Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows searh not wrking system slow and eratic [Closed]

malware virus pup

  • This topic is locked This topic is locked

#1
razmage11

razmage11

    New Member

  • Member
  • Pip
  • 2 posts
:alarm: hi i need help i tried sfc not working 
windows search wont open im sure i got a virus or malware still ive used adw ,rogue killer 
and hitman pro still buggy
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by vbn cnm (administrator) on KLOWDS (14-11-2015 18:21:55)
Running from C:\Users\klowwds\Downloads
Loaded Profiles: vbn cnm (Available Profiles: yeti & vbn cnm & Administrator)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
() C:\Windows\[email protected]
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [oasi_en_323010107] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-17] (Siber Systems)
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\RunOnce: [Uninstall C:\Users\vbn cnm\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vbn cnm\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
IFEO\OSppSvc.exe: [Debugger] [email protected]
IFEO\SppExtComObj.exe: [Debugger] [email protected]
Startup: C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemmgr.lnk [2015-11-14]
ShortcutTarget: systemmgr.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4e95774d-8779-464a-9119-19bc6861ef7d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b0e4835a-4f84-4aa7-a679-9b065e232a7c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e4c05268-1762-4dcd-a558-9d6740897185}: [DhcpNameServer] 192.168.44.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-877872159-248972997-1231205137-1020\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-1020 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-17] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-13] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150305-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150421-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-13] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-09-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://att.yahoo.com/","hxxps://www.google.com/webhp?ei=dG7XVJTTD9eWyQS5i4IQ&ved=0CAQQqS4oAQ"
CHR Profile: C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-14]
CHR Extension: (Allow Copy - Click to activate on this tab) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah [2015-11-14]
CHR Extension: (Yahoo Web) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-11-14]
CHR Extension: (Torrent Search) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-11-14]
CHR Extension: (GetTorrent) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjlegonfhdhjkaafgndlpgobijmlmm [2015-11-14]
CHR Extension: (Delicious Bookmark Bar Sync 1.1) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\agabedjjbijfpccchcmpfpcdfnlpjkoj [2015-11-14]
CHR Extension: (Google Docs) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-14]
CHR Extension: (Google Drive) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (Facebook Right Column Remover) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\badghiafciannpipcgeajndglbcjkjih [2015-11-14]
CHR Extension: (Web Developer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-11-14]
CHR Extension: (Facebook Look Back Video Downloader) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglkopdollcjlmnbjafgioegkaihoodj [2015-11-14]
CHR Extension: (General Audit Tool Core) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhgjjjckpncjilffbnadepbacbnoigkh [2015-11-14]
CHR Extension: (ClickThrough) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfeoajfcanjhipllkbkpeagofopgoki [2015-11-14]
CHR Extension: (IP[bleep]) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmbpodpcgmnpfjmigcckcjfldcicnd [2015-11-14]
CHR Extension: (YouTube) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-11-14]
CHR Extension: (Torrent Search Engine) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bokjhgpnmjklkafpkgfafahhpdhdnhbo [2015-11-14]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-11-14]
CHR Extension: (Random Select Radio Buttons) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhihojoekiijkcmfdejobiodnlgijmb [2015-11-14]
CHR Extension: (Adblock Plus) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-14]
CHR Extension: (APK Downloader) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-11-14]
CHR Extension: (Facebook Activity Remover) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhdaapekomkhcdfkeogcmhimmmkgkpb [2015-11-14]
CHR Extension: (InboxNow) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2015-11-14]
CHR Extension: (Select all Facebook friends) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbcjpjecmkjagmnhgfojblhjhnalbda [2015-11-14]
CHR Extension: (Replace New Tab Page) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2015-11-14]
CHR Extension: (Google Search) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (HTML Editor) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacmeeeegjoaddfondbeaaafohldgfof [2015-11-14]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-11-14]
CHR Extension: (Social Video Chat MashMeTV) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgimnkkcekilmeifblloakploakdjcdm [2015-11-14]
CHR Extension: (Tampermonkey) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-14]
CHR Extension: (Enhanced Developer Console) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\djoghnkbhcnonnmcpnlfbkokgdmgamog [2015-11-14]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-11-14]
CHR Extension: (PageEdit) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2015-11-14]
CHR Extension: (Block site) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-11-14]
CHR Extension: (Easy WebContent Free HTML Editor) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn [2015-11-14]
CHR Extension: (My JDownloader) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2015-11-14]
CHR Extension: (Google Sheets) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-14]
CHR Extension: (Bookmarks Button) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2015-11-14]
CHR Extension: (Word Online) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-11-14]
CHR Extension: (Facebook Meta Inspector) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpedblkbobmjlipnnmalidalmhkangn [2015-11-14]
CHR Extension: (Right-Click enabler) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmmfnoikodocoelbimkedjdiaoejbddd [2015-11-14]
CHR Extension: (EditThisCookie) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-11-14]
CHR Extension: (2nd Toolbar Spacer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbcfeinid [2015-11-14]
CHR Extension: (Web Developer Form Filler) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbagmkohmhcjgbepncmehejaljoclpil [2015-11-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-14]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-11-14]
CHR Extension: (Tampermonkey BETA) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2015-11-14]
CHR Extension: (Yahoo Web) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejneallhefbckelajfgfimjcpclgacb [2015-11-14]
CHR Extension: (Kaiserapps - Web Developer Tools) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglhpbcdnlhflfpacllleoeofbipdgjl [2015-11-14]
CHR Extension: (Free Public Logins, a BugMeNot Alternative) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglnenhpokhheofljihhaidamhfjhafn [2015-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Form Tools) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihginompkjijnipckobcjioandcmjgp [2015-11-14]
CHR Extension: (Facebook Content Unlock) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjehmaffekhefhfcighkjoafgihknoog [2015-11-14]
CHR Extension: (SwagButton) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-11-14]
CHR Extension: (Mailto:) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf [2015-11-14]
CHR Extension: (Mibbit webchat) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-11-14]
CHR Extension: (Unofficial Gimme Bar Extension) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfiafambgalcabpdpikkchpdmmcocjl [2015-11-14]
CHR Extension: (Website Blocker (Beta)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2015-11-14]
CHR Extension: (Export History) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcohnnbbiggngobheobhdipbgmcbelhh [2015-11-14]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2015-11-14]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2015-11-14]
CHR Extension: (Enable right click) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2015-11-14]
CHR Extension: (SEO & Website Analysis) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-11-14]
CHR Extension: (Referer Control) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2015-11-14]
CHR Extension: (Appspector) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2015-11-14]
CHR Extension: (Yahoo Web) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaphncjnennbhaopahlkflgipniaegmf [2015-11-14]
CHR Extension: (Stealthy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2015-11-14]
CHR Extension: (Social Fixer for Facebook) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-11-14]
CHR Extension: (fbQuickLogin for multiple Facebook™ accounts) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpcdjelcodenkpfkbaficnkgkmljjbf [2015-11-14]
CHR Extension: (dataslayer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbablmmjldhamhcldjjigniffkkjgpo [2015-11-14]
CHR Extension: (Voice Recognition) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-11-14]
CHR Extension: (Cookies) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-11-14]
CHR Extension: (Facebook Multiple Sessions) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcehlllhikannljknlkmbofmeghfkpon [2015-11-14]
CHR Extension: (Disconnect) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-11-14]
CHR Extension: (intoProxy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnoehmhmdffejnkhccdagnppbbcclhne [2015-11-14]
CHR Extension: (Atavi - bookmark manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpchabeoojaflbaajmjhfcfiknckabpo [2015-11-14]
CHR Extension: (Web Developer Tools) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kafedakbaiofedkepgjhmppcaimcjknf [2015-11-14]
CHR Extension: (Cookie Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck [2015-11-14]
CHR Extension: (Google Voice (by Google)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-11-14]
CHR Extension: (Select all FB) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpcloingkingimcaedjnppconpcjoan [2015-11-14]
CHR Extension: (ChromeVox) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2015-11-14]
CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-11-14]
CHR Extension: (Google Hangouts) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-11-14]
CHR Extension: (BugMeNot Lite) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2015-11-14]
CHR Extension: (Webcam Toy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-11-14]
CHR Extension: (Facebook AdBlock) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2015-11-14]
CHR Extension: (Linkclump) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-11-14]
CHR Extension: (Cloud Application Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond [2015-11-14]
CHR Extension: (Facebook Invite All Friends 2015) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec [2015-11-14]
CHR Extension: (fPrivacy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllliihmodekgjcioihaaodkbpeleph [2015-11-14]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2015-11-14]
CHR Extension: (Messenger (Unofficial)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-11-14]
CHR Extension: (Block Site Plus) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfppccbikicoemimadnkllfoaaijicjh [2015-11-14]
CHR Extension: (CouponXplorer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk [2015-11-14]
CHR Extension: (Minimal Bookmarks Tree) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mohenkbngkbmdlkiemonbgdfgdjacaeb [2015-11-14]
CHR Extension: (MultiLogin) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-11-14]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-11-14]
CHR Extension: (Google Hangouts) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-14]
CHR Extension: (Editor Lite) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2015-11-14]
CHR Extension: (Bookmark manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgkimgbjgjknccgefmkpepkpngfjkld [2015-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-14]
CHR Extension: (Check All) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbihdpkeohjdfncchjhidbbonnihaob [2015-11-14]
CHR Extension: (AIO Search) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhijjefkkokfaiffkcemldacdabpeei [2015-11-14]
CHR Extension: (Bookmax - Bookmark Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjpkfadmfhloombfmmlllnbhkoehckm [2015-11-14]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-11-14]
CHR Extension: (Video Chat FlirtyMania) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaahapngnjijjgplpikimpaepddnfae [2015-11-14]
CHR Extension: (Sidekick by HubSpot) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-11-14]
CHR Extension: (ScriptSafe) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-11-14]
CHR Extension: (Remove Facebook Redirections) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhdomkbnapoacbialllfpbcckckidck [2015-11-14]
CHR Extension: (Gmail) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-14]
CHR Extension: (Testofill, Form Filler for Testers) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdgajoinhkfldibdaledjikboognnl [2015-11-14]
CHR Extension: (RoboForm Password Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-14]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-08-03] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-02-26] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2015-02-26] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2015-02-28] (ASUSTeK Computer Inc.) [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-13] (Broadcom Corporation.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-13] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 [email protected]; C:\Windows\[email protected] [26112 2015-11-14] () [File not signed]
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-09-21] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [87040 2012-06-23] (Highresolution Enterprises) [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6100; C:\Windows\system32\DRIVERS\A6100.sys [2969816 2013-07-08] (Realtek Semiconductor Corporation                           )
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-02-26] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2015-02-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
S3 avpnnic; C:\Windows\system32\DRIVERS\avpnnic.sys [14848 2015-01-19] (AT&T) [File not signed]
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-13] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-11-14] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2010-04-29] (Google Inc)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-13] (REALiX™)
S3 jrvad_service; C:\Windows\system32\drivers\JRiverWDMDriver.sys [36872 2015-01-06] (JRiver, Inc.)
R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2204304 2015-07-10] (MediaTek Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [191624 2015-09-21] (Sandboxie Holdings, LLC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-14] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 USBlyzer; C:\Windows\system32\DRIVERS\USBlyzer.sys [114944 2014-03-19] (USBlyzer Team)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-09-02] (Windows ® Win 7 DDK provider)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; C:\Windows\System32\drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S1 {8c18950d-388e-4a16-b947-a882c417f551}Gw64; system32\drivers\{8c18950d-388e-4a16-b947-a882c417f551}Gw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 18:21 - 2015-11-14 18:22 - 00036607 _____ C:\Users\klowwds\Downloads\FRST.txt
2015-11-14 18:10 - 2015-11-14 18:10 - 00000000 ____D C:\Users\klowwds\Downloads\FRST-OlderVersion
2015-11-14 18:09 - 2015-11-14 18:10 - 02198528 _____ (Farbar) C:\Users\klowwds\Downloads\FRST64.exe
2015-11-14 18:05 - 2015-11-14 18:05 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_vbn cnm_HistoryPrediction.bin
2015-11-14 17:45 - 2015-11-14 18:04 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-11-14 16:33 - 2015-11-14 16:33 - 00026112 _____ C:\WINDOWS\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00007168 _____ C:\WINDOWS\KMS-QADhook.dll
2015-11-14 16:33 - 2015-11-14 16:33 - 00004608 _____ C:\WINDOWS\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00003151 _____ C:\Users\Public\Desktop\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\mpress
2015-11-14 16:30 - 2015-11-14 16:30 - 01919017 _____ () C:\Users\vbn cnm\Downloads\Windows Reloder (1).exe
2015-11-14 14:46 - 2015-11-14 15:11 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\USBlyzer
2015-11-14 14:38 - 2015-11-14 14:38 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Ghostbuster
2015-11-14 13:39 - 2015-11-14 13:47 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Acrylic Wi-Fi Home
2015-11-14 13:39 - 2015-11-14 13:47 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2015-11-14 13:39 - 2015-11-14 13:39 - 04992512 _____ (Tarlogic Security S.L. ) C:\Users\vbn cnm\Downloads\Acrylic_WiFi_Home_v3.0.5788.23010-Setup.exe
2015-11-14 13:39 - 2015-11-14 13:39 - 00000920 _____ C:\Users\vbn cnm\Desktop\Acrylic Wi-Fi Home.lnk
2015-11-14 13:39 - 2015-11-14 13:39 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2015-11-14 13:23 - 2015-11-14 13:23 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_Administrator_HistoryPrediction.bin
2015-11-14 13:14 - 2015-11-14 13:14 - 00002415 _____ C:\Users\Administrator.klowds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-14 12:31 - 2015-11-14 12:31 - 00007058 _____ C:\WINDOWS\DPINST.LOG
2015-11-14 12:22 - 2015-11-14 12:59 - 00002526 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2015-11-14 12:21 - 2015-11-14 12:23 - 00000000 ____D C:\Users\Administrator.klowds\AppData\LocalLow\uTorrent
2015-11-14 11:00 - 2015-11-14 11:00 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\AMD
2015-11-14 11:00 - 2015-11-14 11:00 - 00000000 ____D C:\ProgramData\ATI
2015-11-14 10:45 - 2015-11-14 10:45 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201511141045078109.log
2015-11-14 10:44 - 2015-11-14 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-11-14 10:44 - 2015-11-14 10:44 - 00000000 ____D C:\Program Files\ATI Technologies
2015-11-14 10:36 - 2015-11-14 10:36 - 00066655 _____ C:\WINDOWS\SysWOW64\CCCInstall_201511141036543330.log
2015-11-14 10:34 - 2015-11-14 10:34 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 39712768 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-11-14 10:34 - 2015-11-14 10:34 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-11-14 10:34 - 2015-11-14 10:34 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00662392 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-11-14 10:34 - 2015-11-14 10:34 - 00662392 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-11-14 10:34 - 2015-11-14 10:34 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00471312 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00138376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00110312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-11-14 10:34 - 2015-11-14 10:34 - 00043536 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-11-14 10:34 - 2015-11-14 10:34 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-11-14 10:28 - 2015-11-14 10:28 - 01729536 _____ C:\Users\vbn cnm\Downloads\AdwCleaner.exe
2015-11-14 10:27 - 2015-11-14 10:27 - 18979400 _____ C:\Users\vbn cnm\Downloads\RogueKiller (1).exe
2015-11-14 08:20 - 2015-11-14 11:26 - 00000000 ____D C:\AdwCleaner
2015-11-14 08:20 - 2015-11-14 09:43 - 00000000 _____ C:\WINDOWS\SysWOW64\outputfilePath
2015-11-14 08:19 - 2015-11-14 12:24 - 00000000 ____D C:\Program Files (x86)\SystemManager
2015-11-14 08:19 - 2015-11-14 11:08 - 00000000 _____ C:\WINDOWS\system32\outputfilePath
2015-11-14 08:19 - 2015-11-14 08:19 - 00003322 _____ C:\WINDOWS\System32\Tasks\JZIP
2015-11-14 08:18 - 2015-11-14 18:22 - 00000476 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020.job
2015-11-14 08:18 - 2015-11-14 09:37 - 00000510 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020.job
2015-11-14 08:18 - 2015-11-14 08:18 - 00003716 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020
2015-11-14 08:18 - 2015-11-14 08:18 - 00003594 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020
2015-11-14 08:17 - 2015-11-14 08:17 - 00002560 _____ C:\Users\vbn cnm\AppData\Local\uninstall.exe
2015-11-14 08:09 - 2015-11-14 08:09 - 03393566 _____ C:\Users\vbn cnm\Downloads\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET].rar
2015-11-14 07:59 - 2015-11-14 07:59 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2015-11-14 05:38 - 2015-11-14 05:38 - 00000000 ____D C:\WINDOWS\RemotePackages
2015-11-14 05:31 - 2015-07-10 03:01 - 00032200 _____ C:\WINDOWS\Enterprise.xml
2015-11-14 05:17 - 2015-11-14 05:17 - 01919017 _____ () C:\Users\vbn cnm\Downloads\Windows Reloder.exe
2015-11-14 04:05 - 2015-11-14 04:05 - 00001705 _____ C:\Users\vbn cnm\Downloads\Add-Take-Ownership-Option.zip
2015-11-14 04:03 - 2015-11-14 04:03 - 00001731 _____ C:\Users\vbn cnm\Downloads\Add-Restore-Ownership-Option.zip
2015-11-14 04:03 - 2015-11-14 04:03 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\WinZip
2015-11-14 03:56 - 2015-11-14 18:21 - 00000062 _____ C:\Users\vbn cnm\Desktop\New Text Document.txt
2015-11-14 03:55 - 2015-11-14 09:55 - 00002490 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_vbn_cnm
2015-11-14 03:55 - 2015-11-14 09:55 - 00000296 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_vbn_cnm.job
2015-11-14 03:55 - 2015-11-14 03:55 - 00000000 ____D C:\Users\vbn cnm\AppData\LocalLow\IObit
2015-11-14 03:46 - 2015-11-04 21:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-14 03:46 - 2015-11-04 20:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-14 03:46 - 2015-11-04 20:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-14 03:46 - 2015-11-04 19:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-14 03:46 - 2015-11-04 19:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-14 03:45 - 2015-11-04 21:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-14 03:45 - 2015-11-04 21:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-14 03:45 - 2015-11-04 21:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-14 03:45 - 2015-11-04 21:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-14 03:45 - 2015-11-04 21:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-14 03:45 - 2015-11-04 21:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-14 03:45 - 2015-11-04 20:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-14 03:45 - 2015-11-04 20:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-14 03:45 - 2015-11-04 20:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-14 03:45 - 2015-11-04 20:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-14 03:45 - 2015-11-04 20:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-14 03:45 - 2015-11-04 20:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-14 03:45 - 2015-11-04 20:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-14 03:45 - 2015-11-04 20:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-14 03:45 - 2015-11-04 20:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-14 03:45 - 2015-11-04 20:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-14 03:45 - 2015-11-04 20:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-14 03:45 - 2015-11-04 20:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-14 03:45 - 2015-11-04 20:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-14 03:45 - 2015-11-04 20:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-14 03:45 - 2015-11-04 20:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-14 03:45 - 2015-11-04 20:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-14 03:45 - 2015-11-04 20:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-14 03:45 - 2015-11-04 20:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-14 03:45 - 2015-11-04 20:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-14 03:45 - 2015-11-04 19:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-14 03:45 - 2015-11-04 19:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-14 03:45 - 2015-11-04 19:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-14 03:45 - 2015-11-04 19:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-14 03:45 - 2015-11-04 19:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-14 03:45 - 2015-11-04 19:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-14 03:45 - 2015-11-04 19:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-14 03:45 - 2015-11-04 19:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-14 03:45 - 2015-11-04 19:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-14 03:45 - 2015-11-04 19:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-14 03:45 - 2015-11-04 19:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-14 03:45 - 2015-11-04 19:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-14 03:45 - 2015-11-04 19:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-14 03:45 - 2015-11-04 19:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-14 03:45 - 2015-11-04 19:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-14 03:45 - 2015-11-04 19:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-14 03:45 - 2015-11-04 19:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-14 03:44 - 2015-11-04 21:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-14 03:44 - 2015-11-04 20:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-14 03:44 - 2015-11-04 20:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-14 03:44 - 2015-11-04 20:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-14 03:44 - 2015-11-04 20:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-14 03:44 - 2015-11-04 19:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-14 03:42 - 2015-11-14 10:32 - 00024576 ___SH C:\Users\vbn cnm\Desktop\Thumbs.db
2015-11-14 03:14 - 2015-11-14 15:47 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F3D1176-C6BB-499A-AF8A-4C430B6E4F37}
2015-11-14 02:05 - 2015-11-14 14:18 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Apps\2.0
2015-11-13 19:33 - 2015-11-14 16:58 - 00072020 _____ C:\Users\vbn cnm\Desktop\Console1.msc
2015-11-13 14:43 - 2015-11-13 14:43 - 00056060 _____ C:\Users\vbn cnm\Desktop\GYCS6Im9.jpeg
2015-11-13 14:18 - 2015-11-13 14:18 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Macromedia
2015-11-13 14:10 - 2015-11-13 14:10 - 01489785 _____ C:\Users\klowwds\Documents\cache.rfo
2015-11-13 13:55 - 2015-11-13 13:55 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\PeerDistRepub
2015-11-13 12:36 - 2015-11-13 12:36 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\RoboForm
2015-11-13 12:35 - 2015-11-13 12:35 - 00000000 ____D C:\Users\vbn cnm\Documents\My RoboForm Data
2015-11-13 12:35 - 2015-11-13 12:35 - 00000000 ____D C:\Users\vbn cnm\AppData\LocalLow\Siber Systems
2015-11-13 12:30 - 2015-11-13 12:30 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_yeti_HistoryPrediction.bin
2015-11-13 12:24 - 2015-11-13 12:24 - 00000412 __RSH C:\Users\yeti\ntuser.pol
2015-11-02 10:17 - 2015-11-14 17:41 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\CrashDumps
2015-11-02 10:17 - 2015-11-14 03:55 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\ProductData
2015-11-02 10:16 - 2015-11-14 03:11 - 00002380 _____ C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-02 10:16 - 2015-11-14 03:11 - 00000000 ___RD C:\Users\vbn cnm\OneDrive
2015-11-02 10:16 - 2015-11-02 10:16 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Lenovo
2015-11-02 10:14 - 2015-11-02 10:14 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\MicrosoftEdge
2015-11-02 10:12 - 2015-11-02 10:12 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Publishers
2015-11-02 10:11 - 2015-11-02 10:11 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\VirtualStore
2015-11-02 10:10 - 2015-11-14 03:13 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Packages
2015-11-02 10:10 - 2015-11-13 14:11 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Google
2015-11-02 10:10 - 2015-11-02 10:10 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Adobe
2015-11-02 10:10 - 2015-11-02 10:10 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\TileDataLayer
2015-11-02 10:09 - 2015-11-14 09:55 - 00000000 ____D C:\Users\vbn cnm
2015-11-02 10:09 - 2015-11-14 03:11 - 00000412 __RSH C:\Users\vbn cnm\ntuser.pol
2015-11-02 10:09 - 2015-11-13 12:19 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\IObit
2015-11-02 10:09 - 2015-11-02 10:10 - 00000000 ___RD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-02 10:09 - 2015-11-02 10:09 - 00000020 ___SH C:\Users\vbn cnm\ntuser.ini
2015-11-02 10:09 - 2015-11-02 10:09 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Highresolution Enterprises
2015-11-02 10:09 - 2015-10-12 15:25 - 00000000 __RSD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-11-02 10:09 - 2015-10-12 15:25 - 00000000 ___RD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-02 10:09 - 2015-10-12 15:25 - 00000000 ___RD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-02 10:09 - 2015-09-12 18:31 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\ATI
2015-11-02 10:09 - 2015-09-12 18:31 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\ATI
2015-11-02 10:09 - 2015-07-10 03:04 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 18:21 - 2015-03-19 18:30 - 00000000 ____D C:\FRST
2015-11-14 18:17 - 2015-08-07 12:06 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA.job
2015-11-14 18:16 - 2015-01-19 01:54 - 00000000 ____D C:\Users\klowwds\Documents\My RoboForm Data
2015-11-14 18:09 - 2015-09-12 18:42 - 00876876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 18:06 - 2015-09-17 08:30 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 18:06 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-14 18:04 - 2015-10-13 10:44 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 18:04 - 2015-07-10 04:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 18:03 - 2015-10-13 10:42 - 00010352 _____ C:\WINDOWS\PFRO.log
2015-11-14 18:02 - 2015-09-12 18:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-14 18:02 - 2015-07-10 01:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 18:00 - 2015-05-14 07:54 - 00026112 _____ C:\WINDOWS\system32\.crusader
2015-11-14 17:51 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-14 17:35 - 2015-09-17 08:30 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 16:17 - 2015-08-07 12:06 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core.job
2015-11-14 13:22 - 2015-08-17 11:59 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\CrashDumps
2015-11-14 13:14 - 2015-10-11 10:48 - 00000000 ___RD C:\Users\Administrator.klowds\OneDrive
2015-11-14 13:07 - 2015-02-18 06:59 - 00146225 _____ C:\Users\Administrator.klowds\Desktop\Console1.msc
2015-11-14 13:00 - 2015-03-06 12:51 - 00005809 _____ C:\ProgramData\hpzinstall.log
2015-11-14 12:59 - 2015-03-07 17:07 - 00000308 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2015-11-14 12:40 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-14 12:37 - 2015-05-18 01:23 - 00000000 ____D C:\ProgramData\Auslogics
2015-11-14 12:37 - 2015-05-18 01:23 - 00000000 ____D C:\Program Files (x86)\Auslogics
2015-11-14 12:31 - 2015-05-13 18:45 - 00000000 ____D C:\Program Files (x86)\FBP - Facebook Blaster Pro
2015-11-14 12:31 - 2015-01-19 01:26 - 00000000 ___HD C:\Program Files (x86)\installshield installation information
2015-11-14 12:30 - 2015-10-13 01:34 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2015-11-14 12:30 - 2015-02-01 11:14 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-14 12:27 - 2015-02-26 17:22 - 00000000 ____D C:\ProgramData\ASUS
2015-11-14 12:27 - 2015-02-26 17:22 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-11-14 12:23 - 2015-10-14 01:01 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\uTorrent
2015-11-14 12:09 - 2015-10-13 11:13 - 00000412 __RSH C:\Users\Administrator.klowds\ntuser.pol
2015-11-14 12:09 - 2015-09-12 18:22 - 00000000 ____D C:\Users\Administrator.klowds
2015-11-14 11:48 - 2015-10-13 09:20 - 00004038 _____ C:\WINDOWS\setupact.log
2015-11-14 11:09 - 2015-03-23 03:08 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-14 10:54 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 10:44 - 2015-09-12 18:18 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-14 10:42 - 2015-05-14 01:17 - 00000000 ____D C:\ProgramData\AMD
2015-11-14 10:40 - 2015-07-10 02:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-14 10:36 - 2015-05-14 01:15 - 00000000 ____D C:\AMD
2015-11-14 10:34 - 2015-08-20 20:51 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-11-14 10:34 - 2015-08-20 20:46 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-11-14 10:34 - 2015-08-20 20:46 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-11-14 10:34 - 2015-08-20 20:46 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-11-14 10:34 - 2015-08-20 20:46 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-11-14 10:34 - 2015-08-20 20:46 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-11-14 10:31 - 2015-01-27 18:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 10:29 - 2015-04-21 19:52 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-14 10:14 - 2015-01-27 18:39 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 05:38 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-14 05:31 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-11-14 05:30 - 2015-09-12 19:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageInspector.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgogl32.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgocl32.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgu1132.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00109056 _____ C:\WINDOWS\system32\RDVGHelper.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgumd32.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsign.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessCsp.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32_DeviceGuard.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIWmi.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSErrRedir.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsPnPRdrCoInstaller.dll
2015-11-14 05:30 - 2015-07-10 02:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2015-11-13 12:40 - 2015-10-13 20:52 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-13 12:26 - 2015-09-14 07:21 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{743D9F7C-B2E3-4FE0-9FB2-472689916C70}
2015-11-13 12:24 - 2015-09-14 06:43 - 00000000 ____D C:\Users\yeti
2015-11-03 10:20 - 2015-07-10 03:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 10:20 - 2015-07-10 03:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-09-12 22:43 - 2015-09-12 22:43 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2015-11-14 08:10 - 2015-11-14 08:10 - 0000187 _____ () C:\Users\vbn cnm\AppData\Local\Grooveing.exe.config
2015-11-14 08:17 - 2015-11-14 08:17 - 0002560 _____ () C:\Users\vbn cnm\AppData\Local\uninstall.exe
2015-01-19 21:03 - 2015-01-19 21:03 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2015-03-06 12:51 - 2015-11-14 13:00 - 0005809 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\ProgramData\C__Program Files (x86)_WebcamMax_webcammax.exe
 
 
Some files in TEMP:
====================
C:\Users\Administrator.klowds\AppData\Local\Temp\dllnt_dump.dll
C:\Users\vbn cnm\AppData\Local\Temp\c5w.exe
C:\Users\vbn cnm\AppData\Local\Temp\compete.exe
C:\Users\vbn cnm\AppData\Local\Temp\dllnt_dump.dll
C:\Users\vbn cnm\AppData\Local\Temp\Install_BubbleDock.exe
C:\Users\vbn cnm\AppData\Local\Temp\JZIP.exe
C:\Users\vbn cnm\AppData\Local\Temp\Quarantine.exe
C:\Users\vbn cnm\AppData\Local\Temp\sqlite3.dll
C:\Users\vbn cnm\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-13 12:54
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
 
Ran by vbn cnm (2015-11-14 18:22:55)
Running from C:\Users\klowwds\Downloads
Windows 10 Enterprise (X64) (2015-09-13 03:05:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-877872159-248972997-1231205137-500 - Administrator - Enabled) => C:\Users\Administrator.klowds
DefaultAccount (S-1-5-21-877872159-248972997-1231205137-503 - Limited - Disabled)
Guest (S-1-5-21-877872159-248972997-1231205137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-877872159-248972997-1231205137-1017 - Limited - Enabled)
vbn cnm (S-1-5-21-877872159-248972997-1231205137-1020 - Administrator - Enabled) => C:\Users\vbn cnm
yeti (S-1-5-21-877872159-248972997-1231205137-1019 - Administrator - Enabled) => C:\Users\yeti
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
Acrylic Wi-Fi Home v3.0 (HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.0 - Tarlogic Security S.L.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{3F48F53E-BC0F-A72E-AC89-EA9C3F8F4701}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CCProxy 8.0 (HKLM\...\CCProxy_is1) (Version:  - Youngzsoft, Inc.)
Cok Free Auto Typer 3.0 (HKLM-x32\...\Cok Free Auto Typer_is1) (Version: 3.0 - Cok Free Software)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.2 - goldensoft.org)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LG One Click Root (HKLM-x32\...\{5085AFF1-777B-4052-85D1-59140D26DB28}) (Version: 1.3.0.0 - avicohh software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
LGFlashTool 1.8.6.527 (HKLM-x32\...\LGFlashTool) (Version: 1.8.6.527 - LGE)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MetaX for Windows (HKLM-x32\...\{37C00961-B793-45A8-9BEF-0E9A281107B0}) (Version: 2.25 - No Bull Software)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Deployment Toolkit 2013 (6.2.5019.0) (HKLM\...\{CFF8B5ED-0A4D-4EDD-9159-32FE1D31C9E3}) (Version: 6.2.5019.0 - Microsoft Corporation)
Microsoft Message Analyzer (HKLM\...\{89A87FF1-607C-4551-B363-DDFA2719067E}) (Version: 4.0.6396.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NetStream 1.0 (HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\NetStream 1.0) (Version:  - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RoboForm 7-9-15-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-15-8 - Siber Systems)
Sandboxie 5.04 (64-bit) (HKLM\...\Sandboxie) (Version: 5.04 - Sandboxie Holdings, LLC)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Sidekick Outlook plugin (HKLM-x32\...\{827BE278-1FD2-4319-A5A4-C106E6976010}) (Version: 1.2.7.0 - HubSpot, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
The Ultimate Troubleshooter (HKLM-x32\...\The Ultimate Troubleshooter) (Version:  - AnswersThatWork.com)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TreeSize Professional V6.0.2 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.0.2 - JAM Software)
Ultimate Bot Setup (HKLM-x32\...\{E3FBF14B-C777-4737-9C49-197FB2C50A30}) (Version: 1.0.0 - Shivinder Singh Narr)
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.1 - Unified Intents AB)
USBlyzer - USB Protocol Analyzer (HKLM\...\USBlyzer) (Version: 2.1 Build 40  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git-20150421-0403 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
webcamXP 5 Free (HKLM-x32\...\wLite) (Version: 5.9.2.0 - Moonware Studios)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8688 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
XLS Reader (HKLM-x32\...\{30D6D257-BE4B-48F2-8D9E-E787A52A0738}_is1) (Version: 1.0 - )
X-Mouse Button Control 2.5 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.5 - Highresolution Enterprises)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-877872159-248972997-1231205137-1020_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\vbn cnm\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
14-11-2015 05:36:22 Windows Update
14-11-2015 17:59:36 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2015-08-19 13:58 - 00003326 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
 
There are 54 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DF6072-2E8F-42F8-ADB6-6095088A315A} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {091FEFA0-A541-4796-AA9B-A0657B046B13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {0A308030-35DF-419E-BE3A-1B4CCFFDEB16} - System32\Tasks\Uninstaller_SkipUac_razbo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {0EBD8514-9BBF-479E-91C2-D97D766442BC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1034FCE5-519B-4BE3-ADA1-9CDB6AB2CE41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {12B3781A-0162-4D55-A099-F8E9066C68B3} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-07-20] (IObit)
Task: {16DEE494-E45F-4C0D-911E-793C3442CAD4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1959FC9A-3901-4F39-8A8D-E5028F2E6B8C} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1D02129F-381A-4929-8873-8C3C8571BAEB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1ECD09A1-F3E8-4B7C-9F94-13B16EBCE82B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-17] (Siber Systems)
Task: {21C72CD0-D613-4A28-AE7E-6A58B36617B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2338CFAD-FAFD-41CA-BCCF-FE804D553B03} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2A8F595C-8651-4F23-9D69-CC5A10695994} - System32\Tasks\Uninstaller_SkipUac_klowwds => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {2C490F56-0E38-49EA-ABE7-307DE51882B7} - System32\Tasks\Uninstaller_SkipUac_vbn_cnm => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {326FA863-FA81-4063-8BCA-F81F2B3213FF} - System32\Tasks\Uninstaller_SkipUac_rocky => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {35CA1ABB-432D-4799-9DA9-B9D80845A8E6} - System32\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {3D6552F4-5A74-4195-8D04-257B5B6094E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {3E136149-E11A-4DB1-9406-A265B5976214} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {41F5C87A-9376-4E27-B9BD-EC4BBCC415A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {4399D457-82E0-43DE-A1F5-5BBC4F214868} - \Smp -> No File <==== ATTENTION
Task: {47B69202-8924-4330-B393-7D9A70DD2ECD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {50DA1C86-1C3D-42E2-ACD6-9A7DD0F58EC5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {563314DE-6910-4E01-B312-092D772769DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {577103A6-7001-4DD6-BF1E-223277096311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {597C1045-E7D3-4E9E-94DE-C27B331488CC} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {5B382885-9A1D-4E95-B149-ED15D1DE40C5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5F140450-F012-423D-B9ED-DBDF0F61D00B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {60BBEAEB-3F0B-476F-9136-752EC9A1F5D9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {63438434-B084-41F1-BB45-8B5A91151BE6} - System32\Tasks\[email protected]\Windows64Enterprise => wmic
Task: {673AA7B9-F4A2-4D81-87AD-0999CB860DAB} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe
Task: {6CAA0C8E-34FA-4783-ABDD-96F00FBDBADD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-14] (Microsoft Corporation)
Task: {6DC66784-0A5A-401A-9C56-FCBC8B981146} - System32\Tasks\Uninstaller_SkipUac_yeti => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {799ACEBF-3B67-4DB0-90D4-70FEEA16156E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {7DE7259C-D24A-4102-883E-834F2B80E5A8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7F84AD46-8CCA-4C20-848C-A504CADFFDCD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {80F94C99-B9B4-494E-8581-E9921BAD21FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {85925B63-43E9-40EC-BED6-6ECC81822FA0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {86B4E4F8-DFB2-43D7-828C-54038C584727} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {880DE06C-D5FC-415A-B84A-3E27BAA2F587} - System32\Tasks\{B4D85ADB-CB40-440A-B71F-3D1CA95C59E1} => pcalua.exe -a C:\Users\klowwds\Downloads\wd97vwr32.exe -d C:\Users\klowwds\Downloads
Task: {8981B414-832D-49FA-BE4F-119A9CA52F21} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.facebook.com/login.php?api_key=148551585250127&amp;skip_api_login=1&amp;display=page&amp;cancel_url=http%3A%2F%2Fapps.facebook.com%2Fteam-slots%2F%3Fcount%3D21%26fb_bmpos%3D6_21%26fb_source%3Dbookmark_apps%26ref%3Dbookmarks%26signed_request%3D-6I6MEtyvECjXaVIjDDVGMsdECaolydFWzqVZyZ9kpc.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM1NjY3MDc4MywidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjAsIm1heCI6MTJ9fX0%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.&amp;next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D148551585250127%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fteam-slots%252F%253Fcount%253D21%2526fb_bmpos%253D6_21%2526fb_source%253Dbookmark_apps%2526ref%253Dbookmarks%2526signed_request%253D-6I6MEtyvECjXaVIjDDVGMsdECaolydFWzqVZyZ9kpc.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM1NjY3MDc4MywidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjAsIm1heCI6MTJ9fX0%26display%3Dpage%26response_type%3Dcode%26perms%3Duser_likes%252Cpublish_actions%252Cuser_birthday%252Cemail%26canvas%3D1%26from_login%3D1%26client_id%3D148551585250127&amp;rcount=1"
Task: {8D782F50-A0AF-4D2F-8B60-1FC7D6DD4617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8EFBA9FD-E328-4696-B27B-1E98C0463205} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8F6B0989-2573-4C42-AE43-15F5AA3E0C27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {968D5ED9-4B0A-4AB9-8FD7-81DA7D1B6AFA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {96A1C83F-432C-413A-BFEE-9C0961911FCF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9F387982-D45D-404B-A4C8-B33BA6E9FB2E} - System32\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {A027B223-4690-44D5-BF51-1609853F7474} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A04D5D02-9047-4861-B700-3411DB32D38E} - \YTDownloader -> No File <==== ATTENTION
Task: {A55A9EF8-56C9-4E9E-A7FF-A7EF893ED067} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB74666B-1F15-4012-8697-4DA24BF2A5A4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AD5D7820-EBBD-47C1-842A-D684BE4251C0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {AF4A56C9-3927-4458-AB47-9C3377F5F2FC} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B0D416CC-46D0-40F7-9897-864864888B26} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B125619B-4C3F-4435-BE3D-641E14B67291} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BC7048A4-1D3E-4C25-8EC7-ED6A2D197997} - \Optimize Start Menu Cache Files-S-1-5-21-877872159-248972997-1231205137-1001 -> No File <==== ATTENTION
Task: {C7F05019-6CC3-4CF0-8D00-60D24DC3280D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {C8B09982-6F80-4B37-9270-1EF5046783C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CF2CBD6D-F1D9-4589-81AF-F1BBB5FA5BCF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D22400C9-E4F3-44EC-92F2-15366C140AE7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D4D708CF-E865-4F06-9151-BAD31B05B113} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D7E54AF3-BEDA-431A-9973-6C0AEEF877B1} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {DDE8831B-6FAE-4D87-848E-3744A8C4A6E1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E2F83881-CAF6-4D28-BB5D-C58A20DB80CB} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {E602A23A-1CA2-49F7-8B3D-5B7C62F5E48E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E9444B64-B843-40B8-831C-7B6AF3B233F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EF0F1DCA-9128-4DBB-9744-AD433DB434B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-13] (Adobe Systems Incorporated)
Task: {F6C7F60C-4E48-411B-AB48-DA39D74DFB55} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8B89A59-AE4A-4D0B-8942-691C3582373F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core.job => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA.job => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_klowwds.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_razbo.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_rocky.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_vbn_cnm.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_yeti.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\WebReg HP Photosmart C4700 Series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 03:00 - 2015-07-10 03:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-12 19:07 - 2015-09-12 19:07 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-11-14 16:33 - 2015-11-14 16:33 - 00026112 _____ () C:\Windows\[email protected]
2015-10-14 12:55 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-14 12:55 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-14 12:54 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-14 12:55 - 2015-09-16 21:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-14 12:54 - 2015-09-16 21:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-14 12:54 - 2015-09-16 21:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-14 12:55 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-02-26 17:22 - 2015-02-26 17:22 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-02-26 17:22 - 2015-11-14 18:06 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-02-26 17:22 - 2015-02-26 17:19 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\125616160355829c234829:Win32App
AlternateDataStreams: C:\2c9637146487f139621de20652:Win32App
AlternateDataStreams: C:\4405067e23b4d253a2cb73fb45:Win32App
AlternateDataStreams: C:\a88559a11a9e4d2d9e:Win32App
AlternateDataStreams: C:\bcf70074be4bc5194087d64ec9:Win32App
AlternateDataStreams: C:\CCProxy:Win32App
AlternateDataStreams: C:\f82e7d9f51018f799c:Win32App
AlternateDataStreams: C:\Program Files\AMD:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\Defraggler:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Deployment Toolkit:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Message Analyzer:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files\PowerISO:Win32App
AlternateDataStreams: C:\Program Files\Recuva:Win32App
AlternateDataStreams: C:\Program Files\TeamSpeak 3 Client:Win32App
AlternateDataStreams: C:\Program Files\WinRAR:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App
AlternateDataStreams: C:\Program Files (x86)\FBP - Facebook Blaster Pro:Win32App
AlternateDataStreams: C:\Program Files (x86)\GSAutoClicker3:Win32App
AlternateDataStreams: C:\Program Files (x86)\MediaMonkey:Win32App
AlternateDataStreams: C:\Program Files (x86)\MetaX:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft Money Plus:Win32App
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App
AlternateDataStreams: C:\Program Files (x86)\Unified Remote 3:Win32App
AlternateDataStreams: C:\Program Files (x86)\USBlyzer:Win32App
AlternateDataStreams: C:\Program Files (x86)\VROOT:Win32App
AlternateDataStreams: C:\Program Files (x86)\WinZip:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft Public Test:Win32App
AlternateDataStreams: C:\Program Files (x86)\XLS Reader:Win32App
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App
AlternateDataStreams: C:\ProgramData\HP:Win32App
AlternateDataStreams: C:\ProgramData\HP Product Assistant:Win32App
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
AlternateDataStreams: C:\Users\klowwds\AppData\Roaming\sidekick:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\JDownloader 2.0:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\Temp:Win32App
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-877872159-248972997-1231205137-1020\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: amdacpusrsvc => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AsusFanControlService => 2
MSCONFIG\Services: AVP15.0.1 => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: BitMeterCaptureService => 2
MSCONFIG\Services: BitMeterWebService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Crashhd => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: Media Center 20 Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetAutoconnectFocusSvc => 2
MSCONFIG\Services: netcfgsvr => 2
MSCONFIG\Services: NetClientSvc => 2
MSCONFIG\Services: NetLogSvc => 2
MSCONFIG\Services: NetTcpHandler => 2
MSCONFIG\Services: PhoneMyPC_Helper => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwiCardDetectSvc => 2
MSCONFIG\Services: w7Svc => 3
MSCONFIG\Services: XMouseButton Launcher => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 => 
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => 
MSCONFIG\startupreg: DeskBar => 
MSCONFIG\startupreg: DV => 
MSCONFIG\startupreg: EvtMgr6 => 
MSCONFIG\startupreg: Logitech Download Assistant => c:\windows\system32\rundll32.exe c:\windows\system32\logilda.dll,logifetch
MSCONFIG\startupreg: NowUSeeIt Player => 
MSCONFIG\startupreg: OneDrive => "c:\users\vbn cnm\appdata\local\microsoft\onedrive\onedrive.exe" /background
MSCONFIG\startupreg: Selection Tools => 
MSCONFIG\startupreg: SmartWeb => 
MSCONFIG\startupreg: SunJavaUpdateSched => 
MSCONFIG\startupreg: YTDownloader => 
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AT&T Global Network Client.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Remote PC Server.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SpUninstallCleanUp"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKLM\...\StartupApproved\Run32: => "ASUS WiFi GO! FileTransfer Execute"
HKLM\...\StartupApproved\Run32: => "Syslog"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ATNSOFT Key Manager"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Note-up"
HKLM\...\StartupApproved\Run32: => "ospd_us_014010146"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\StartupFolder: => "systemmgr.lnk"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\StartupFolder: => "JZIP.lnk"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\Run: => "dins64"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\Run: => "Itibiti.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{3FED5E5B-D691-4255-B805-CBEDACAD6501}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{B9808081-3091-4920-BCEA-65BA2DE1B45E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B763D65B-D631-4431-B6B6-610F3A66F59F}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{67A6E572-30F8-4C59-BCF9-431A885B6957}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [UDP Query User{996B58C9-4749-4441-A292-CF6C055D8F37}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{268944E1-E1BE-4EF6-B2D9-D42B20968E3F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{472D2826-40C4-493D-BF09-FD3975BE1197}C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [TCP Query User{BF220EC8-4DD6-4CCB-AB67-F4AFC8E5FD08}C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [UDP Query User{25978F3E-EFEA-4AFF-8E27-9C5A00991BBB}C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe
FirewallRules: [TCP Query User{B7C1D899-66F7-46F8-B149-9158A8EDB1F2}C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe
FirewallRules: [UDP Query User{0EEE68DF-5E33-45A1-8040-C233D72C74EA}C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe
FirewallRules: [TCP Query User{117D28EA-7765-4BF5-99C5-E6C81EA383CC}C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe
FirewallRules: [UDP Query User{C37F4C39-3266-420B-845A-D19F14BE507C}C:\program files\java\jdk1.8.0_60\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\jmc.exe
FirewallRules: [TCP Query User{7D4D416D-531E-4B21-8321-B305677B3197}C:\program files\java\jdk1.8.0_60\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\jmc.exe
FirewallRules: [UDP Query User{ED2E9047-6FD6-4425-BFBC-F89AF58FE613}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{9523EB59-93FF-4B7B-9C1C-80C7894024C4}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{468C25E1-9E89-48DB-BA78-4DF06B068098}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{21DB82BC-DC0B-428D-801D-CE0BB8691EED}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{D022C6FB-C6FD-4F31-9631-2B3189329DB5}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{36F7D1FC-0391-4337-8100-D65DBF98C97F}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DC855D69-08F6-4824-9CA1-964AD871F8EF}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{B48768F3-E67B-4142-80A5-201AC2E73D5A}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{306CB431-3515-4985-A23B-F15FE801093E}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [TCP Query User{21FCCC7F-725F-49EF-AC6D-C62BF307BFC9}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [UDP Query User{504DA670-6E1F-4C3A-AF4D-5F5EA9DD1D06}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [TCP Query User{868BC391-8085-4C85-962D-66550E481C6B}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [{BE018028-326F-460C-909E-2DF895AD9827}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FDF6498B-DAD6-4D4C-83CC-901F504B2962}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{442165E1-2D86-4D2E-953C-96E01D205878}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{64DB7B99-B400-4949-AE85-21FBC1270EC1}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{43A58AAF-4DAE-4B44-8C3B-0C82757D98E0}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{2085166C-2B25-458D-BD29-202531E5C2F2}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe
FirewallRules: [{7ADE2A82-96EA-4A9C-B8B7-E2EB9571ADE0}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe
FirewallRules: [UDP Query User{D7C0C455-C75C-4342-AA20-1B290C29609B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7D983C49-EC47-41B5-996D-0617391D5D64}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F4F83C58-47EF-49C6-985A-F1CF1CCC2E3B}C:\program files (x86)\winpcap\rpcapd.exe] => (Allow) C:\program files (x86)\winpcap\rpcapd.exe
FirewallRules: [TCP Query User{73968A52-DF5B-4338-88A8-3139C5DFCD5C}C:\program files (x86)\winpcap\rpcapd.exe] => (Allow) C:\program files (x86)\winpcap\rpcapd.exe
FirewallRules: [UDP Query User{F8F10505-B1FA-4B80-AD70-3CD4F815CB78}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{ED2F51E4-E919-40C5-AED3-CBAF4218C5A1}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{99574532-E252-4B9E-B25A-010DC79F6C5B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{61A7BF37-1909-460D-B3B6-C99E4877FB8A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AC80B600-6FC6-4E9B-A2B0-D025BF7F935E}C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe] => (Allow) C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe
FirewallRules: [TCP Query User{8792AD97-8CF3-4075-99AC-916D43F1ECE6}C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe] => (Allow) C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe
FirewallRules: [UDP Query User{68202FB6-B028-43F5-99C0-A2A0A744F62F}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [TCP Query User{66235323-7DB7-4CCA-9E34-D7B00EA46E99}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [UDP Query User{FCBE9970-B2D1-40BC-AD3F-FA1D988FE9C3}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [TCP Query User{EF5475A0-EB8E-412C-A8A0-6BEDE044C16F}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [UDP Query User{D887439E-12C8-4053-BF53-F30BC947FB00}C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Allow) C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{F5D5B69F-93EF-4650-B6EC-2525A3E12598}C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Allow) C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{A9FE5579-680B-4D38-842A-402666EC6D3E}C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe] => (Allow) C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe
FirewallRules: [TCP Query User{3611143E-2CA2-4736-A277-4580F1E1FD24}C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe] => (Allow) C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe
FirewallRules: [UDP Query User{6DE0A573-8F65-4880-ABBF-0C850A04B076}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{BADAA19D-6E84-4B78-AE23-E343CC9A4B82}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9BCF3E4D-366B-4AA2-8B09-3C777B35F289}C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{130DBF77-0824-474A-8547-D80A8C1D83B0}C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{04800F8D-DDA2-46B8-9A0B-0D891BD7670B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{099F0B49-3B6A-4B41-8930-0E5E01D0A179}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6FE9602-B8D8-4FCB-B73A-39227B2F3EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{6096CA53-50CF-4991-9FD3-FA1BFB432B8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{65663FE1-9ADE-4036-9FC3-A82748A18251}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{62F868F1-93D2-47CF-8884-833B59FA43FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7E74874B-5CE6-4C40-8925-6D50E7DBDB05}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{152E04C0-98A8-46F0-AF87-3DBF4301966D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{76A30184-2A1E-4CFA-AA09-BE6D6497F554}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{14401A15-5B0A-48AC-8F94-A82009034F31}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D3505EE4-8E12-4C11-8CC8-3C5B9713BF54}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [UDP Query User{BF6EB70C-9693-4FED-9F6E-559B373B60D3}C:\users\klowwds\downloads\sharetvps (3).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (3).exe
FirewallRules: [TCP Query User{32AC22F1-8649-47DB-8BEF-A3C14C53BBB2}C:\users\klowwds\downloads\sharetvps (3).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (3).exe
FirewallRules: [{01836689-E1E6-488F-A3CA-89B39F932167}] => (Allow) LPort=1900
FirewallRules: [{83A515A1-1419-44A3-9597-3FA296B6FFE8}] => (Allow) LPort=2869
FirewallRules: [{02EF18BD-10D1-4D8F-9226-073D8F912599}] => (Allow) LPort=1900
FirewallRules: [{5CB198C3-0DC4-4073-B9BE-541F421E83CB}] => (Allow) LPort=2869
FirewallRules: [{CD3E8D71-0FE3-4CD3-B257-8ADC09FAF4D8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4DD0CD89-C605-495D-BA0F-99EE9D23B7AE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{A9DFE94D-F421-4B6D-AB45-C7699555F2A4}C:\users\klowwds\downloads\sharetvps (4).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (4).exe
FirewallRules: [TCP Query User{2F80BEDD-4546-4951-AE26-32369F5EB6C1}C:\users\klowwds\downloads\sharetvps (4).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (4).exe
FirewallRules: [{5C45E4B4-7CDB-4B9D-B628-20EC4AB94730}] => (Allow) C:\Users\klowwds\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{C6710B53-733E-44CE-BEC5-BC2209501651}C:\users\klowwds\downloads\sharetvps (2).exe] => (Block) C:\users\klowwds\downloads\sharetvps (2).exe
FirewallRules: [TCP Query User{8EE739D5-9155-4CB8-A46C-3DB95B31EC03}C:\users\klowwds\downloads\sharetvps (2).exe] => (Block) C:\users\klowwds\downloads\sharetvps (2).exe
FirewallRules: [UDP Query User{14833474-732C-4132-BAB3-7BFEEC37EFC7}C:\users\klowwds\downloads\sharetvps (1).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (1).exe
FirewallRules: [TCP Query User{736EF2AB-E6FE-4870-92DD-52BA6C13D5F1}C:\users\klowwds\downloads\sharetvps (1).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (1).exe
FirewallRules: [UDP Query User{A2763E57-1354-44D7-9E47-7066B63C0AE5}C:\users\klowwds\downloads\sharetvps.exe] => (Allow) C:\users\klowwds\downloads\sharetvps.exe
FirewallRules: [TCP Query User{53383562-B016-4883-A5D0-94AF27F3953F}C:\users\klowwds\downloads\sharetvps.exe] => (Allow) C:\users\klowwds\downloads\sharetvps.exe
FirewallRules: [TCP Query User{93EDF0E7-373E-43A2-8BEC-7483B4C2355A}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{97818ED7-BD8C-4C1F-8CBF-96EBBC0CA75C}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{23917CEE-0541-482B-AD93-539009452C40}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{9FF9F6CF-109B-417F-A6D2-EE4D2F292510}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{CBF955AF-13CF-4733-8944-208D36635EC5}] => (Allow) C:\Users\yeti\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{B8E2023C-48FF-4F6A-B1F7-EE48CF91793C}] => (Allow) C:\Users\yeti\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{7EFF5966-B2EC-40D4-95D5-6BBEA5EE68A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{71642782-4BCF-4973-81FC-AC7C5B06D568}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92E10104-65DF-4124-BC66-0F49280AE97F}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E482A45-26D0-4895-AFB6-6FAB66B3D2B1}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4622F4B-7B83-48DD-891B-97C01A78F02A}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2931DA62-3EB5-4E1D-98EB-94907FC0E368}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0D4AA9E2-BF69-4E01-87EC-F56205CCADA8}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C656212B-2C7A-4F90-830D-E86913187354}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EDE1F169-828B-4BF7-8F8F-23901A9C2130}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E39D832-BFEC-4ED9-8907-90AAE8B4EFF1}] => (Allow) C:\Windows\[email protected]
FirewallRules: [{19144F72-491C-4C8B-840C-75297B50AB7E}] => (Allow) C:\Windows\[email protected]
 
==================== Faulty Device Manager Devices =============
 
Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (Personal Area Network) #3
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Photosmart C4700
Description: HP Photosmart C4700
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000C1580FEE20.72).  hr = 0x80070005, Access is denied.
.
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ec8,(null),0,REG_BINARY,00000023B577D620.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {1a122492-d2e3-4e6e-a1fd-f054dac0c9d1}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000754,(null),0,REG_BINARY,00000046C3DCDA30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {53e7af72-9b06-4e2c-b8b2-f0a9b9ce8867}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000364,SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer,0,REG_BINARY,000000A9E62ADB30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {fe5eae66-3c04-45ab-bac2-31233f134adb}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000228,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000C1598AF0E0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {778d76b0-9f6e-4762-a0c7-456824254466}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000258,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000C15829E8E0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {7194101d-bf6b-462d-bb4d-cd35034c763d}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000210,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000C15846E980.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {613f5dcd-1ccb-4b67-b5af-d5a79eb70841}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ec8,(null),0,REG_BINARY,00000023B577D620.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {1a122492-d2e3-4e6e-a1fd-f054dac0c9d1}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000754,(null),0,REG_BINARY,00000046C3DCDA30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {53e7af72-9b06-4e2c-b8b2-f0a9b9ce8867}
 
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000364,SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer,0,REG_BINARY,000000A9E62ADB30.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {fe5eae66-3c04-45ab-bac2-31233f134adb}
 
 
System errors:
=============
Error: (11/14/2015 06:10:17 PM) (Source: iScsiPrt) (EventID: 70) (User: )
Description: Error occurred when processing iSCSI logon request. The request was not retried. Error status is given in the dump data.
 
Error: (11/14/2015 06:10:17 PM) (Source: iScsiPrt) (EventID: 1) (User: )
Description: Initiator failed to connect to the target. Target IP address and TCP Port number are given in dump data.
 
Error: (11/14/2015 06:10:02 PM) (Source: iScsiPrt) (EventID: 70) (User: )
Description: Error occurred when processing iSCSI logon request. The request was not retried. Error status is given in the dump data.
 
Error: (11/14/2015 06:10:02 PM) (Source: iScsiPrt) (EventID: 1) (User: )
Description: Initiator failed to connect to the target. Target IP address and TCP Port number are given in dump data.
 
Error: (11/14/2015 06:05:24 PM) (Source: XMouseButton Launcher) (EventID: 6) (User: )
Description: Process token open Error: 6 (The handle is invalid. )
 
Error: (11/14/2015 06:05:22 PM) (Source: XMouseButton Launcher) (EventID: 6) (User: )
Description: Process token open Error: 6 (The handle is invalid. )
 
Error: (11/14/2015 06:04:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: 
%%0
 
Error: (11/14/2015 06:04:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error: 
%%1058
 
Error: (11/14/2015 06:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ACP Kernel Service Driver service failed to start due to the following error: 
%%2
 
Error: (11/14/2015 05:51:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Mail and Calendar.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-13 10:07:28.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 10:07:28.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 10:07:28.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 10:07:28.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 03:32:08.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 03:32:08.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 03:29:50.038
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 03:29:50.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 03:29:50.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-13 03:29:49.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4300 Quad-Core Processor 
Percentage of memory in use: 9%
Total physical RAM: 16281.5 MB
Available physical RAM: 14699.36 MB
Total Virtual: 24281.5 MB
Available Virtual: 22715.96 MB
 
==================== Drives ================================
 
Drive c: (cool) (Fixed) (Total:1861.18 GB) (Free:1412.69 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:923.51 GB) (Free:807.12 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:8 GB) (Free:7.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B6A4089D)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4A56FFBE)
Partition 1: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =========================
 
 
 
 
====================start of AdwCleaner scan log ============================
 
 
# AdwCleaner v5.020 - Logfile created 14/11/2015 at 11:04:53
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Enterprise  (x64)
# Username : vbn cnm - KLOWDS
# Running from : C:\Users\vbn cnm\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : swsedrvr_vw_1_10_0_25
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\ospd_us_014010146
Folder Found : C:\Program Files (x86)\ospd_us_014010146
Folder Found : C:\Program Files (x86)\ospd_us_014010146
Folder Found : C:\Program Files (x86)\SpaceSondPro_v53.4161
Folder Found : C:\Program Files (x86)\SpaceSondPro_v84.4188
Folder Found : C:\ProgramData\LolliScan
Folder Found : C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
Folder Found : C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
Folder Found : C:\Users\vbn cnm\AppData\Local\Consumer Input
Folder Found : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
Folder Found : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
Folder Found : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
Folder Found : C:\Users\vbn cnm\AppData\Roaming\NUIns
Folder Found : C:\Users\vbn cnm\AppData\Roaming\Note-up
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Folder Found : C:\WINDOWS\Quicky Translator
Folder Found : C:\WINDOWS\SysNative\Tasks\jZip
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\task.vbs
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\vbn cnm\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jZip.lnk
File Found : C:\Users\vbn cnm\Desktop\Note-Up.lnk
File Found : C:\Users\VBNCNM~1\AppData\Local\Temp\task.vbs
File Found : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\searchplugins\yahoo_ff.xml
File Found : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\user.js
File Found : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051 )
 
***** [ Scheduled tasks ] *****
 
Task Found : ConsumerInputUpdateTaskMachineCore
Task Found : ConsumerInputUpdateTaskMachineUA
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : updateTask
Task Found : SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
Task Found : SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
Task Found : CGROIETCMHGNTSPX
Task Found : JROYBVMF1
Task Found : YHSBSCKMGECGSCCX
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
Key Found : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
Key Found : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
Key Found : HKLM\SOFTWARE\CLASSES\dream.capture.1
Key Found : HKLM\SOFTWARE\CLASSES\dream.capture
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_014010146]
Key Found : HKLM\SOFTWARE\364797b9-f90d-41fe-827f-3adec21b9417
Key Found : HKLM\SOFTWARE\430e7092-5fe7-4dc4-ad8e-7dafd4cb6e1b
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Nosibay
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\LolliScan
Key Found : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\ONESOFTPERDAY
Key Found : HKLM\SOFTWARE\Crashhd
Key Found : HKLM\SOFTWARE\NetTcpHandler
Key Found : HKLM\SOFTWARE\NtSvcHandler
Key Found : HKLM\SOFTWARE\AmazingTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\LolliScan
Key Found : [x64] HKLM\SOFTWARE\im-dosearch
Key Found : [x64] HKLM\SOFTWARE\SAKURA
Key Found : [x64] HKLM\SOFTWARE\AmazingTab
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051
 
***** [ Web browsers ] *****
 
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : easyrecovery-professional.en.softonic.com
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cjhofhakdnfjgeobcioadclaekfbhndl
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cmclajginlihohopoeofghddnhpplhom
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dkpejdfnpdkhifgbancbammdijojoffk
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fbcohnmimjicjdomonkcbcpbpnhggkip
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fngmhnnpilhplaeedifhccceomclgfbg
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gngocbkfmikdgphklgmmehbjjlfgdemm
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lijndokalmoineioiefnioooafnkgond
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mgdcgnnjenhecpdnhpnhpmgndjenmnnk
 
########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [12735 bytes] ##########
 
 
====================start of AdwCleaner fix log ============================
 
 
# AdwCleaner v5.020 - Logfile created 14/11/2015 at 11:09:27
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Enterprise  (x64)
# Username : vbn cnm - KLOWDS
# Running from : C:\Users\vbn cnm\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : swsedrvr_vw_1_10_0_25
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\ospd_us_014010146
[!] Folder Not Deleted : C:\Program Files (x86)\ospd_us_014010146
[!] Folder Not Deleted : C:\Program Files (x86)\ospd_us_014010146
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v53.4161
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v84.4188
[-] Folder Deleted : C:\ProgramData\LolliScan
[-] Folder Deleted : C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
[-] Folder Deleted : C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
[!] Folder Not Deleted : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
[!] Folder Not Deleted : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Roaming\NUIns
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Roaming\Note-up
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
[!] Folder Not Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
[-] Folder Deleted : C:\WINDOWS\Quicky Translator
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\jZip
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\task.vbs
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\vbn cnm\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jZip.lnk
[-] File Deleted : C:\Users\vbn cnm\Desktop\Note-Up.lnk
[-] File Deleted : C:\Users\VBNCNM~1\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\user.js
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : ConsumerInputUpdateTaskMachineCore
[-] Task Deleted : ConsumerInputUpdateTaskMachineUA
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : updateTask
[-] Task Deleted : SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
[-] Task Deleted : SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
[-] Task Deleted : CGROIETCMHGNTSPX
[-] Task Deleted : JROYBVMF1
[-] Task Deleted : YHSBSCKMGECGSCCX
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
[-] Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_014010146]
[-] Key Deleted : HKLM\SOFTWARE\364797b9-f90d-41fe-827f-3adec21b9417
[-] Key Deleted : HKLM\SOFTWARE\430e7092-5fe7-4dc4-ad8e-7dafd4cb6e1b
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\LolliScan
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\Crashhd
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\AmazingTab
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\LolliScan
[-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : [x64] HKLM\SOFTWARE\SAKURA
[-] Key Deleted : [x64] HKLM\SOFTWARE\AmazingTab
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
 
***** [ Web browsers ] *****
 
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : easyrecovery-professional.en.softonic.com
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cjhofhakdnfjgeobcioadclaekfbhndl
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cmclajginlihohopoeofghddnhpplhom
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dkpejdfnpdkhifgbancbammdijojoffk
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fbcohnmimjicjdomonkcbcpbpnhggkip
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fngmhnnpilhplaeedifhccceomclgfbg
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gngocbkfmikdgphklgmmehbjjlfgdemm
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lijndokalmoineioiefnioooafnkgond
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mgdcgnnjenhecpdnhpnhpmgndjenmnnk
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C15].txt - [13547 bytes] ##########
 
 

 


Edited by razmage11, 14 November 2015 - 11:08 PM.

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello Razmage11 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on. I need a little time to analyse your logs and will post back as soon as possible. :)

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Razmage11


Before I can assist you please answer the following question.

I notice that you have this process running.

[email protected]

This program is a 3rd party windows and office activator. It is illegal to activate windows using third party software.

Under the Geeks to Go Terms of Use I will be unable to assist you further if it is suspected that software has been obtained illegally.

Please explain why you have this software installed.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, pup

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP