 2015-04-28 15:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 16:57 - 2015-04-28 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-21 16:57 - 2010-11-20 20:47 - 00205874 _____ C:\Windows\PFRO.log
2015-09-21 16:57 - 2009-07-13 21:45 - 00448880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-21 16:40 - 2015-04-28 21:13 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-20 15:44 - 2015-06-25 18:55 - 00000000 ____D C:\ProgramData\NexonUS
2015-09-20 12:57 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-16 18:39 - 2015-08-05 22:35 - 00533522 _____ C:\Users\Cherryckjj\Desktop\2.jpeg
2015-09-16 18:38 - 2015-06-18 01:07 - 00194610 _____ C:\Users\Cherryckjj\Desktop\1.jpeg
2015-09-15 13:38 - 2015-04-28 21:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 13:38 - 2015-04-28 21:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-13 02:27 - 2015-04-28 21:12 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\Google
2015-09-09 22:03 - 2015-04-28 15:49 - 00115880 _____ C:\Users\Cherryckjj\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-09 13:45 - 2015-06-20 02:40 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\vlc
2015-09-06 17:41 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-04 10:39 - 2015-08-18 19:23 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\cobra
2015-09-04 10:25 - 2015-08-18 20:28 - 00000000 ____D C:\Program Files (x86)\CABAL2 (US)
2015-08-28 20:27 - 2015-05-29 00:32 - 00000258 __RSH C:\Users\Cherryckjj\ntuser.pol
2015-08-28 20:27 - 2015-04-28 15:14 - 00000000 ____D C:\Users\Cherryckjj
2015-08-26 15:20 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
 
==================== Files in the root of some directories =======
 
2015-06-25 16:30 - 2015-04-26 16:30 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
C:\Users\Cherryckjj\AppData\Local\Temp\125db895070d6e15df8564cd6d6e5fce.dll
C:\Users\Cherryckjj\AppData\Local\Temp\130767145160001926.exe
C:\Users\Cherryckjj\AppData\Local\Temp\13076714522973591492.exe
C:\Users\Cherryckjj\AppData\Local\Temp\283f26551f31790c6cb105b3c9da4c35.dll
C:\Users\Cherryckjj\AppData\Local\Temp\31d6e07d87ca5eaf6b2447c07a6c1365.dll
C:\Users\Cherryckjj\AppData\Local\Temp\7230fefd864f35e6569012bef46d88ae.dll
C:\Users\Cherryckjj\AppData\Local\Temp\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
C:\Users\Cherryckjj\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\Cherryckjj\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Cherryckjj\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\Cherryckjj\AppData\Local\Temp\ClientToMobilePlatform.exe
C:\Users\Cherryckjj\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Cherryckjj\AppData\Local\Temp\i4jdel0.exe
C:\Users\Cherryckjj\AppData\Local\Temp\NGM.exe
C:\Users\Cherryckjj\AppData\Local\Temp\NGMDll.dll
C:\Users\Cherryckjj\AppData\Local\Temp\NGMResource.dll
C:\Users\Cherryckjj\AppData\Local\Temp\NGMSetup.exe
C:\Users\Cherryckjj\AppData\Local\Temp\oi_{1297DAB9-ED19-4245-9F4B-139F150AFF69}.exe
C:\Users\Cherryckjj\AppData\Local\Temp\ose00000.exe
C:\Users\Cherryckjj\AppData\Local\Temp\PidGenX.dll
C:\Users\Cherryckjj\AppData\Local\Temp\proxy_vole6466514807102103072.dll
C:\Users\Cherryckjj\AppData\Local\Temp\raptrpatch.exe
C:\Users\Cherryckjj\AppData\Local\Temp\raptr_stub.exe
C:\Users\Cherryckjj\AppData\Local\Temp\SeMini.exe
C:\Users\Cherryckjj\AppData\Local\Temp\tmp24FD.exe
C:\Users\Cherryckjj\AppData\Local\Temp\tmpD1BF.exe
C:\Users\Cherryckjj\AppData\Local\Temp\unicows.dll
C:\Users\Cherryckjj\AppData\Local\Temp\Upgrade.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-21 17:42
 
==================== End of FRST.txt ============================
 
NEXT FILE
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Cherryckjj (2015-09-23 15:01:33)
Running from C:\Users\Cherryckjj\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-04-28 22:14:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3730196113-1156908693-4138991567-500 - Administrator - Disabled)
Cherryckjj (S-1-5-21-3730196113-1156908693-4138991567-1000 - Administrator - Enabled) => C:\Users\Cherryckjj
Guest (S-1-5-21-3730196113-1156908693-4138991567-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3730196113-1156908693-4138991567-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.8.0.179 - AVG Technologies)
BitTorrent (HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\BitTorrent) (Version: 7.9.2.38398 - BitTorrent Inc.)
Bonjour (HKLM\...\{877924AA-E044-4266-B37D-E974CD799934}) (Version: 2.0.0.34 - Apple Inc.)
CABAL2 (US) (HKLM-x32\...\CABAL2US) (Version:  - ESTsoft Corp.)
Dealz (HKLM-x32\...\Dealz1.0.1.17) (Version: 1.0.1.17 - Dealz Unlimited)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.46.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
MapleStory (HKLM-x32\...\MapleStory) (Version:  - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notifier PLUS (HKLM-x32\...\Notifier PLUS) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
QQÒôËÙ (HKLM-x32\...\QQÒôËÙ) (Version:  - Tencent)
QQ音速 (HKLM-x32\...\QQ音速) (Version:  - Tencent)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.0.29.0 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 1.7.31.1 - Estmob Inc.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TWC WiFi (HKLM-x32\...\TWC WiFi_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
搜狗拼音输入法 7.7正式版 (HKLM-x32\...\Sogou Input) (Version: 7.7.0.6390 - Sogou.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02255D50-ED98-4FF6-A545-BD895C634A96} - System32\Tasks\{12226FBA-C92D-4DF5-BD6A-5A534A24D976} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {02605825-953C-45F4-995D-0D2E9777A514} - System32\Tasks\{0C543C73-9040-4BEA-BB0C-5D9CA7B6C0EC} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {077864CC-E4B1-4F0B-97DA-BF176D15EA7E} - System32\Tasks\{29EFD88C-DC6A-45C2-A2EE-9757D18BB653} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {0844EC19-FCE7-4842-80EF-4513F6B1F6C7} - \Winupdate -> No File <==== ATTENTION
Task: {0A4D8873-B026-4B52-95E1-CDD03714C358} - System32\Tasks\{557B3F51-6668-4E4D-AC67-57F5DA5F4A1E} => D:\QQVipDownload\QQ\QQÒôËÙ\TCLS\QQR2.exe [2014-05-09] (腾讯计算机系统有限公司)
Task: {0C54EA97-D937-47A0-8D55-7588CFF618D4} - System32\Tasks\{8B0A6A04-D10C-4456-90DB-5FA7452A57C6} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {0D1AD150-1B70-4516-8B04-071C9940F4B6} - \EssentialUpdateMachine -> No File <==== ATTENTION
Task: {0F0838BF-7B92-4863-8013-3566EC410B41} - System32\Tasks\{175FAA01-869C-4B26-9848-132635D5B5ED} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {217B25F2-A628-4A12-9238-4757E0D6D63D} - System32\Tasks\{877DC68C-7ACA-42A2-B704-B4609ABACB61} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {21AA5AC8-696A-4024-8825-355586C30501} - System32\Tasks\{D95FF425-CB64-4312-A7F1-BD3A71904C63} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {28769543-368B-4EE6-8B9F-C826938DB63B} - System32\Tasks\{CFFA864A-E136-4D99-B106-EAFBA0175675} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {3168B8E4-EDC6-436A-BD00-350A361DAD38} - System32\Tasks\{7C0CB751-5961-45EC-B9AC-6BB8E50DABFD} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {320690BA-30D5-4616-A449-BF7F2214AD3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {32B1AC81-B0EC-4A96-9B7E-2C574981955F} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2015-08-04] (Sogou.com Inc.)
Task: {34AA6DE1-68C3-4273-9F0D-396DFBC77A6A} - System32\Tasks\{D694C948-E1E2-4220-A5B1-86B5FDD592F7} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {46194C48-EB87-4C55-AC89-B27B0842EB8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {5664F089-9706-4753-B1DD-447429236FA1} - System32\Tasks\{91442C58-0C83-4EB6-88A4-BD67B6DC4F9A} => D:\QQVipDownload\QQ\QQÒôËÙ\Game.exe [2015-05-26] (SEED9 Entertainment, Inc.)
Task: {586E55D1-5F92-4866-B2DE-19C9CB7060A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {5D12EC43-9F4A-4683-9760-2291F1858489} - System32\Tasks\{29A3A2FD-3BF6-4E67-8321-C4FF118377CC} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {61733693-0DF6-4715-BDF9-7C581F77BA5E} - System32\Tasks\{8ECED39E-C406-4991-A38E-2232305B9BED} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {687818CE-FE3D-4891-9C62-CEDE082FC6BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28] (Google Inc.)
Task: {6AFE706B-8778-4430-84D4-238C750B9BFD} - System32\Tasks\{DAE58603-B59A-424D-93A4-655B6D025349} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {71FBBA62-520D-4D26-9D98-609B9344945F} - System32\Tasks\{474A73C0-73D7-4C42-BD40-C3E8E67F73AC} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {732AF96C-7F3D-421F-A26C-4B79CEE01DE6} - \AutoKMS -> No File <==== ATTENTION
Task: {81216727-626E-41CE-B850-AD95FF89563B} - System32\Tasks\{D0A3E7E9-F6DE-4F54-95F2-A4FF9159982A} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {8F481DBD-7642-425D-BE03-C89100ECABE2} - System32\Tasks\{AD6FCACC-20DD-4ED9-9DA5-22868992047E} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {92EB5E1A-CCE7-4403-9F5D-0A6E597E17ED} - System32\Tasks\Notifier PLUS => C:\Program Files (x86)\Notifier PLUS\notifier_plus_service.exe [2015-05-29] (Notifier PLUS)
Task: {9A57CE29-4C0D-4BEA-B2F3-3D2060E95320} - System32\Tasks\{64FDADD0-9A4E-472B-92FC-AE5B035A4020} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {B0F8D5AD-B308-4626-B923-77A7938F1C1B} - System32\Tasks\{12853EF0-803B-41CC-9B72-697A34D0BF63} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {B7651692-D04D-48AC-ACF6-C9DC0AEC2F9E} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION
Task: {B7808FA0-BE0F-4F94-BB93-8ED1B4400F99} - System32\Tasks\{C9966ED8-415E-499D-8428-2783B169B8F3} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {C350D82E-4052-43CA-9AA4-BD03E041D033} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C7898FD2-06D4-4411-B7EC-B7D7181AE5F4} - System32\Tasks\{9A7D3B32-4382-409A-B816-1FDD5A4FABE3} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {CF3B2DB8-691A-4753-8082-D9081C911558} - System32\Tasks\{485F472E-E86F-486F-B048-C869D3E547F8} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {D1F33C6C-4929-40A2-BC03-471F9408B900} - System32\Tasks\{6C76A297-DBE5-4350-9230-48EA6A05B9E4} => D:\QQVipDownload\QQ音速\QQR2.exe
Task: {D9DF6D82-2A6A-4969-8ECD-EBBD494C462C} - System32\Tasks\{1B7862C0-2664-4873-93C9-70A32FA76779} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
Task: {E7A75F28-4682-4CF5-BDFB-985E1BD2DAC2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EDBEF1C6-D425-4509-B929-1BB856E91B56} - System32\Tasks\{F3C59E65-DBAA-47B6-AA3E-540B2750EDE5} => C:\Windows\AppPatch\AppLoc.exe [2003-06-13] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{cde102b9-c176-6a7a-cde1-102b9c170ae7}\rhythm_heaven_us.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Notifier PLUS.job => C:\Program Files (x86)\Notifier PLUS\notifier_plus_service.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 07:13 - 2014-05-01 07:13 - 00470016 _____ () C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll
2015-08-02 17:17 - 2015-07-16 11:51 - 00128512 _____ () C:\Program Files (x86)\Send Anywhere\snda_context_handler.dll
2015-07-15 21:39 - 2015-07-15 21:39 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-05-16 11:38 - 2015-07-31 16:20 - 04338424 _____ () C:\Program Files (x86)\Send Anywhere\sendanywhere.exe
2015-06-10 11:14 - 2015-08-16 14:16 - 02567568 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-07-15 21:38 - 2015-07-15 21:38 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-06-23 12:11 - 2015-06-23 12:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-04-13 15:55 - 2015-04-13 15:55 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-08-16 14:16 - 2015-08-16 14:16 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe
2015-08-26 15:21 - 2015-06-16 14:50 - 00022984 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyServicePS.dll
2015-05-16 11:38 - 2014-03-08 03:56 - 00117262 _____ () C:\Program Files (x86)\Send Anywhere\libgcc_s_dw2-1.dll
2015-05-16 11:38 - 2014-03-08 03:56 - 00970766 _____ () C:\Program Files (x86)\Send Anywhere\libstdc++-6.dll
2015-06-21 21:26 - 2014-01-15 17:36 - 03347428 _____ () C:\Program Files (x86)\Send Anywhere\icuin52.dll
2015-06-21 21:26 - 2014-01-15 17:36 - 01992280 _____ () C:\Program Files (x86)\Send Anywhere\icuuc52.dll
2015-06-21 21:26 - 2014-01-15 17:36 - 23544786 _____ () C:\Program Files (x86)\Send Anywhere\icudt52.dll
2015-05-16 11:39 - 2014-09-11 23:00 - 01276928 _____ () C:\Program Files (x86)\Send Anywhere\platforms\qwindows.dll
2015-05-16 11:39 - 2014-09-11 22:58 - 00033280 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qico.dll
2015-05-16 11:39 - 2014-09-11 22:58 - 00749568 _____ () C:\Program Files (x86)\Send Anywhere\sqldrivers\qsqlite.dll
2015-05-16 11:39 - 2014-09-11 23:14 - 00051200 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qdds.dll
2015-05-16 11:39 - 2014-09-11 22:58 - 00031232 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qgif.dll
2015-05-16 11:39 - 2014-09-11 23:14 - 00042496 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qicns.dll
2015-05-16 11:39 - 2014-09-11 23:15 - 00509440 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qjp2.dll
2015-05-16 11:39 - 2014-09-11 22:59 - 00242176 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qjpeg.dll
2015-05-16 11:39 - 2014-09-11 23:15 - 00363008 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qmng.dll
2015-05-16 11:39 - 2014-09-11 23:15 - 00027136 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qtga.dll
2015-05-16 11:39 - 2014-09-11 23:15 - 00423936 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qtiff.dll
2015-05-16 11:39 - 2014-09-11 23:15 - 00026112 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qwbmp.dll
2015-05-16 11:39 - 2014-09-11 23:16 - 00341504 _____ () C:\Program Files (x86)\Send Anywhere\imageformats\qwebp.dll
2015-02-02 00:52 - 2015-02-02 00:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-16 14:16 - 2015-08-16 14:16 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\log4cplusU.dll
2015-08-26 15:21 - 2010-03-19 22:58 - 00325632 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtXml4.dll
2015-08-26 15:21 - 2010-03-19 22:58 - 01954304 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtCore4.dll
2015-08-26 15:21 - 2010-03-19 22:58 - 07187456 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtGui4.dll
2015-08-26 15:21 - 2010-03-19 22:58 - 00847360 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\QtNetwork4.dll
2015-08-26 15:21 - 2015-06-16 13:36 - 00309248 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\DigiDoFlavor.dll
2015-08-26 15:21 - 2014-09-08 12:34 - 00119808 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\imageformats\qjpeg4.dll
2015-09-21 16:40 - 2015-09-18 15:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
2015-09-21 16:40 - 2015-09-18 15:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll
2015-08-26 15:21 - 2015-06-16 13:53 - 01803264 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG1670ALOC.dll
2015-08-26 15:21 - 2015-06-16 14:10 - 01803264 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG1680ALOC.dll
2015-08-26 15:21 - 2015-06-16 14:07 - 01782784 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisDG860ALOC.dll
2015-08-26 15:21 - 2015-06-16 13:54 - 01803264 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG1672GLOC.dll
2015-08-26 15:21 - 2015-06-16 14:09 - 01803264 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG1682GLOC.dll
2015-08-26 15:21 - 2015-06-16 14:03 - 01782784 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG852GLOC.dll
2015-08-26 15:21 - 2015-06-16 14:05 - 01782784 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\ArrisTG862GLOC.dll
2015-08-26 15:21 - 2015-06-16 13:59 - 01792000 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\MotorolaSBG900LOC.dll
2015-08-26 15:21 - 2015-06-16 14:02 - 01761792 _____ () C:\Program Files (x86)\Time Warner Cable\TWC WiFi\gateways\NetgearWNR1000v3LOC.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-04-13 15:54 - 2015-04-13 15:54 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-04-13 15:55 - 2015-04-13 15:55 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-04-13 15:57 - 2015-04-13 15:57 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-13 17:37 - 2014-08-13 17:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 17:37 - 2014-08-13 17:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\kpcengine.2.3.dll
2015-09-21 16:40 - 2015-09-18 15:13 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\4.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\4.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\5.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\5.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\6.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\6.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\7.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\7.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\8.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\8.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\HHQ.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Cherryckjj\Desktop\HHQ.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cherryckjj\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: GoogleChromeAutoLaunch_8CFDF07D37CE5E5F3B9804491D6ADF08 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: SendAnywhere => "C:\Program Files (x86)\Send Anywhere\sendanywhere.exe" --tray
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4C9ADFC7-6371-47EF-8A53-89A429DB3360}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C97035A2-CDF6-4B17-877D-CDFDB7B91BBA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{446663E7-F6B1-4CBA-AC2F-E903C68BECC6}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SGDownload.exe
FirewallRules: [{C4E3CB07-EDFB-4EFA-B3D9-DA63D3E5E40B}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SGDownload.exe
FirewallRules: [{D0D4F340-7D0F-4ECE-B8D5-12156399BED8}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SGDownload.exe
FirewallRules: [{32FCE810-D616-4F58-A9AF-1B068AF6D4F2}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SGDownload.exe
FirewallRules: [{386713A6-79E9-4AE4-9E20-41D95C8FAAB1}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SogouCloud.exe
FirewallRules: [{F8D4EE5D-7E2D-4C1A-B771-9680670189F5}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SogouCloud.exe
FirewallRules: [{9BC9D676-E334-4DB3-9FB0-457B6F4997DA}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SogouCloud.exe
FirewallRules: [{71412E7C-FD96-4780-BFAF-132A5583B79B}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SogouCloud.exe
FirewallRules: [{FCB3E6BB-0C6B-4277-AF17-A0E5E2427C5F}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{84704808-9288-43CA-997D-57D11F4CABDC}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F5F2B666-0148-4F40-99AD-5EB43876796D}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FBA3BF37-E6A9-4D44-81D9-4B4EAC348EE0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F08BFB9C-8222-431C-966C-894847CBC106}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{47485845-930A-4029-96CE-64F5D922CB3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EB12A076-15CB-4E00-BC5F-42FBBB8C25C7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{32BA2ADF-24D7-4979-A596-8AF9C54892E4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{889066F7-7C72-4CFD-AB2E-607B952DB7A7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{B49A6862-754A-49B1-81B1-128E58DDE0B9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{59CE265F-B666-4710-B17A-503CFFB968AE}] => (Allow) C:\Program Files (x86)\KMSpicoPortable\AutoPico.exe
FirewallRules: [{95E6146B-58B7-416B-94D1-A8ADA5075F17}] => (Allow) C:\Program Files (x86)\KMSpicoPortable\AutoPico.exe
FirewallRules: [TCP Query User{6BA9F802-A32A-4CC9-AD22-C2CA944FCF38}C:\program files (x86)\cabal online (na - global)\launcher\launcher.exe] => (Allow) C:\program files (x86)\cabal online (na - global)\launcher\launcher.exe
FirewallRules: [UDP Query User{3BB23125-5F74-4B6D-93C7-0F6C0D226D9D}C:\program files (x86)\cabal online (na - global)\launcher\launcher.exe] => (Allow) C:\program files (x86)\cabal online (na - global)\launcher\launcher.exe
FirewallRules: [TCP Query User{5C1DE836-0CD2-4934-9FD8-4E7AF5FA6876}C:\program files (x86)\send anywhere\sendanywhere.exe] => (Allow) C:\program files (x86)\send anywhere\sendanywhere.exe
FirewallRules: [UDP Query User{C43F2608-F867-4B34-A673-2FC4A097EF8A}C:\program files (x86)\send anywhere\sendanywhere.exe] => (Allow) C:\program files (x86)\send anywhere\sendanywhere.exe
FirewallRules: [{F851B46B-FEC1-4007-9A1E-A0E717A2E09C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0C743398-F4C5-4BC9-9C2B-C7A092541428}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{CC45C925-AD61-4051-85EC-D5E5F34911F2}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4189ECF9-700B-49CB-BE53-659C2F9F791B}C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{32A00022-7017-4FAE-8F7D-76E4DD5F2102}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432671989\QQVipDownloader.exe
FirewallRules: [{C824CCB2-5C47-4B62-853D-96CCBC18B287}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432671989\QQVipDownloader.exe
FirewallRules: [{295FFD7C-2D05-4656-B818-4077C29B1DAF}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432671989\bugreport.exe
FirewallRules: [{3D99B5DC-008B-4F67-8C0D-57FDD3B1046E}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432671989\bugreport.exe
FirewallRules: [{F24EC532-8200-4FA5-B9E2-C944AD72436C}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe
FirewallRules: [{D3B539BD-1F9F-4093-8380-D85BB51FB931}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe
FirewallRules: [{86706A07-4FD9-47F5-B929-71AE2A9A382E}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe
FirewallRules: [{434C0B61-446C-46DE-A46A-8F5500962918}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe
FirewallRules: [{00086277-FD1A-4316-A2D6-2241CE61A957}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432734172\QQVipDownloader.exe
FirewallRules: [{188C630F-B559-4974-A90E-7FA60BE7AD90}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432734172\QQVipDownloader.exe
FirewallRules: [{B9B5795D-B5C4-44FB-A1D3-B3D1294B5B2B}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432734172\bugreport.exe
FirewallRules: [{9FED040D-3ED7-49DE-AE26-C81BE613D080}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\QQVipDownloader\r2_1432734172\bugreport.exe
FirewallRules: [{F77F5950-17DA-4BFF-80A9-4916B3AFB29F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe
FirewallRules: [{B145E009-3306-464A-AA11-C23AFD3D7FFB}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe
FirewallRules: [{5F1C8FB2-D17C-4F72-8965-C8E58DF01A28}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\PCMng\QQPCDetector.exe
FirewallRules: [{97117325-78AC-4603-881A-7E2DA235B85F}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\PCMng\QQPCDetector.exe
FirewallRules: [{51A3939E-919A-43F5-864A-42420B9FD9FE}] => (Allow) c:\users\cherryckjj\appdata\roaming\tencent\qq音速\b4890fa8ce5d493a93103a0ef4a6e617\teniodl\teniodl.exe
FirewallRules: [{B5F2149B-CF75-4F5A-8343-AEFD86E7D9EC}] => (Allow) c:\users\cherryckjj\appdata\roaming\tencent\qq音速\b4890fa8ce5d493a93103a0ef4a6e617\teniodl\teniodl.exe
FirewallRules: [TCP Query User{1F1286FF-C4D0-483A-9C90-78D747EFF6C7}D:\qqvipdownload\qq音速\tcls\qqr2.exe] => (Allow) D:\qqvipdownload\qq音速\tcls\qqr2.exe
FirewallRules: [UDP Query User{8D8EB0A5-74F1-4661-B4A5-83B14D4883B0}D:\qqvipdownload\qq音速\tcls\qqr2.exe] => (Allow) D:\qqvipdownload\qq音速\tcls\qqr2.exe
FirewallRules: [{9B020E19-26AE-4FF2-A19E-9CEA9373371F}] => (Block) D:\qqvipdownload\qq音速\tcls\qqr2.exe
FirewallRules: [{3F736028-F90A-41E1-8DA4-BA8D333A9E57}] => (Block) D:\qqvipdownload\qq音速\tcls\qqr2.exe
FirewallRules: [{77E2E482-AEFF-40E6-8874-14112602CD93}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AA612103-DF0A-437C-AF2F-BF91EA16135F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D1227E84-A5BE-41D7-9AE8-C4C65E29CE46}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E2C6E18C-EB28-49F2-BBB9-E9C0100573C4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CA191D3F-5451-40B3-AB0C-2E5A3C1EB787}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\Tencent\QQ音速\B4890FA8CE5D493A93103A0EF4A6E617\TenioDL\TenioDL.exe
FirewallRules: [{1A4F9291-C0A2-4635-8082-E4F319AEA6A5}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\Tencent\QQ音速\B4890FA8CE5D493A93103A0EF4A6E617\TenioDL\TenioDL.exe
FirewallRules: [{7B67ADDA-6B24-49FF-8BF5-76BADB89383A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\bugreport_xf.exe
FirewallRules: [{60598959-A6CC-4D33-9496-EF46A02F4A36}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\127\tencentdl.exe
FirewallRules: [{AF9BB1D6-637A-4B7E-A8B7-D032CAA9FCBD}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\PCMng\QQPCDetector.exe
FirewallRules: [{6D6B114F-3DDD-40E0-99D7-822F84CF4C04}] => (Allow) C:\Users\Cherryckjj\AppData\Local\Temp\PCMng\QQPCDetector.exe
FirewallRules: [{F1F1D57F-89FA-4344-AF33-6DFA0A6A455B}] => (Allow) c:\users\cherryckjj\appdata\roaming\tencent\qq音速\92568056cc83524fa5836df05168fe6f\teniodl\teniodl.exe
FirewallRules: [{15CFD808-BDB4-4FA8-8EC9-0F628D813F96}] => (Allow) c:\users\cherryckjj\appdata\roaming\tencent\qq音速\92568056cc83524fa5836df05168fe6f\teniodl\teniodl.exe
FirewallRules: [TCP Query User{2B6458EC-2518-4646-BFFE-688E8300B35C}D:\qqvipdownload\qq\qqòôëù\tcls\qqr2.exe] => (Allow) D:\qqvipdownload\qq\qqòôëù\tcls\qqr2.exe
FirewallRules: [UDP Query User{AA57284A-993A-4138-A46B-493983A0AB2C}D:\qqvipdownload\qq\qqòôëù\tcls\qqr2.exe] => (Allow) D:\qqvipdownload\qq\qqòôëù\tcls\qqr2.exe
FirewallRules: [{A3A229A6-38C9-4E05-BEF6-B2E772FEA2F0}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\Tencent\QQ音速\92568056CC83524FA5836DF05168FE6F\TenioDL\TenioDL.exe
FirewallRules: [{37612620-2CDF-42DA-A597-4A347173968A}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\Tencent\QQ音速\92568056CC83524FA5836DF05168FE6F\TenioDL\TenioDL.exe
FirewallRules: [{FF0B1D9C-9D00-4BE2-9D98-5B9165B99C54}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BB05DD5-C60D-418D-908E-9BD84C10D103}] => (Allow) C:\Users\Cherryckjj\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0D97DDC7-EFDC-4DE6-8BEC-5ECE1DA035A6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{376BA7F6-3224-46F7-9767-2C27F7CB59C6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [TCP Query User{8973CFBC-2D85-4109-8113-B70BFB54FCE7}C:\users\cherryckjj\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cherryckjj\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2BC1DB83-0C4D-4483-919B-D28B01096892}C:\users\cherryckjj\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\cherryckjj\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B260F51F-3AA7-4B09-9AFF-DE87A37817BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{A3A84052-3BCA-4F81-8F2B-4B81D7074271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{3AE207FC-7E7C-4BBD-B6AC-6D8965EAA92C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{52E3D069-8749-45BA-A242-8B8D41929C87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dragonnest\DragonNest.exe
FirewallRules: [{BCA035D3-1D39-441D-B6A8-6E6DAC7108C4}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SGTool.exe
FirewallRules: [{F6B95F14-CD5A-483B-BCC4-3CE55467A389}] => (Allow) C:\Program Files (x86)\SogouInput\7.5.0.5651\SGTool.exe
FirewallRules: [{B7D0DDD4-8003-4A44-B233-C3B493309FF8}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EF652834-021B-47A6-86DC-DB8510367DD2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8DD108EC-3DE2-4FC1-9856-A49BEE9E0AFA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{79BAD58C-57A9-4F2A-B572-4365983FD56E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{7EB8BC6E-5A58-422A-A116-3B246651604E}D:\maplestory\hawtmaple.exe] => (Allow) D:\maplestory\hawtmaple.exe
FirewallRules: [UDP Query User{B293791B-85BC-459E-B8A0-CE7D96CB746C}D:\maplestory\hawtmaple.exe] => (Allow) D:\maplestory\hawtmaple.exe
FirewallRules: [{992E740C-E971-4086-A687-4BEA49B14C2F}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGTool.exe
FirewallRules: [{0C59DA53-CF49-4779-BE3B-C4393E5EC73F}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGTool.exe
FirewallRules: [{E2378A25-FC47-4EE7-A788-2C8A6ABDD74C}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGTool.exe
FirewallRules: [{8294EBB8-8764-447C-86AC-C703E0DF4237}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGTool.exe
FirewallRules: [{9393F2BD-4DE1-42AD-88C4-7B669ADC7C25}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\PinyinUp.exe
FirewallRules: [{356C28C3-1D28-4D4B-9F09-2B001BE669B4}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\PinyinUp.exe
FirewallRules: [{60E5FCC2-A6AC-4C80-81E4-CAADA2E56810}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\PinyinUp.exe
FirewallRules: [{4E4AAB2F-6ACB-4C21-A94D-EB555A47BCF2}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\PinyinUp.exe
FirewallRules: [{0FD1DAAF-5A3D-4B50-BF45-BE488F1106C2}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGDownload.exe
FirewallRules: [{331126D6-9484-4A28-AF0A-A63877ACC707}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGDownload.exe
FirewallRules: [{CA8F5DAF-3A5A-47C7-BA16-DFEDAA9E5057}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGDownload.exe
FirewallRules: [{E2D25877-52ED-45D8-9B9C-AA7FCF4EE20D}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGDownload.exe
FirewallRules: [{D9954EEE-4696-45E4-90FF-C8209FC05150}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouCloud.exe
FirewallRules: [{96197499-188E-4DD2-9FF1-A5ADDAE3DD6B}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouCloud.exe
FirewallRules: [{FABC26EE-5D1C-46BA-9EEB-6D1ABDB5F6F3}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouCloud.exe
FirewallRules: [{1D59B807-3E7B-4D06-B98C-BC29CC59E5AC}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouCloud.exe
FirewallRules: [{35673271-AA52-454D-BF64-C3F0AC15CC66}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{3A7F6899-BB4C-475E-AEB2-EA308EC74959}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{F495C3B6-001D-4F57-A6A0-593D0E52C74D}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{DA6AE3E7-D090-4589-8E74-0CDE6A320176}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe
FirewallRules: [{DE9FC3BE-3D4A-4F5C-A0D7-F14FFCE2736A}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\userNetSchedule.exe
FirewallRules: [{36AABDAC-D15F-471D-A104-6594E3EAD12F}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\userNetSchedule.exe
FirewallRules: [{31C6D003-9B3E-42FA-8F54-1BAA8860FEF8}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\userNetSchedule.exe
FirewallRules: [{AE818F31-27EF-4D50-874E-0BAAE18C6752}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\userNetSchedule.exe
FirewallRules: [{7A47C800-FD30-474B-8855-E3F3E6F58DB7}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGMedalLoader.exe
FirewallRules: [{BB93D1C4-1993-41CD-BD6D-B4AA6F9F4710}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGMedalLoader.exe
FirewallRules: [{9C169D93-6209-4B73-855F-82E9FD0C8C9C}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGMedalLoader.exe
FirewallRules: [{F6601DBC-D9B2-4D5A-A192-03D768C15B0A}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.6390\SGMedalLoader.exe
FirewallRules: [{37D8068C-EE07-4E0A-8906-BFEEBA3DE2A4}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{2D8123D2-6D8B-4A48-A56B-540828BFABEF}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{AB330972-532C-4A71-ABEC-18820F97826B}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [{9E386DC4-D599-4131-AAF5-1571B5ABD99F}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe
FirewallRules: [TCP Query User{26B83B16-50E0-4CEE-B54A-D2DF47F9DA0C}C:\users\cherryckjj\appdata\local\temp\semini.exe] => (Block) C:\users\cherryckjj\appdata\local\temp\semini.exe
FirewallRules: [UDP Query User{FB2EA674-14D3-483C-97A3-4056E925F053}C:\users\cherryckjj\appdata\local\temp\semini.exe] => (Block) C:\users\cherryckjj\appdata\local\temp\semini.exe
FirewallRules: [TCP Query User{70273202-D8A2-4681-918F-E5F759CB610B}C:\program files (x86)\cabal2 (us)\c2launcher.exe] => (Allow) C:\program files (x86)\cabal2 (us)\c2launcher.exe
FirewallRules: [UDP Query User{EC0A0F4A-19CB-4793-A4CD-DD644093A45F}C:\program files (x86)\cabal2 (us)\c2launcher.exe] => (Allow) C:\program files (x86)\cabal2 (us)\c2launcher.exe
FirewallRules: [{A9836C28-03DF-49B2-830A-850D8C882252}] => (Allow) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
FirewallRules: [{DF8BCF09-B5B9-4D62-8287-04787F1C64A4}] => (Allow) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
FirewallRules: [{CED3CD77-75DE-4652-8D10-1DFB2F8C9347}] => (Allow) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
FirewallRules: [{25DF7E04-6206-4912-AAE9-F93D12A85966}] => (Allow) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
FirewallRules: [{2660B1DB-1E1C-46F2-838A-9455BC4DE21D}] => (Allow) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
FirewallRules: [{4003D87B-F907-40AB-ACE8-A3199E7BEF80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C83907B-680B-42A9-A7AA-7C10188DED1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ECB6FDC8-5868-49B4-9237-628C2534E7CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E517E573-4F5A-4B1C-A65A-63A897848669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7B661814-F4CE-4A21-BBFA-AB465771AF0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2015 02:43:17 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: Failed to initiate System Restore (Windows Update).
 
Error: (09/23/2015 10:33:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 560: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 576: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 580: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 552: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 544: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 536: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
Error: (09/23/2015 10:27:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)
 
 
System errors:
=============
Error: (09/23/2015 02:42:24 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (09/23/2015 10:31:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (09/21/2015 04:57:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (09/21/2015 04:57:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (09/21/2015 04:57:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (09/21/2015 04:53:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/28/2015 08:27:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (08/20/2015 07:34:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RzFilter
 
Error: (08/20/2015 07:34:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Anti-Virus Service 15.0.2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/17/2015 12:29:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
 
CodeIntegrity:
===================================
  Date: 2015-04-29 04:05:42.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-29 04:05:42.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-29 04:05:42.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-29 04:05:42.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-29 04:05:42.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-29 04:05:42.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 33%
Total physical RAM: 8190.18 MB
Available physical RAM: 5427.91 MB
Total Virtual: 16378.57 MB
Available Virtual: 12807.29 MB
 
==================== Drives ================================
 
Drive c: (Windows7) (Fixed) (Total:111.69 GB) (Free:26.25 GB) NTFS
Drive d: (Data1) (Fixed) (Total:488.28 GB) (Free:446.65 GB) NTFS
Drive e: (Data2) (Fixed) (Total:443.23 GB) (Free:443.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F085C0AD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9682A460)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, after the FRST fix has run then download AdwCleaner using this system and let me know if it works

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AutoConfigURL: [HKLM-x32] => file://C:\Windows\system32\Drivers\winpacket.pac
AutoConfigURL: [S-1-5-19] => file://C:\Windows\system32\Drivers\winpacket.pac
AutoConfigURL: [S-1-5-20] => file://C:\Windows\system32\Drivers\winpacket.pac
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={3A1A2A65-EC57-4A84-97F9-7D1A245F9877}&mid=59f70ab6364747cd9dc4057438b1da1d-552b5f342637007c4dea6ceb503561ea649e57c8&lang=en&ds=px011&coid=avgtbdispx&cmpid=0615tb&pr=sa&d=2015-05-21 21:43:41&v=18.8.0.179&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> DefaultScope {1E3E820D-4195-4FA7-9075-AA5DB659CB8E} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir=
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> {1E3E820D-4195-4FA7-9075-AA5DB659CB8E} URL = hxxp://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir=
SearchScopes: HKU\S-1-5-21-3730196113-1156908693-4138991567-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A1A2A65-EC57-4A84-97F9-7D1A245F9877}&mid=59f70ab6364747cd9dc4057438b1da1d-552b5f342637007c4dea6ceb503561ea649e57c8&lang=en&ds=px011&coid=avgtbdispx&cmpid=0615tb&pr=sa&d=2015-05-21 21:43:41&v=18.6.0.922&pid=safeguard&sg=&sap=dsp&q={searchTerms}
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.8.0.179\AVG SafeGuard toolbar_toolbar.dll [2015-08-16] (AVG Secure Search)
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAEVeVhaBQFBDFFCcF8VVQ1FQxhBdQwPTABHFFQSeQsOBVpDRRNBNARaB0tXUUEeGGlxR1dMZllCM0p6Dk0FTVA=
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggXdgBZA11JERhHIQleTA1FFVcOIgwNVhRIFwBCcQAKV10SE1EFIk0FA18DB0VXfWFoKB8fHHJPIUpLI1YFVVlG
FF NetworkProxy: "type", 4
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.8.0\\npsitesafety.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.94\Bin\npSSOAxCtrlForPTLogin.dll [2013-01-24] (Tencent)
FF user.js: detected! => C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\user.js [2015-05-21]
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\avg-secure-search.xml [2015-08-28]
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\default.xml [2015-09-17]
FF SearchPlugin: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\searchplugins\dregol.xml [2015-05-21]
FF Extension: AVG SafeGuard toolbar - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-05-21]
FF Extension: Firefox Security Update - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-03-12]
FF Extension: AdBlock for YouTube - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-04-28]
FF Extension: Dealz - C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default\Extensions\[email protected] [2015-02-23]
FF Extension: Firefox Security Update - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-08-28]
FF Extension: Dealz - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2015-08-28]
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=","hxxp://www.dregol.com/?f=7&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir="
CHR Extension: (MS Updater) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\iadddcofhgaeeniecnhpopipbhijnphj [2015-05-29]
CHR Extension: (EverSave) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmfogomafbmjkfcpfpnjfgecnjffng [2015-06-12]
CHR Extension: (AVG Secure Search) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-04-28]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] - hxxps://clients2.google.com/service/update2/crx
R2 vToolbarUpdater18.8.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe [1861520 2015-08-16] (AVG Secure Search)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [989272 2015-06-13] (TENCENT)
2015-06-25 16:30 - 2015-04-26 16:30 - 0000032 ____R () C:\ProgramData\hash.dat
Task: {0D1AD150-1B70-4516-8B04-071C9940F4B6} - \EssentialUpdateMachine -> No File <==== ATTENTION
Task: {0844EC19-FCE7-4842-80EF-4513F6B1F6C7} - \Winupdate -> No File <==== ATTENTION
Task: {732AF96C-7F3D-421F-A26C-4B79CEE01DE6} - \AutoKMS -> No File <==== ATTENTION
Task: {B7651692-D04D-48AC-ACF6-C9DC0AEC2F9E} - \Bidaily Synchronize Task[973b] -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{cde102b9-c176-6a7a-cde1-102b9c170ae7}\rhythm_heaven_us.exe <==== ATTENTION
Task: C:\Windows\Tasks\Notifier PLUS.job => C:\Program Files (x86)\Notifier PLUS\notifier_plus_service.exe
C:\Program Files (x86)\Notifier PLUS
c:\programdata\{cde102b9-c176-6a7a-cde1-102b9c170ae7}
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Cx].txt as well.

  • 0

#3
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Fixlog and AdwCleaner

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now are you able to get online ?

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#5
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

After Malewarebytes removed the threats and restarted the computer, google chrome stopped working.

Every site says Unable to Connect to Proxy Server.

GoogleProxy_zpsx8pnar4o.png

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let me know how it is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

The problem with google chrome still persists.

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reset chrome please https://support.goog...296214?hl=en-GB

Then let me know what problems remain
  • 0

#9
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The problem still remains. No change to Google chrome.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a fresh FRST scan please, do other browsers connect OK ?
  • 0

Advertisements


#11
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

FireFox works but it lags and is slow, which is why I prefer google chrome.

 

(I couldn't upload FRST.txt, keep getting Error IO so I'll post it here)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Cherryckjj (administrator) on CHERRYCKJJ-PC (27-09-2015 11:19:42)
Running from C:\Users\Cherryckjj\Desktop
Loaded Profiles: Cherryckjj (Available Profiles: Cherryckjj)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files (x86)\Send Anywhere\sendanywhere.exe
(Mega Limited) C:\Users\Cherryckjj\AppData\Local\MEGAsync\MEGAsync.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe
(Scarlet.Crush Productions) D:\Emulators\PS2 emu\PCSX2 1.0.0\ScpServer\bin\ScpService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Affinegy, Inc.) C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TWC WiFi.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Sogou.com Inc.) C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouCloud.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DigiDo] => C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158088 2015-06-16] (Affinegy, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [ctfmon] => C:\Windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [GoogleChromeAutoLaunch_8CFDF07D37CE5E5F3B9804491D6ADF08] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [SendAnywhere] => C:\Program Files (x86)\Send Anywhere\sendanywhere.exe [4338424 2015-07-31] ()
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Cherryckjj\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: {7c147bf9-ee0d-11e4-9754-d43d7e5533ee} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: {7c147bff-ee0d-11e4-9754-d43d7e5533ee} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\MountPoints2: {7c147e91-ee0d-11e4-9754-d43d7e5533ee} - H:\HTC_Sync_Manager_PC.exe
AppInit_DLLs-x32: C:\PROGRA~3\{0856E~1\1172~1.1\sefe.dll => No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Cherryckjj\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Cherryckjj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-09-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Cherryckjj\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{05BD9E34-F03B-47C1-9DC2-6FEC0944002F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{60A7FF7D-47BC-41E8-8811-75334F76CFC6}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{688D561C-113E-4669-A1F9-BDC37D44C1EB}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Cherryckjj\AppData\Roaming\Mozilla\Firefox\Profiles\agosy1rz.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-09-20] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3730196113-1156908693-4138991567-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cherryckjj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015-04-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=","hxxp://www.dregol.com/?f=7&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir="
CHR Profile: C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-28]
CHR Extension: (Google Search) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-28]
CHR Extension: (AdBlock) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-28]
CHR Extension: (MS Updater) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\iadddcofhgaeeniecnhpopipbhijnphj [2015-09-26]
CHR Extension: (Arcane Legends) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-04-28]
CHR Extension: (EverSave) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmfogomafbmjkfcpfpnjfgecnjffng [2015-09-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-28]
CHR Extension: (Furniture Guru) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopcjmbilgeapfldddijpgpahphngjdk [2015-09-01]
CHR Extension: (AVG Secure Search) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-09-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-28]
CHR Extension: (Gmail) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592840 2015-06-16] (Affinegy, Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-06-23] (Kaspersky Lab ZAO)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 Ds3Service; D:\Emulators\PS2 emu\PCSX2 1.0.0\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-07-14] (Razer Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.7.0.6390\SogouUpdate.exe [369256 2015-08-03] (Sogou.com Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-23] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-23] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-23] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-23] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-23] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-23] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 14:18 - 2015-09-26 14:18 - 00001831 _____ C:\Users\Public\Desktop\Apps.lnk
2015-09-26 14:18 - 2015-09-26 14:18 - 00001775 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-09-26 14:18 - 2015-09-26 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-09-26 14:18 - 2015-09-26 14:18 - 00000000 ____D C:\ProgramData\BlueStacks
2015-09-26 14:18 - 2015-09-26 14:18 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-09-26 14:17 - 2015-09-26 14:27 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-09-26 14:17 - 2015-09-26 14:17 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\Bluestacks
2015-09-26 13:49 - 2015-09-27 10:43 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-26 13:49 - 2015-09-26 13:49 - 00001074 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-26 13:49 - 2015-09-26 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-26 13:49 - 2015-09-26 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-26 13:49 - 2015-09-26 13:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-26 13:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-26 13:49 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-26 13:49 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-24 23:38 - 2015-09-24 23:37 - 00348720 _____ C:\Users\Cherryckjj\Desktop\111.jpeg
2015-09-23 19:43 - 2015-09-26 12:15 - 00000000 ____D C:\AdwCleaner
2015-09-23 15:01 - 2015-09-27 11:19 - 00022027 _____ C:\Users\Cherryckjj\Desktop\FRST.txt
2015-09-23 15:01 - 2015-09-23 15:02 - 00056849 _____ C:\Users\Cherryckjj\Desktop\Addition.txt
2015-09-23 15:00 - 2015-09-27 11:19 - 00000000 ____D C:\FRST
2015-09-23 15:00 - 2015-09-23 14:59 - 02192384 _____ (Farbar) C:\Users\Cherryckjj\Desktop\FRST64.exe
2015-09-20 15:44 - 2015-09-20 15:44 - 00000198 _____ C:\Users\Public\Desktop\MapleStory.url
2015-09-20 15:44 - 2015-09-20 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2015-09-20 14:34 - 2015-09-20 14:34 - 00009886 _____ C:\Users\Cherryckjj\Desktop\snapples.bsproj
2015-09-20 12:59 - 2015-09-20 12:59 - 00000000 ___RD C:\Users\Cherryckjj\Documents\MEGAsync
2015-09-20 12:59 - 2015-09-20 12:59 - 00000000 ____D C:\Users\Cherryckjj\Documents\MEGA
2015-09-20 12:57 - 2015-09-20 12:57 - 00001084 _____ C:\Users\Cherryckjj\Desktop\MEGAsync.lnk
2015-09-20 12:57 - 2015-09-20 12:57 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-09-20 12:57 - 2015-09-20 12:57 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\MEGAsync
2015-09-20 12:57 - 2015-09-20 12:57 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\Mega Limited
2015-09-07 16:11 - 2015-09-21 16:53 - 00000000 ____D C:\Users\Cherryckjj\Desktop\For Annie
2015-08-28 20:33 - 2015-09-21 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-28 20:31 - 2015-08-28 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-28 20:31 - 2015-08-28 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-28 20:31 - 2015-08-28 20:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 11:18 - 2015-04-28 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-27 10:43 - 2015-04-28 21:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-27 09:30 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 09:29 - 2015-04-28 19:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-09-27 04:08 - 2009-07-13 21:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-27 04:08 - 2009-07-13 21:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-27 03:02 - 2015-04-28 15:14 - 01092873 _____ C:\Windows\WindowsUpdate.log
2015-09-26 19:57 - 2009-07-13 22:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 19:53 - 2015-06-10 14:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-26 19:53 - 2015-04-29 02:41 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\HTC MediaHub
2015-09-26 19:53 - 2015-04-28 21:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-26 19:53 - 2015-04-28 15:46 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\Raptr
2015-09-26 19:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 19:53 - 2009-07-13 21:51 - 00052574 _____ C:\Windows\setupact.log
2015-09-26 14:48 - 2010-11-20 20:47 - 00213696 _____ C:\Windows\PFRO.log
2015-09-26 14:18 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-26 14:03 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\schemas
2015-09-24 21:47 - 2015-04-28 21:13 - 00002151 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 17:02 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-21 17:18 - 2015-04-28 15:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 17:18 - 2015-04-28 15:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 17:18 - 2015-04-28 15:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-21 16:57 - 2015-04-28 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-21 16:57 - 2009-07-13 21:45 - 00448880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-20 15:44 - 2015-06-25 18:55 - 00000000 ____D C:\ProgramData\NexonUS
2015-09-20 12:57 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-16 18:39 - 2015-08-05 22:35 - 00533522 _____ C:\Users\Cherryckjj\Desktop\2.jpeg
2015-09-16 18:38 - 2015-06-18 01:07 - 00194610 _____ C:\Users\Cherryckjj\Desktop\1.jpeg
2015-09-15 13:38 - 2015-04-28 21:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 13:38 - 2015-04-28 21:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-13 02:27 - 2015-04-28 21:12 - 00000000 ____D C:\Users\Cherryckjj\AppData\Local\Google
2015-09-09 22:03 - 2015-04-28 15:49 - 00115880 _____ C:\Users\Cherryckjj\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-09 13:45 - 2015-06-20 02:40 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\vlc
2015-09-04 10:39 - 2015-08-18 19:23 - 00000000 ____D C:\Users\Cherryckjj\AppData\Roaming\cobra
2015-09-04 10:25 - 2015-08-18 20:28 - 00000000 ____D C:\Program Files (x86)\CABAL2 (US)
2015-08-28 20:27 - 2015-05-29 00:32 - 00000258 __RSH C:\Users\Cherryckjj\ntuser.pol
2015-08-28 20:27 - 2015-04-28 15:14 - 00000000 ____D C:\Users\Cherryckjj

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 17:42

==================== End of FRST.txt ============================


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have Chrome set to Synch ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3730196113-1156908693-4138991567-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Cherryckjj\AppData\Local\Akamai\netsession_win.exe"
AppInit_DLLs-x32: C:\PROGRA~3\{0856E~1\1172~1.1\sefe.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324862&octid=EB_ORIGINAL_CTID&ISID=ME9E519D6-7ADB-4153-B697-1398B95785B1&SearchSource=55&CUI=&UM=5&UP=SPF204639E-FAB2-4C1D-B260-5B0F7D2AF554&SSPV=","hxxp://www.dregol.com/?f=7&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyDyDtAtA0E0E0E0DtDyEtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtAtAzztA0FyC0AtGzzzzyEzztGtA0FyEyEtGzytDzzyCtGyE0FtAtB0FtDzzzztAzzzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0C0E0F0CyB0EtGtDyBzzzztGyEtCyEtBtGzytCtCzytGzzyCtDyB0FtC0DyDyEyEtD0F2QtN0A0LzuyE&cr=673646921&ir="
CHR Extension: (EverSave) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddmfogomafbmjkfcpfpnjfgecnjffng [2015-09-26]
CHR Extension: (AVG Secure Search) - C:\Users\Cherryckjj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2015-09-26]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#13
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Yes, I have Chrome set to Synch.

Attached Files


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is the answer every time Chrome goes online it downloads the bad stuff again

Once you have done this could you give me a fresh FRST scan as it will probably have returned



Option 2: Stop and clear synced data (reset sync)https://support.goog...390059?hl=en-GB

If you want to stop your Google account from syncing to Chrome altogether, or need to reset sync, you can "stop and clear" your synced data.

To stop and clear your synced data or reset a sync passphrase, follow these steps:
1.Open your Google Dashboard. Make sure that you are signed in to your Google account.
2.Click Reset sync to stop syncing and clear all of your synced data.
3.Click OK.

Note: You only need to do this once. It will stop sync on all of your devices. Your data will still be available in Chrome on your device(s).
  • 0

#15
Snapples

Snapples

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Reset sync option did not work. Nothing happened.

 

Tried Option 2 and 1.

Unable to sign back in. Even reinstalled Chrome.

chrome_zpsi8tffcgt.png


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP