Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Promlems with Spyware and Malware that need removal. [Closed]

Started by sobertexan , Oct 18 2015 06:17 PM

This topic is locked

#1
sobertexan

Posted 18 October 2015 - 06:17 PM

New Member

Member
2 posts

Hello, after much unsafe usage of the internet I struggle to resolve issues with spyware and malware.

Here are my logs as requsted in the cleaning guide.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by Charles (administrator) on LENOVO-PC (18-10-2015 19:04:37)
Running from C:\Users\Charles\Desktop
Loaded Profiles: Charles (Available Profiles: Charles)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtITunesPlugIn.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
(BitTorrent Inc.) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Charles\AppData\Roaming\uTorrent\updates\3.4.6_41222\utorrentie.exe
(BitTorrent Inc.) C:\Users\Charles\AppData\Roaming\uTorrent\updates\3.4.6_41222\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-06-04] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-06-04] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-06-04] (Lenovo)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-06-04] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2015-08-02] (Vimicro)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-04-06] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-10-05] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286984 2015-10-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [598800 2015-09-16] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-03-03] (Google Inc.)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-08-27] (SlySoft, Inc.)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1411344 2015-09-14] (Lavasoft)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [uTorrent] => C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe [1801568 2015-10-09] (BitTorrent Inc.)
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [SmartRAM] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe [535840 2014-09-02] (IObit)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll [2012-06-04] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-06-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-06]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
BootExecute: SBBD.exe /D \Device\HarddiskVolume2\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions /Lautocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.11.254
Tcpip\..\Interfaces\{80428AE0-929D-4E1B-8758-7D9ABB7CC728}: [DhcpNameServer] 172.16.11.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKU\S-1-5-21-2021885835-1182754139-862849370-1001 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2021885835-1182754139-862849370-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2021885835-1182754139-862849370-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2021885835-1182754139-862849370-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-09-18] (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-09-16] (RealDownloader)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-09-16] (RealDownloader)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-08] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-08] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2021885835-1182754139-862849370-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-25] (Google Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.com/
hxxps://eztv-proxy.net/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: @real.com/nppl3260;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-10-06] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\user.js [2015-10-12]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-14] (Apple Inc.)
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\searchplugins\cassiopesa.xml [2015-10-09]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\Extensions\[email protected] [2015-10-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-27] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://kut.org/","hxxp://www.wbur.org/","hxxp://www.cassiopessa.com/?f=7&a=csp_tuto1_15_41&cd=2XzuyEtN2Y1L1QzutDzz0E0D0BzyzyyC0FyC0EtAyEyDzzyCtN0D0Tzu0StCtAyByBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCyByBtCyBtCtDtGyD0E0AyDtGyEtA0B0CtG0BtB0C0DtG0EtCyE0A0FyEzytDzzyBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyD0A0E0BtA0FtGyB0AtB0BtGyE0B0CyBtGzzyB0ByBtG0CzztBtCtAyB0A0D0DtAyCzz2QtN0A0LzuyE&cr=1538989228&ir="
CHR DefaultSearchURL: Default -> hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto1_15_41&cd=2XzuyEtN2Y1L1QzutDzz0E0D0BzyzyyC0FyC0EtAyEyDzzyCtN0D0Tzu0StCtAyByBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCyByBtCyBtCtDtGyD0E0AyDtGyEtA0B0CtG0BtB0C0DtG0EtCyE0A0FyEzytDzzyBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyD0A0E0BtA0FtGyB0AtB0BtGyE0B0CyBtGzzyB0ByBtG0CzztBtCtAyB0A0D0DtAyCzz2QtN0A0LzuyE&cr=1538989228&ir=
CHR DefaultSearchKeyword: Default -> cassiopesa.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TV) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-08-26]
CHR Extension: (YouTube) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-26]
CHR Extension: (Facebook) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-08-26]
CHR Extension: (Google Search) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-26]
CHR Extension: (Google+) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-08-26]
CHR Extension: (Google Calendar) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-08-26]
CHR Extension: (Pandora) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-08-26]
CHR Extension: (Full Screen Weather) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-08-26]
CHR Extension: (Google Voice (by Google)) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-08-26]
CHR Extension: (Google Maps) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-08-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-26]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-09-16]
CHR Extension: (Craigslist phone email search) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfjhkelppdhbjicdnimjimmdbehgfnd [2015-08-26]
CHR Extension: (Gmail) - C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-03-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-09-14] (Lavasoft Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-29] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-09-16] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1103656 2015-10-06] (RealNetworks, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [16656 2015-09-14] ()
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 FreeAgentGoFlex Service; no ImagePath
S2 SBAMSvc; no ImagePath
S2 sz7; no ImagePath
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-01-31] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-08-29] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-08-29] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [121616 2012-08-13] (High Criteria inc.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2015-08-02] (Vimicro Corporation)
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 CscService; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
S1 ppfd_vt_1_10_0_24; system32\drivers\ppfd_vt_1_10_0_24.sys [X]
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-18 19:04 - 2015-10-18 19:05 - 00035973 _____ C:\Users\Charles\Desktop\FRST.txt
2015-10-18 12:51 - 2015-10-18 19:04 - 00000000 ____D C:\FRST
2015-10-18 12:47 - 2015-10-18 12:49 - 02196992 _____ (Farbar) C:\Users\Charles\Desktop\FRST64.exe
2015-10-17 10:24 - 2015-10-17 20:59 - 00000850 _____ C:\Windows\setupact.log
2015-10-17 10:24 - 2015-10-17 10:24 - 00000000 _____ C:\Windows\setuperr.log
2015-10-11 18:23 - 2015-10-11 18:23 - 00000000 ____D C:\Program Files (x86)\Dell
2015-10-11 18:23 - 2002-10-15 15:59 - 00053248 _____ (Dell Computer Corporation) C:\Windows\SysWOW64\DellSys.dll
2015-10-11 18:22 - 2015-10-11 18:22 - 00000000 ____D C:\dell
2015-10-09 21:20 - 2015-10-09 21:20 - 00001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-10-09 19:27 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-09 19:27 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-09 19:27 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-09 19:27 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-09 19:27 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-09 19:27 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-09 19:27 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-09 19:19 - 2015-10-09 19:19 - 00000000 ____D C:\Program Files (x86)\predm
2015-10-09 19:09 - 2015-10-18 18:09 - 00000278 _____ C:\Windows\Tasks\Tny_Cassiopesa.job
2015-10-09 19:09 - 2015-10-09 19:09 - 00004168 _____ C:\Windows\System32\Tasks\Cassiopesa rose
2015-10-09 19:09 - 2015-10-09 19:09 - 00003224 _____ C:\Windows\System32\Tasks\Tny_Cassiopesa
2015-10-09 19:09 - 2015-10-09 19:09 - 00000000 ____D C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}
2015-10-09 19:02 - 2015-10-09 19:02 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-10-09 19:01 - 2015-10-09 19:01 - 00000000 ____D C:\ProgramData\LolliScan
2015-10-08 07:17 - 2015-10-08 07:17 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-08 07:17 - 2015-10-08 07:17 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-08 07:17 - 2015-10-08 07:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-08 07:17 - 2015-10-08 07:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-08 07:17 - 2015-10-08 07:17 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-06 16:58 - 2015-10-06 16:58 - 00003388 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2021885835-1182754139-862849370-1001
2015-10-06 16:48 - 2015-10-06 16:48 - 00003430 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2015-10-06 16:47 - 2015-10-06 16:47 - 00003368 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2021885835-1182754139-862849370-1001
2015-10-06 16:47 - 2015-10-06 16:47 - 00003238 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2021885835-1182754139-862849370-1001
2015-10-06 16:46 - 2015-10-06 16:46 - 00000000 ____D C:\ProgramData\RealNetworks
2015-10-06 16:45 - 2015-10-06 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-10-06 16:45 - 2015-10-06 16:45 - 00278792 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2015-10-06 16:45 - 2015-10-06 16:45 - 00200968 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2015-10-06 16:43 - 2015-10-06 16:49 - 00000000 ____D C:\ProgramData\Real
2015-10-05 21:33 - 2015-10-05 21:33 - 00000089 _____ C:\Users\Charles\Desktop\New Text Document.txt
2015-10-04 19:36 - 2015-10-04 19:36 - 00006992 _____ C:\Users\Charles\Documents\UDF1.nru
2015-10-04 15:40 - 2015-10-04 15:40 - 00002878 _____ C:\Windows\System32\Tasks\ASC8_SkipUac_Charles
2015-10-02 08:16 - 2015-10-10 01:43 - 00002589 _____ C:\Users\Charles\Desktop\CyberLink PowerDirector 13.lnk
2015-09-27 12:16 - 2015-09-27 12:16 - 00000000 ____D C:\Users\Charles\AppData\Roaming\ParetoLogic
2015-09-27 12:15 - 2015-09-28 18:24 - 00000000 ____D C:\ProgramData\ParetoLogic
2015-09-27 08:48 - 2015-09-27 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-09-25 23:25 - 2015-09-25 23:25 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-25 23:25 - 2015-09-25 23:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-25 23:25 - 2015-09-25 23:25 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-25 23:25 - 2015-09-25 23:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-25 23:25 - 2015-09-25 23:25 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-25 23:25 - 2015-09-25 23:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-25 23:25 - 2015-09-25 23:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-25 23:25 - 2015-09-25 23:25 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-25 23:25 - 2015-09-25 23:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-25 23:25 - 2015-09-25 23:25 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-25 23:25 - 2015-09-25 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-25 23:18 - 2015-09-25 23:18 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-25 23:14 - 2015-09-25 23:14 - 00003260 _____ C:\Windows\System32\Tasks\{D9E4BEAE-E68A-4A06-B22D-6A851023634C}
2015-09-25 21:48 - 2015-09-25 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-09-25 21:48 - 2015-09-25 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-09-25 21:46 - 2015-09-25 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2015-09-25 21:45 - 2015-09-25 21:45 - 00000000 ____D C:\Windows\PCHEALTH
2015-09-25 21:45 - 2015-09-25 21:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-09-25 21:42 - 2015-09-25 21:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-09-25 21:41 - 2015-09-25 21:41 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-25 21:39 - 2015-09-25 21:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-25 21:38 - 2015-09-25 21:38 - 00000000 __RHD C:\MSOCache
2015-09-25 21:28 - 2015-10-13 17:11 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-09-25 20:22 - 2015-10-16 06:44 - 00000000 ____D C:\Users\Charles\AppData\Local\27755
2015-09-25 09:21 - 2015-09-25 09:26 - 00000000 ____D C:\Temp
2015-09-25 09:21 - 2015-09-25 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
2015-09-25 09:19 - 2015-09-25 09:25 - 00000000 ____D C:\Program Files (x86)\coolpro2
2015-09-24 21:51 - 2015-09-24 21:51 - 00000000 ____D C:\Windows\System32\Tasks\Nero
2015-09-24 16:55 - 2015-09-24 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-09-24 16:55 - 2015-09-24 21:48 - 00000000 ____D C:\Program Files (x86)\Nero
2015-09-23 20:31 - 2015-09-23 20:32 - 00000000 ____D C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-09-23 13:36 - 2015-09-25 10:39 - 00000000 ____D C:\ProgramData\Nero
2015-09-23 13:36 - 2015-09-25 07:07 - 00000000 ____D C:\Users\Charles\AppData\Roaming\Nero
2015-09-23 12:15 - 2015-10-09 21:20 - 00002910 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Charles
2015-09-22 11:02 - 2015-09-22 11:02 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2015-09-21 23:29 - 2015-09-21 23:29 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-21 23:29 - 2015-09-21 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-21 21:59 - 2015-09-21 21:59 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-21 21:59 - 2015-09-21 21:59 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-18 11:52 - 2015-09-18 11:52 - 00000000 ____D C:\Users\Charles\AppData\Local\{52DD4572-C237-4309-BB7A-273F2C7AF9DC}
2015-09-18 11:51 - 2015-09-18 11:51 - 00000000 ____D C:\Users\Charles\AppData\Local\{1F8D8CD6-938E-4BA5-9063-714EB0A635B3}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-18 19:04 - 2015-09-14 23:25 - 00000000 ____D C:\Users\Charles\AppData\Roaming\uTorrent
2015-10-18 19:04 - 2012-06-04 03:46 - 01334922 _____ C:\Windows\WindowsUpdate.log
2015-10-18 18:08 - 2012-06-04 04:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-18 17:41 - 2015-08-26 18:01 - 00000000 ____D C:\Users\Charles\New Torrent
2015-10-18 17:26 - 2015-09-14 14:38 - 00000000 ____D C:\Users\Charles\trast torrents
2015-10-18 14:56 - 2015-08-26 18:01 - 00000000 ____D C:\Users\Charles\Utorrent
2015-10-18 14:34 - 2015-08-26 19:47 - 00000000 ____D C:\Users\Charles\Documents\My ISO Files
2015-10-18 14:08 - 2015-08-26 18:25 - 00000000 ____D C:\Users\Charles\AppData\Roaming\vlc
2015-10-18 14:08 - 2015-08-26 18:21 - 00000000 ____D C:\Users\Charles\AppData\Roaming\AvitoDvd
2015-10-18 12:21 - 2015-08-29 22:28 - 00000173 ___SH C:\ProgramData\.zreglib
2015-10-18 12:00 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-18 00:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2015-10-17 19:07 - 2012-06-04 04:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-16 21:11 - 2015-08-26 20:34 - 00000000 ____D C:\Users\Charles\AppData\LocalLow\uTorrent
2015-10-16 16:32 - 2015-08-26 15:34 - 00237759 _____ C:\FaceProv.log
2015-10-16 16:32 - 2012-06-04 04:23 - 00000000 ____D C:\ProgramData\VeriFace
2015-10-15 20:03 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-15 20:03 - 2009-07-13 23:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-13 17:19 - 2015-09-02 11:49 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 17:11 - 2015-08-29 23:08 - 00002880 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Charles)
2015-10-13 17:09 - 2012-06-04 04:26 - 00176930 _____ C:\Windows\system32\fastboot.set
2015-10-13 17:05 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-12 10:50 - 2015-08-26 18:01 - 00000000 ____D C:\Users\Charles\Microsoft Office 15
2015-10-12 10:50 - 2015-08-26 15:34 - 00000000 ____D C:\Users\Charles
2015-10-12 07:33 - 2015-08-29 21:37 - 00000000 ____D C:\ProgramData\ProductData
2015-10-10 07:03 - 2015-08-26 18:23 - 00000000 ____D C:\Users\Charles\AppData\Roaming\dvdcss
2015-10-10 04:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-10-09 21:40 - 2015-08-26 18:34 - 00000000 ____D C:\Users\Charles\Desktop\Security Tools
2015-10-09 20:02 - 2015-08-26 15:37 - 00001424 _____ C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-09 19:58 - 2015-08-27 02:07 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-09 19:58 - 2015-08-27 02:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-09 19:53 - 2015-08-29 11:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-09 19:37 - 2009-07-13 21:34 - 00000532 _____ C:\Windows\win.ini
2015-10-09 19:08 - 2015-08-27 03:06 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-10-08 22:39 - 2015-08-26 18:34 - 00000000 ____D C:\Users\Charles\Desktop\Shows
2015-10-06 21:55 - 2015-08-26 18:38 - 00000000 ___RD C:\Users\Charles\Desktop\video tools
2015-10-06 16:47 - 2015-08-28 22:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-06 16:47 - 2015-08-26 22:18 - 00000000 ____D C:\Program Files (x86)\Real
2015-10-06 16:47 - 2015-08-26 18:24 - 00000000 ____D C:\Users\Charles\AppData\Roaming\RealNetworks
2015-10-05 20:11 - 2015-08-27 03:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-05 19:15 - 2015-08-27 03:16 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-05 19:15 - 2015-08-27 03:16 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-05 19:15 - 2015-08-27 03:16 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-05 18:52 - 2009-07-13 23:45 - 00431560 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 04:02 - 2015-08-26 22:17 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-10-04 18:22 - 2015-08-26 20:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-04 18:21 - 2015-08-26 20:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-04 15:39 - 2015-08-29 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-10-04 15:39 - 2015-08-29 21:37 - 00000000 ____D C:\ProgramData\IObit
2015-10-02 12:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-10-01 07:13 - 2015-08-26 18:08 - 00000000 ____D C:\Users\Charles\AppData\Local\Nero
2015-09-30 22:47 - 2015-08-26 18:04 - 00000000 ____D C:\ProgramData\CyberLink
2015-09-27 14:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-27 08:48 - 2015-08-29 21:36 - 00000000 ____D C:\Program Files (x86)\IObit
2015-09-27 08:48 - 2015-08-26 18:23 - 00000000 ____D C:\Users\Charles\AppData\Roaming\IObit
2015-09-25 22:15 - 2015-08-26 15:38 - 00115632 _____ C:\Users\Charles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-25 21:48 - 2011-10-10 03:19 - 00000000 ____D C:\Windows\ShellNew
2015-09-25 21:47 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-09-25 21:45 - 2012-06-04 04:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-09-25 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-25 20:45 - 2015-09-15 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
2015-09-25 20:45 - 2015-09-14 15:26 - 00000000 ____D C:\Users\Charles\Desktop\Drive utilities
2015-09-25 09:25 - 2015-09-05 15:27 - 00000000 ____D C:\Users\Charles\Documents\CoolEdit Pro
2015-09-25 09:21 - 2009-07-13 21:34 - 00000247 _____ C:\Windows\system.ini
2015-09-24 19:23 - 2015-09-06 14:38 - 00003516 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2015-09-24 13:09 - 2015-09-15 17:16 - 00000000 ____D C:\Program Files (x86)\iS3
2015-09-24 12:35 - 2015-09-15 17:17 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-09-23 22:50 - 2015-08-26 18:23 - 00000000 ____D C:\Users\Charles\AppData\Roaming\Lavasoft
2015-09-23 22:48 - 2015-08-31 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-09-23 07:24 - 2015-08-26 22:17 - 00000000 ____D C:\Program Files (x86)\NewBlue
2015-09-23 07:24 - 2015-08-26 21:41 - 00000000 ____D C:\Program Files\NewBlue
2015-09-22 11:07 - 2015-09-01 18:58 - 00007610 _____ C:\Users\Charles\AppData\Local\resmon.resmoncfg
2015-09-22 11:04 - 2015-09-14 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-09-22 11:04 - 2015-09-04 11:49 - 00000000 ____D C:\ProgramData\Western Digital
2015-09-22 11:02 - 2015-09-04 11:50 - 00000000 ____D C:\Program Files (x86)\Western Digital
2015-09-21 23:11 - 2015-08-26 22:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-21 23:11 - 2015-08-26 21:37 - 00000000 ____D C:\Program Files\iTunes
2015-09-21 23:10 - 2015-08-26 21:37 - 00000000 ____D C:\Program Files\iPod
2015-09-21 22:08 - 2015-08-26 22:12 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-21 22:08 - 2015-08-26 21:23 - 00000000 ____D C:\Program Files\Bonjour
2015-09-21 21:59 - 2015-08-26 22:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-21 20:48 - 2015-08-26 18:34 - 00002608 _____ C:\Users\Charles\Desktop\food.txt
2015-09-20 05:13 - 2015-09-03 22:29 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-20 05:13 - 2015-08-26 21:22 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-18 00:36 - 2015-08-27 21:05 - 00000000 ____D C:\Users\Public\CyberLink

==================== Files in the root of some directories =======

2015-08-26 22:18 - 2015-02-05 10:44 - 6103040 _____ () C:\Program Files (x86)\GUT52A.tmp
2015-08-26 18:19 - 2015-08-16 22:33 - 0000626 _____ () C:\Users\Charles\AppData\Roaming\9mFPzvvvtd0VSLIKZ
2015-08-26 18:19 - 2012-09-14 16:21 - 0037875 _____ () C:\Users\Charles\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-08-26 18:19 - 2015-05-14 11:41 - 0012968 _____ () C:\Users\Charles\AppData\Roaming\Comma Separated Values (DOS).CAL
2015-09-27 12:16 - 2015-09-28 18:23 - 0000115 _____ () C:\Users\Charles\AppData\Roaming\LogFile.txt
2015-08-26 18:19 - 2013-04-10 18:18 - 0000005 _____ () C:\Users\Charles\AppData\Roaming\mbam.context.scan
2015-08-26 18:19 - 2015-04-13 14:31 - 0000178 _____ () C:\Users\Charles\AppData\Roaming\settings.xml
2015-08-26 18:19 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Charles\AppData\Roaming\Tvy39PcAFAhlr3reHo
2015-08-26 18:07 - 2015-07-18 22:03 - 0022016 _____ () C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-26 18:07 - 2014-09-09 18:45 - 0000916 _____ () C:\Users\Charles\AppData\Local\recently-used.xbel
2015-09-01 18:58 - 2015-09-22 11:07 - 0007610 _____ () C:\Users\Charles\AppData\Local\resmon.resmoncfg
2015-08-26 18:07 - 2012-10-13 08:43 - 0017408 _____ () C:\Users\Charles\AppData\Local\WebpageIcons.db
2015-08-29 22:28 - 2015-10-18 12:21 - 0000173 ___SH () C:\ProgramData\.zreglib

Some zero byte size files/folders:
==========================
C:\Windows\myml.exe
C:\Windows\yml.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-11 00:32

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by Charles (2015-10-18 19:05:28)
Running from C:\Users\Charles\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-08-26 20:34:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2021885835-1182754139-862849370-500 - Administrator - Disabled)
Charles (S-1-5-21-2021885835-1182754139-862849370-1001 - Administrator - Enabled) => C:\Users\Charles
Guest (S-1-5-21-2021885835-1182754139-862849370-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\uTorrent) (Version: 3.4.6.41222 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{21C38934-35B7-09CC-C078-8FFA0FE33B12}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CloneCD (HKLM-x32\...\CloneCD) (Version: 5.3.2.0 - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
Cool Edit Pro 2.0 (HKLM-x32\...\Cool Edit Pro 2.0) (Version: - )
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2104.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version: - EaseUS)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.57 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.6 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.6 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0011.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.1009 - Nero AG)
Nero Prerequisite Installer 3.0 (HKLM-x32\...\{929FAC65-06DD-4577-882C-E8A558C47B75}) (Version: 15.0.00900 - Nero AG)
Nsd (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.7 - Lenovo)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Prerequisite installer (x32 Version: 15.0.0010 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.0.1233 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.0.1243 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
Seagate Drive Settings Installer (x32 Version: 1.00.0000 - Seagate Technologies LLC) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
STOPzilla AntiVirus 7 (HKLM-x32\...\{9BF28B89-3A53-4A4F-ACEF-7392D37853E4}) (Version: 7.0.3.111 - iS3, Inc.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
Total Recorder 8.3 VideoPro Edition (HKLM-x32\...\TotalRecorder) (Version: - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD Backup (HKLM-x32\...\{287f7ebc-dcec-44cf-a26a-f644d74c4743}) (Version: 1.1.5574.21504 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.1.5574.21504 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{79442d1d-135c-4351-a175-ff1361e60c86}) (Version: 2.1.1108.2313 - Lavasoft)
Windows Driver Package - AMD (amd_sata) HDC (02/29/2012 1.2.001.0329) (HKLM\...\6B8E1A1F66530D1007E76B160344744410226592) (Version: 02/29/2012 1.2.001.0329 - AMD)
Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2021885835-1182754139-862849370-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-10-13 17:05 - 00001757 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 199.7.52.190
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72
127.0.0.1     license.superantispyware.com
127.0.0.1     license.superantispyware.com
127.0.0.1     license.superantispyware.com
0.0.0.1   mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00720DBA-A4F5-4449-B4FB-219AB107400D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {18DE1248-5F56-40B1-8E1A-346A42D6D841} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {1E805C94-1DFA-433E-8B59-C7D559E44176} - System32\Tasks\{8C5173BC-EA48-46E7-AF2C-53F5E1A2D1E7} => pcalua.exe -a "C:\Users\Charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFYJ3B8V\JavaSetup8u60.exe" -d C:\Users\Charles\Desktop
Task: {2800888E-7E88-450D-9992-4D76F9557F49} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {29D6EE3C-53F1-4B10-A94B-68206F9A97F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3C7E03B4-3AC4-4457-9980-B0299F61873D} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-09-16] ()
Task: {3DB28FE0-FB84-4A7E-94F4-D7969FD21E96} - System32\Tasks\{D9E4BEAE-E68A-4A06-B22D-6A851023634C} => pcalua.exe -a "C:\Program Files (x86)\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB3001652.exe" -d C:\Windows\system32 -c /quiet /norestart
Task: {513B2D10-F4F2-422B-AF84-88A762DF6D85} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {52412364-39D9-4EB3-BD3B-0F0AD03F3CD5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {5485E24F-32A6-459F-9E46-2A841213BF1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {5BE2301D-9F92-4C07-8E0D-E16480BEBD06} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-09-24] (Nero AG)
Task: {6312AAF9-49C9-4D43-85FF-A9C47918BE5A} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2010-06-28] (Enigma Software Group USA, LLC.)
Task: {67BD7823-F4FA-4BA3-A445-BF72ACE9C3B7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {6970C80E-E21C-4794-927C-E6C920455897} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2021885835-1182754139-862849370-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {7D1B6504-E388-4B96-BBFD-C8BBA70ADFAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {8DC26E20-CDDB-4BCC-8E08-EC586C9292D5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {9A32F0BF-02EC-4E4A-BBEC-61B1EDEEC067} - System32\Tasks\Uninstaller_SkipUac_Charles => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-09-18] (IObit)
Task: {9FB09915-5223-42C1-BF45-3FBE5D542E1E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-05] (Adobe Systems Incorporated)
Task: {A2D27EFE-5880-49C3-B136-C78734A0694C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {B243E2F8-E245-46DE-8400-4B106DFE90AD} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {B98F25AA-8D19-46DE-81A3-DC1E2B8F1F9C} - System32\Tasks\ASC8_SkipUac_Charles => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {BCF79F91-8907-492E-9C01-37057D416A65} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2021885835-1182754139-862849370-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {D7E59EBE-88B1-448A-B401-F20F8904C263} - System32\Tasks\Driver Booster SkipUAC (Charles) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {D98D8CEB-2EDC-443C-88AB-99CE5E974B27} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2021885835-1182754139-862849370-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-09-16] (RealNetworks, Inc.)
Task: {DF6D1216-1D1A-4AEF-B7C9-FEF5CF485542} - System32\Tasks\Tny_Cassiopesa => C:\Users\Charles\AppData\Local\{37B90~1\UNINST~1.EXE
Task: {E9E335F9-1477-4CD3-95E5-C2B6B29459B6} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {EC2AD133-C966-4209-9AEE-8A08ED2BCC1C} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-07-20] (IObit)
Task: {F1967A2C-3C90-4B2B-9490-2E72D4CE63C3} - System32\Tasks\Cassiopesa rose => Wscript.exe "C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}\2.0.1.9\sodo.txt" "433a2f50726f6772616d446174612f7b30333644454241452d353345462d334132382d453236392d3441414133324542393932347d2f322e302e312e392f726f73652e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" "//E:jscript"
Task: {F42F3B7E-4FCA-46B0-84C0-3289F4D799EA} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tny_Cassiopesa.job => C:\Users\Charles\AppData\Local\{37B90~1\UNINST~1.EXE

==================== Loaded Modules (Whitelisted) ==============

2011-06-02 15:58 - 2011-06-02 15:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 15:59 - 2011-06-02 15:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-04 04:23 - 2012-06-04 04:23 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2012-06-04 04:23 - 2012-06-04 04:23 - 00628064 _____ () C:\Windows\system32\SimpleExt.dll
2012-03-23 01:16 - 2012-03-23 01:16 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-08-26 21:42 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-12-20 05:20 - 2012-06-04 04:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 18:22 - 2012-06-04 04:25 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 05:20 - 2012-06-04 04:25 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-06-04 04:20 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2012-06-04 04:20 - 2012-06-04 04:20 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-09-16 18:26 - 2015-09-16 18:26 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2012-03-23 01:16 - 2012-03-23 01:16 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-02-10 12:59 - 2012-02-10 12:59 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-23 01:16 - 2012-03-23 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2015-09-16 16:31 - 2015-09-16 16:31 - 00598800 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-09-27 08:48 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2015-08-26 22:13 - 2010-05-18 16:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll
2015-09-02 12:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-02 12:29 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-02 12:29 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-02 12:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-02 12:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-06-02 15:57 - 2011-06-02 15:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 15:58 - 2011-06-02 15:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-06-04 04:23 - 2012-06-04 04:23 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2011-06-28 01:28 - 2011-06-28 01:28 - 00042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2015-08-29 21:37 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-08-26 22:14 - 2015-09-14 00:23 - 00083728 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-08-26 22:14 - 2015-09-14 00:23 - 00255248 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-08-26 22:14 - 2015-09-14 00:23 - 00049936 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-08-26 22:14 - 2015-09-14 00:23 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-08-26 22:14 - 2015-09-14 00:23 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-08-26 22:14 - 2015-09-14 00:23 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-09-16 18:26 - 2015-09-16 18:26 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-09-16 18:26 - 2015-09-16 18:26 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-09-16 18:26 - 2015-09-16 18:26 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-08-29 21:37 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-08-29 21:37 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-08-29 21:37 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-09-27 08:48 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-09-27 08:48 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-09-27 08:52 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-29 21:37 - 2015-09-18 13:48 - 00348960 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-08-29 21:37 - 2015-09-18 13:47 - 00183584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-08-29 21:37 - 2015-09-18 13:48 - 00050976 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-09-16 16:31 - 2015-09-16 16:31 - 00066832 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 00:11 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-08-29 21:37 - 2014-12-10 09:14 - 01284896 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\Scan.dll
2015-10-14 16:22 - 2015-10-08 19:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-14 16:22 - 2015-10-08 19:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2015-08-26 22:18 - 2015-05-16 14:47 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-08-26 22:18 - 2015-10-06 16:45 - 00653096 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2015-09-23 12:57 - 2015-09-23 12:57 - 17592008 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\webcompanion.com -> hxxp://webcompanion.com

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 19289 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2021885835-1182754139-862849370-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.11.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{13560174-7E6B-480A-A767-A76D5CD1626E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F1593121-AF43-46F1-902D-1D2D3CD68BCD}] => (Allow) LPort=2869
FirewallRules: [{4967D7E6-316D-43E0-A197-BA2E012BBE2C}] => (Allow) LPort=1900
FirewallRules: [{4C940F9A-B5A0-49CA-B83F-8A095F960AA4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{58BE367A-F410-4A12-9F8A-F5EFB715D0E1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1648AC71-C8CF-4B3C-95CD-FACDF9514220}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB6B6E8E-37BD-44B9-8287-BC37FF6302D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0911886A-C086-49F5-A7E4-D3BA88706515}] => (Allow) LPort=8888
FirewallRules: [{F0E66CC3-4C8B-494F-A1D2-588AB335D40D}] => (Allow) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DDB5DE39-B174-4EED-9D64-F4D5C1A6F809}] => (Allow) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CBB1B05A-A6B1-49F8-9D99-DFE98AE18B1A}] => (Allow) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8B48DDEC-1A69-47B0-A32A-3DAA3D4BDDC7}] => (Allow) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F4D20C8E-F93B-4417-A56E-7531E86AEE34}] => (Allow) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E861C2B3-52F4-45DB-B8B1-64C8D4BD464B}] => (Allow) C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83B58F50-1658-4E91-ADD9-3F4F074E56B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1A795681-9F64-4D41-8E95-19AA2388043B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{747E1493-55B8-495B-B665-3345EFF8A18E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C9DB5627-2BA7-4689-BC57-760241D411D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E570B0D-8DAC-4199-AF5F-7E68FCBB0D8D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{04E36529-3AD3-4877-A89C-9AAC39BAFBE3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{18D85FF9-3EF5-47B2-8F3F-EF71EC6C2919}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{D6C33C75-AAEE-4E6C-9DCC-63810214085F}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{39448AA2-9033-46D0-8648-F73A6CA395BE}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{B84B7D5B-7F7D-4E11-AF02-7F4A1117E008}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{47A53C72-74EA-47C7-9F2A-84A4A8BA8289}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{A8918583-F53F-4046-B11A-DCA2A398440D}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{E5A6A50D-2D5B-4AC6-8021-0B5BE6A79658}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{768A9441-3ADC-4F23-8BBF-7C535A341FFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom Bluetooth 4.0 USB
Description: Broadcom Bluetooth 4.0 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ppfd_vt_1_10_0_24
Description: ppfd_vt_1_10_0_24
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ppfd_vt_1_10_0_24
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2015 02:00:06 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (10/17/2015 02:48:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x8294
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3

Error: (10/17/2015 02:00:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).

Error: (10/16/2015 05:06:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.6.41222 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bc8

Start Time: 01d1085e1f8611f4

Termination Time: 20

Application Path: C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 1cc196af-7452-11e5-9602-047d7be8fcb3

Error: (10/16/2015 05:01:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.6.41222 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2d28

Start Time: 01d1062a1121ceab

Termination Time: 0

Application Path: C:\Users\Charles\AppData\Roaming\uTorrent\uTorrent.exe

Report Id:

Error: (10/16/2015 04:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33748492

Error: (10/16/2015 04:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33748492

Error: (10/16/2015 04:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/16/2015 04:19:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33738602

Error: (10/16/2015 04:19:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33738602

System errors:
=============
Error: (10/18/2015 11:31:34 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/18/2015 10:10:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 115.25.0.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 10:10:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.207.3452.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 10:10:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.207.3452.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 10:10:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.207.3452.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 04:53:27 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 115.25.0.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 04:53:27 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.207.3452.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 04:53:27 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.207.3452.0

   Update Source: %NT AUTHORITY51

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\NETWORK SERVICE

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/18/2015 04:53:26 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

   New Signature Version:

   Previous Signature Version: 1.207.3452.0

   Update Source: %NT AUTHORITY59

   Update Stage: 4.8.0204.00

   Source Path: 4.8.0204.01

   Signature Type: %NT AUTHORITY602

   Update Type: %NT AUTHORITY604

   User: NT AUTHORITY\SYSTEM

   Current Engine Version: %NT AUTHORITY605

   Previous Engine Version: %NT AUTHORITY606

   Error code: %NT AUTHORITY607

   Error description: %NT AUTHORITY608

Error: (10/16/2015 04:19:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RealPlayerUpdateSvc service.

CodeIntegrity:
===================================
Date: 2015-10-16 18:43:16.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23226_none_b5f2ae05e1eb0356\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:16.689
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23226_none_b5f2ae05e1eb0356\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:16.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23226_none_b5f2ae05e1eb0356\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:16.169
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.23226_none_b5f2ae05e1eb0356\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:15.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_b5640de2c8d1e7b2\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:15.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_b5640de2c8d1e7b2\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:15.319
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_b5640de2c8d1e7b2\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:15.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_b5640de2c8d1e7b2\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:14.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_bfb8b834fd32a9ad\appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-16 18:43:14.387
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare 8\KB3097966.cab_Temp\15368C05-C7F3-48A4-8BE5-71F63CD46835\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.19021_none_bfb8b834fd32a9ad\appidapi.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A10-4600M APU with Radeon™ HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 7608.98 MB
Available physical RAM: 3391.16 MB
Total Virtual: 15216.16 MB
Available Virtual: 8491.71 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:143.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Fixed) (Total:24.73 GB) (Free:22.15 GB) NTFS
Drive f: (Seagate) (Fixed) (Total:3725.9 GB) (Free:3159.34 GB) NTFS
Drive g: (My Book) (Fixed) (Total:3725.87 GB) (Free:2879.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E6123A8B)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 2B2025C9)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

==================== End of Addition.txt ============================

Thanks in advance for any help possible. Charles

#2
Essexboy

Posted 19 October 2015 - 08:44 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you let me know what your problems are after this run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1411344 2015-09-14] (Lavasoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
FF user.js: detected! => C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\user.js [2015-10-12]
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\searchplugins\cassiopesa.xml [2015-10-09]
CHR StartupUrls: Default -> "hxxp://kut.org/","hxxp://www.wbur.org/","hxxp://www.cassiopessa.com/?f=7&a=csp_tuto1_15_41&cd=2XzuyEtN2Y1L1QzutDzz0E0D0BzyzyyC0FyC0EtAyEyDzzyCtN0D0Tzu0StCtAyByBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCyByBtCyBtCtDtGyD0E0AyDtGyEtA0B0CtG0BtB0C0DtG0EtCyE0A0FyEzytDzzyBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyD0A0E0BtA0FtGyB0AtB0BtGyE0B0CyBtGzzyB0ByBtG0CzztBtCtAyB0A0D0DtAyCzz2QtN0A0LzuyE&cr=1538989228&ir="
CHR DefaultSearchURL: Default -> hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto1_15_41&cd=2XzuyEtN2Y1L1QzutDzz0E0D0BzyzyyC0FyC0EtAyEyDzzyCtN0D0Tzu0StCtAyByBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCyByBtCyBtCtDtGyD0E0AyDtGyEtA0B0CtG0BtB0C0DtG0EtCyE0A0FyEzytDzzyBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyD0A0E0BtA0FtGyB0AtB0BtGyE0B0CyBtGzzyB0ByBtG0CzztBtCtAyB0A0D0DtAyCzz2QtN0A0LzuyE&cr=1538989228&ir=
CHR DefaultSearchKeyword: Default -> cassiopesa.com
S2 FreeAgentGoFlex Service; no ImagePath
S2 sz7; no ImagePath
2015-10-09 19:09 - 2015-10-18 18:09 - 00000278 _____ C:\Windows\Tasks\Tny_Cassiopesa.job
2015-10-09 19:09 - 2015-10-09 19:09 - 00004168 _____ C:\Windows\System32\Tasks\Cassiopesa rose
2015-10-09 19:09 - 2015-10-09 19:09 - 00003224 _____ C:\Windows\System32\Tasks\Tny_Cassiopesa
2015-10-09 19:09 - 2015-10-09 19:09 - 00000000 ____D C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}
2015-10-09 19:02 - 2015-10-09 19:02 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-10-09 19:01 - 2015-10-09 19:01 - 00000000 ____D C:\ProgramData\LolliScan
2015-09-25 20:22 - 2015-10-16 06:44 - 00000000 ____D C:\Users\Charles\AppData\Local\27755
2015-09-18 11:52 - 2015-09-18 11:52 - 00000000 ____D C:\Users\Charles\AppData\Local\{52DD4572-C237-4309-BB7A-273F2C7AF9DC}
2015-09-18 11:51 - 2015-09-18 11:51 - 00000000 ____D C:\Users\Charles\AppData\Local\{1F8D8CD6-938E-4BA5-9063-714EB0A635B3}
2015-08-26 18:19 - 2015-08-16 22:33 - 0000626 _____ () C:\Users\Charles\AppData\Roaming\9mFPzvvvtd0VSLIKZ
2015-08-26 18:19 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Charles\AppData\Roaming\Tvy39PcAFAhlr3reHo
2015-09-20 05:13 - 2015-09-03 22:29 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-20 05:13 - 2015-08-26 21:22 - 00000000 ____D C:\Program Files\AVAST Software
Task: {1E805C94-1DFA-433E-8B59-C7D559E44176} - System32\Tasks\{8C5173BC-EA48-46E7-AF2C-53F5E1A2D1E7} => pcalua.exe -a "C:\Users\Charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFYJ3B8V\JavaSetup8u60.exe" -d C:\Users\Charles\Desktop
Task: {DF6D1216-1D1A-4AEF-B7C9-FEF5CF485542} - System32\Tasks\Tny_Cassiopesa => C:\Users\Charles\AppData\Local\{37B90~1\UNINST~1.EXE
Task: {F1967A2C-3C90-4B2B-9490-2E72D4CE63C3} - System32\Tasks\Cassiopesa rose => Wscript.exe "C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}\2.0.1.9\sodo.txt" "433a2f50726f6772616d446174612f7b30333644454241452d353345462d334132382d453236392d3441414133324542393932347d2f322e302e312e392f726f73652e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" "//E:jscript"
Task: C:\Windows\Tasks\Tny_Cassiopesa.job => C:\Users\Charles\AppData\Local\{37B90~1\UNINST~1.EXE
IE trusted site: HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
C:\Windows\myml.exe
C:\Windows\yml.exe
C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}
BootExecute: SBBD.exe /D \Device\HarddiskVolume2\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions /Lautocheck autochk * 搀渀挀氀攀愀渀㘀㐀⸀攀砀攀
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#3
sobertexan

Posted 23 October 2015 - 09:02 PM

New Member

Topic Starter
Member
2 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Charles (2015-10-23 21:30:20) Run:1
Running from C:\Users\Charles\Desktop
Loaded Profiles: Charles (Available Profiles: Charles)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1411344 2015-09-14] (Lavasoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
FF user.js: detected! => C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\user.js [2015-10-12]
FF SearchPlugin: C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\searchplugins\cassiopesa.xml [2015-10-09]
CHR StartupUrls: Default -> "hxxp://kut.org/","hxxp://www.wbur.org/","hxxp://www.cassiopessa.com/?f=7&a=csp_tuto1_15_41&cd=2XzuyEtN2Y1L1QzutDzz0E0D0BzyzyyC0FyC0EtAyEyDzzyCtN0D0Tzu0StCtAyByBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCyByBtCyBtCtDtGyD0E0AyDtGyEtA0B0CtG0BtB0C0DtG0EtCyE0A0FyEzytDzzyBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyD0A0E0BtA0FtGyB0AtB0BtGyE0B0CyBtGzzyB0ByBtG0CzztBtCtAyB0A0D0DtAyCzz2QtN0A0LzuyE&cr=1538989228&ir="
CHR DefaultSearchURL: Default -> hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tuto1_15_41&cd=2XzuyEtN2Y1L1QzutDzz0E0D0BzyzyyC0FyC0EtAyEyDzzyCtN0D0Tzu0StCtAyByBtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StAtCyByBtCyBtCtDtGyD0E0AyDtGyEtA0B0CtG0BtB0C0DtG0EtCyE0A0FyEzytDzzyBtCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyD0A0E0BtA0FtGyB0AtB0BtGyE0B0CyBtGzzyB0ByBtG0CzztBtCtAyB0A0D0DtAyCzz2QtN0A0LzuyE&cr=1538989228&ir=
CHR DefaultSearchKeyword: Default -> cassiopesa.com
S2 FreeAgentGoFlex Service; no ImagePath
S2 sz7; no ImagePath
2015-10-09 19:09 - 2015-10-18 18:09 - 00000278 _____ C:\Windows\Tasks\Tny_Cassiopesa.job
2015-10-09 19:09 - 2015-10-09 19:09 - 00004168 _____ C:\Windows\System32\Tasks\Cassiopesa rose
2015-10-09 19:09 - 2015-10-09 19:09 - 00003224 _____ C:\Windows\System32\Tasks\Tny_Cassiopesa
2015-10-09 19:09 - 2015-10-09 19:09 - 00000000 ____D C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}
2015-10-09 19:02 - 2015-10-09 19:02 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2015-10-09 19:01 - 2015-10-09 19:01 - 00000000 ____D C:\ProgramData\LolliScan
2015-09-25 20:22 - 2015-10-16 06:44 - 00000000 ____D C:\Users\Charles\AppData\Local\27755
2015-09-18 11:52 - 2015-09-18 11:52 - 00000000 ____D C:\Users\Charles\AppData\Local\{52DD4572-C237-4309-BB7A-273F2C7AF9DC}
2015-09-18 11:51 - 2015-09-18 11:51 - 00000000 ____D C:\Users\Charles\AppData\Local\{1F8D8CD6-938E-4BA5-9063-714EB0A635B3}
2015-08-26 18:19 - 2015-08-16 22:33 - 0000626 _____ () C:\Users\Charles\AppData\Roaming\9mFPzvvvtd0VSLIKZ
2015-08-26 18:19 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Charles\AppData\Roaming\Tvy39PcAFAhlr3reHo
2015-09-20 05:13 - 2015-09-03 22:29 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-20 05:13 - 2015-08-26 21:22 - 00000000 ____D C:\Program Files\AVAST Software
Task: {1E805C94-1DFA-433E-8B59-C7D559E44176} - System32\Tasks\{8C5173BC-EA48-46E7-AF2C-53F5E1A2D1E7} => pcalua.exe -a "C:\Users\Charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFYJ3B8V\JavaSetup8u60.exe" -d C:\Users\Charles\Desktop
Task: {DF6D1216-1D1A-4AEF-B7C9-FEF5CF485542} - System32\Tasks\Tny_Cassiopesa => C:\Users\Charles\AppData\Local\{37B90~1\UNINST~1.EXE
Task: {F1967A2C-3C90-4B2B-9490-2E72D4CE63C3} - System32\Tasks\Cassiopesa rose => Wscript.exe "C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}\2.0.1.9\sodo.txt" "433a2f50726f6772616d446174612f7b30333644454241452d353345462d334132382d453236392d3441414133324542393932347d2f322e302e312e392f726f73652e646c6c" "687474703a2f2f73616f2e63737062696e742e636f6d2f" "--IsErIk" "//E:jscript"
Task: C:\Windows\Tasks\Tny_Cassiopesa.job => C:\Users\Charles\AppData\Local\{37B90~1\UNINST~1.EXE
IE trusted site: HKU\S-1-5-21-2021885835-1182754139-862849370-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Lavasoft
C:\Windows\myml.exe
C:\Windows\yml.exe
C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}
BootExecute: SBBD.exe /D \Device\HarddiskVolume2\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions /Lautocheck autochk * ?????????????
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\user.js => not found.
"C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\yljqov4z.default-1442461340935\searchplugins\cassiopesa.xml" => not found.
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
FreeAgentGoFlex Service => service removed successfully
sz7 => service removed successfully
"C:\Windows\Tasks\Tny_Cassiopesa.job" => not found.
"C:\Windows\System32\Tasks\Cassiopesa rose" => not found.
"C:\Windows\System32\Tasks\Tny_Cassiopesa" => not found.
"C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}" => not found.
C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 => moved successfully
"C:\ProgramData\LolliScan" => not found.
"C:\Users\Charles\AppData\Local\27755" => not found.
C:\Users\Charles\AppData\Local\{52DD4572-C237-4309-BB7A-273F2C7AF9DC} => moved successfully
C:\Users\Charles\AppData\Local\{1F8D8CD6-938E-4BA5-9063-714EB0A635B3} => moved successfully
C:\Users\Charles\AppData\Roaming\9mFPzvvvtd0VSLIKZ => moved successfully
C:\Users\Charles\AppData\Roaming\Tvy39PcAFAhlr3reHo => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files\AVAST Software => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E805C94-1DFA-433E-8B59-C7D559E44176}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E805C94-1DFA-433E-8B59-C7D559E44176}" => key removed successfully
C:\Windows\System32\Tasks\{8C5173BC-EA48-46E7-AF2C-53F5E1A2D1E7} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C5173BC-EA48-46E7-AF2C-53F5E1A2D1E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF6D1216-1D1A-4AEF-B7C9-FEF5CF485542}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF6D1216-1D1A-4AEF-B7C9-FEF5CF485542}" => key removed successfully
C:\Windows\System32\Tasks\Tny_Cassiopesa => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tny_Cassiopesa => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1967A2C-3C90-4B2B-9490-2E72D4CE63C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1967A2C-3C90-4B2B-9490-2E72D4CE63C3}" => key removed successfully
C:\Windows\System32\Tasks\Cassiopesa rose => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa rose => key not found.
C:\Windows\Tasks\Tny_Cassiopesa.job => not found.
"HKU\S-1-5-21-2021885835-1182754139-862849370-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully

"C:\Program Files (x86)\Lavasoft" folder move:

Could not move "C:\Program Files (x86)\Lavasoft" => Scheduled to move on reboot.

C:\Windows\myml.exe => moved successfully
C:\Windows\yml.exe => moved successfully
"C:\ProgramData\{036DEBAE-53EF-3A28-E269-4AAA32EB9924}" => not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2021885835-1182754139-862849370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C061B53F-D287-4B4D-8181-66690027DC01}.
Unable to cancel {890E8064-B119-4609-8219-1EDB4D8E4C1B}.
Unable to cancel {6AA0E109-05E6-4423-80D8-3F369069F310}.
Unable to cancel {DDD92BDA-97DA-46B1-914C-849C483F9483}.
{81E87A7D-CAA6-468C-96CF-5ADA5FAFE8E7} canceled.
{FCB1CFE5-7F37-477F-9329-CD3E433B893E} canceled.
2 out of 6 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 429.2 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-23 21:44:48)

C:\Program Files (x86)\Lavasoft => Is moved successfully

==== End of Fixlog 21:44:48 ====

#4
Essexboy

Posted 24 October 2015 - 03:47 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you now run AdwCleaner and let me know how the computer is

#5
Essexboy

Posted 28 October 2015 - 08:54 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.