This topic is locked
hi i need help i tried sfc not working windows search wont open im sure i got a virus or malware still ive used adw ,rogue killer
and hitman pro still buggy
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by vbn cnm (administrator) on KLOWDS (14-11-2015 18:21:55)
Running from C:\Users\klowwds\Downloads
Loaded Profiles: vbn cnm (Available Profiles: yeti & vbn cnm & Administrator)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
() C:\Windows\[email protected]
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [oasi_en_323010107] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-17] (Siber Systems)
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\RunOnce: [Uninstall C:\Users\vbn cnm\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vbn cnm\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
IFEO\OSppSvc.exe: [Debugger] [email protected]
IFEO\SppExtComObj.exe: [Debugger] [email protected]
Startup: C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\systemmgr.lnk [2015-11-14]
ShortcutTarget: systemmgr.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [76288 2015-07-10] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{4e95774d-8779-464a-9119-19bc6861ef7d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b0e4835a-4f84-4aa7-a679-9b065e232a7c}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e4c05268-1762-4dcd-a558-9d6740897185}: [DhcpNameServer] 192.168.44.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-877872159-248972997-1231205137-1020\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FADzamobl011652,ac7cb050-d0ae-4a08-a85f-e88cd6877c79,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-877872159-248972997-1231205137-1020 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll => No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-17] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-13] ()
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150305-0402 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git-20150421-0403 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-13] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn => not found
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-09-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://att.yahoo.com/","hxxps://www.google.com/webhp?ei=dG7XVJTTD9eWyQS5i4IQ&ved=0CAQQqS4oAQ"
CHR Profile: C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-14]
CHR Extension: (Allow Copy - Click to activate on this tab) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\abidndjnodakeaicodfpgcnlkpppapah [2015-11-14]
CHR Extension: (Yahoo Web) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-11-14]
CHR Extension: (Torrent Search) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2015-11-14]
CHR Extension: (GetTorrent) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjlegonfhdhjkaafgndlpgobijmlmm [2015-11-14]
CHR Extension: (Delicious Bookmark Bar Sync 1.1) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\agabedjjbijfpccchcmpfpcdfnlpjkoj [2015-11-14]
CHR Extension: (Google Docs) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-14]
CHR Extension: (Google Drive) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (Facebook Right Column Remover) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\badghiafciannpipcgeajndglbcjkjih [2015-11-14]
CHR Extension: (Web Developer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2015-11-14]
CHR Extension: (Facebook Look Back Video Downloader) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bglkopdollcjlmnbjafgioegkaihoodj [2015-11-14]
CHR Extension: (General Audit Tool Core) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhgjjjckpncjilffbnadepbacbnoigkh [2015-11-14]
CHR Extension: (ClickThrough) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfeoajfcanjhipllkbkpeagofopgoki [2015-11-14]
CHR Extension: (IP[bleep]) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmbpodpcgmnpfjmigcckcjfldcicnd [2015-11-14]
CHR Extension: (YouTube) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-11-14]
CHR Extension: (Torrent Search Engine) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bokjhgpnmjklkafpkgfafahhpdhdnhbo [2015-11-14]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-11-14]
CHR Extension: (Random Select Radio Buttons) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdhihojoekiijkcmfdejobiodnlgijmb [2015-11-14]
CHR Extension: (Adblock Plus) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-14]
CHR Extension: (APK Downloader) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-11-14]
CHR Extension: (Facebook Activity Remover) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhdaapekomkhcdfkeogcmhimmmkgkpb [2015-11-14]
CHR Extension: (InboxNow) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2015-11-14]
CHR Extension: (Select all Facebook friends) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbcjpjecmkjagmnhgfojblhjhnalbda [2015-11-14]
CHR Extension: (Replace New Tab Page) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja [2015-11-14]
CHR Extension: (Google Search) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (HTML Editor) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dacmeeeegjoaddfondbeaaafohldgfof [2015-11-14]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-11-14]
CHR Extension: (Social Video Chat MashMeTV) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgimnkkcekilmeifblloakploakdjcdm [2015-11-14]
CHR Extension: (Tampermonkey) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-14]
CHR Extension: (Enhanced Developer Console) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\djoghnkbhcnonnmcpnlfbkokgdmgamog [2015-11-14]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-11-14]
CHR Extension: (PageEdit) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebkclgoaabaibghklgknnjdemknjaeic [2015-11-14]
CHR Extension: (Block site) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-11-14]
CHR Extension: (Easy WebContent Free HTML Editor) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\encbaekhkcjjmhbcghnlcaiifdmfeokn [2015-11-14]
CHR Extension: (My JDownloader) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2015-11-14]
CHR Extension: (Google Sheets) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-14]
CHR Extension: (Bookmarks Button) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2015-11-14]
CHR Extension: (Word Online) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-11-14]
CHR Extension: (Facebook Meta Inspector) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\flpedblkbobmjlipnnmalidalmhkangn [2015-11-14]
CHR Extension: (Right-Click enabler) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmmfnoikodocoelbimkedjdiaoejbddd [2015-11-14]
CHR Extension: (EditThisCookie) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-11-14]
CHR Extension: (2nd Toolbar Spacer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplioachhfdbehddoehahffjbcfeinid [2015-11-14]
CHR Extension: (Web Developer Form Filler) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbagmkohmhcjgbepncmehejaljoclpil [2015-11-14]
CHR Extension: (Chrome Remote Desktop) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-14]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2015-11-14]
CHR Extension: (Tampermonkey BETA) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2015-11-14]
CHR Extension: (Yahoo Web) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejneallhefbckelajfgfimjcpclgacb [2015-11-14]
CHR Extension: (Kaiserapps - Web Developer Tools) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglhpbcdnlhflfpacllleoeofbipdgjl [2015-11-14]
CHR Extension: (Free Public Logins, a BugMeNot Alternative) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gglnenhpokhheofljihhaidamhfjhafn [2015-11-14]
CHR Extension: (Google Docs Offline) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Form Tools) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihginompkjijnipckobcjioandcmjgp [2015-11-14]
CHR Extension: (Facebook Content Unlock) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjehmaffekhefhfcighkjoafgihknoog [2015-11-14]
CHR Extension: (SwagButton) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-11-14]
CHR Extension: (Mailto:) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf [2015-11-14]
CHR Extension: (Mibbit webchat) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-11-14]
CHR Extension: (Unofficial Gimme Bar Extension) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfiafambgalcabpdpikkchpdmmcocjl [2015-11-14]
CHR Extension: (Website Blocker (Beta)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2015-11-14]
CHR Extension: (Export History) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcohnnbbiggngobheobhdipbgmcbelhh [2015-11-14]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2015-11-14]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2015-11-14]
CHR Extension: (Enable right click) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhojmcideegachlhfgfdhailpfhgknjm [2015-11-14]
CHR Extension: (SEO & Website Analysis) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2015-11-14]
CHR Extension: (Referer Control) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin [2015-11-14]
CHR Extension: (Appspector) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2015-11-14]
CHR Extension: (Yahoo Web) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaphncjnennbhaopahlkflgipniaegmf [2015-11-14]
CHR Extension: (Stealthy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2015-11-14]
CHR Extension: (Social Fixer for Facebook) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-11-14]
CHR Extension: (fbQuickLogin for multiple Facebook™ accounts) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpcdjelcodenkpfkbaficnkgkmljjbf [2015-11-14]
CHR Extension: (dataslayer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbablmmjldhamhcldjjigniffkkjgpo [2015-11-14]
CHR Extension: (Voice Recognition) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-11-14]
CHR Extension: (Cookies) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-11-14]
CHR Extension: (Facebook Multiple Sessions) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcehlllhikannljknlkmbofmeghfkpon [2015-11-14]
CHR Extension: (Disconnect) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-11-14]
CHR Extension: (intoProxy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnoehmhmdffejnkhccdagnppbbcclhne [2015-11-14]
CHR Extension: (Atavi - bookmark manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpchabeoojaflbaajmjhfcfiknckabpo [2015-11-14]
CHR Extension: (Web Developer Tools) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kafedakbaiofedkepgjhmppcaimcjknf [2015-11-14]
CHR Extension: (Cookie Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck [2015-11-14]
CHR Extension: (Google Voice (by Google)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-11-14]
CHR Extension: (Select all FB) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpcloingkingimcaedjnppconpcjoan [2015-11-14]
CHR Extension: (ChromeVox) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgejglhpjiefppelpmljglcjbhoiplfn [2015-11-14]
CHR Extension: (Roomy Bookmarks Toolbar) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmfbpoigddhdibjcilijiejaidggonfc [2015-11-14]
CHR Extension: (Google Hangouts) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-11-14]
CHR Extension: (BugMeNot Lite) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2015-11-14]
CHR Extension: (Webcam Toy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-11-14]
CHR Extension: (Facebook AdBlock) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa [2015-11-14]
CHR Extension: (Linkclump) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-11-14]
CHR Extension: (Cloud Application Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond [2015-11-14]
CHR Extension: (Facebook Invite All Friends 2015) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec [2015-11-14]
CHR Extension: (fPrivacy) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllliihmodekgjcioihaaodkbpeleph [2015-11-14]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2015-11-14]
CHR Extension: (Messenger (Unofficial)) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-11-14]
CHR Extension: (Block Site Plus) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfppccbikicoemimadnkllfoaaijicjh [2015-11-14]
CHR Extension: (CouponXplorer) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk [2015-11-14]
CHR Extension: (Minimal Bookmarks Tree) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mohenkbngkbmdlkiemonbgdfgdjacaeb [2015-11-14]
CHR Extension: (MultiLogin) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccllfnllopfpcbjdgjdlfmomnfgnnbk [2015-11-14]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-11-14]
CHR Extension: (Google Hangouts) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-11-14]
CHR Extension: (Editor Lite) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nglgdmkkiemejlladcdjegcllaieegoe [2015-11-14]
CHR Extension: (Bookmark manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgkimgbjgjknccgefmkpepkpngfjkld [2015-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-14]
CHR Extension: (Check All) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbihdpkeohjdfncchjhidbbonnihaob [2015-11-14]
CHR Extension: (AIO Search) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhijjefkkokfaiffkcemldacdabpeei [2015-11-14]
CHR Extension: (Bookmax - Bookmark Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjpkfadmfhloombfmmlllnbhkoehckm [2015-11-14]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-11-14]
CHR Extension: (Video Chat FlirtyMania) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaahapngnjijjgplpikimpaepddnfae [2015-11-14]
CHR Extension: (Sidekick by HubSpot) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2015-11-14]
CHR Extension: (ScriptSafe) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-11-14]
CHR Extension: (Remove Facebook Redirections) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhdomkbnapoacbialllfpbcckckidck [2015-11-14]
CHR Extension: (Gmail) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-14]
CHR Extension: (Testofill, Form Filler for Testers) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkgdgajoinhkfldibdaledjikboognnl [2015-11-14]
CHR Extension: (RoboForm Password Manager) - C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-14]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-21]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S4 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-08-03] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-02-26] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2015-02-26] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2015-02-28] (ASUSTeK Computer Inc.) [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-13] (Broadcom Corporation.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-13] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 KMS-R@1n; C:\Windows\[email protected] [26112 2015-11-14] () [File not signed]
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-09-21] (Sandboxie Holdings, LLC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 XMouseButton Launcher; C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [87040 2012-06-23] (Highresolution Enterprises) [File not signed]
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 A6100; C:\Windows\system32\DRIVERS\A6100.sys [2969816 2013-07-08] (Realtek Semiconductor Corporation )
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-02-26] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2015-02-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102912 2015-07-15] (Advanced Micro Devices)
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
S3 avpnnic; C:\Windows\system32\DRIVERS\avpnnic.sys [14848 2015-01-19] (AT&T) [File not signed]
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227144 2015-10-13] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-11-14] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [32768 2010-04-29] (Google Inc)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-10-13] (REALiX™)
S3 jrvad_service; C:\Windows\system32\drivers\JRiverWDMDriver.sys [36872 2015-01-06] (JRiver, Inc.)
R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation)
S3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2204304 2015-07-10] (MediaTek Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [191624 2015-09-21] (Sandboxie Holdings, LLC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-14] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 USBlyzer; C:\Windows\system32\DRIVERS\USBlyzer.sys [114944 2014-03-19] (USBlyzer Team)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-09-02] (Windows ® Win 7 DDK provider)
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; C:\Windows\System32\drivers\wfpcapture.sys [60080 2013-09-23] (Microsoft Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S1 {8c18950d-388e-4a16-b947-a882c417f551}Gw64; system32\drivers\{8c18950d-388e-4a16-b947-a882c417f551}Gw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 18:21 - 2015-11-14 18:22 - 00036607 _____ C:\Users\klowwds\Downloads\FRST.txt
2015-11-14 18:10 - 2015-11-14 18:10 - 00000000 ____D C:\Users\klowwds\Downloads\FRST-OlderVersion
2015-11-14 18:09 - 2015-11-14 18:10 - 02198528 _____ (Farbar) C:\Users\klowwds\Downloads\FRST64.exe
2015-11-14 18:05 - 2015-11-14 18:05 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_vbn cnm_HistoryPrediction.bin
2015-11-14 17:45 - 2015-11-14 18:04 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-11-14 16:33 - 2015-11-14 16:33 - 00026112 _____ C:\WINDOWS\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00007168 _____ C:\WINDOWS\KMS-QADhook.dll
2015-11-14 16:33 - 2015-11-14 16:33 - 00004608 _____ C:\WINDOWS\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00003151 _____ C:\Users\Public\Desktop\[email protected]
2015-11-14 16:33 - 2015-11-14 16:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2015-11-14 16:33 - 2015-11-14 16:33 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\mpress
2015-11-14 16:30 - 2015-11-14 16:30 - 01919017 _____ () C:\Users\vbn cnm\Downloads\Windows Reloder (1).exe
2015-11-14 14:46 - 2015-11-14 15:11 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\USBlyzer
2015-11-14 14:38 - 2015-11-14 14:38 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Ghostbuster
2015-11-14 13:39 - 2015-11-14 13:47 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Acrylic Wi-Fi Home
2015-11-14 13:39 - 2015-11-14 13:47 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2015-11-14 13:39 - 2015-11-14 13:39 - 04992512 _____ (Tarlogic Security S.L. ) C:\Users\vbn cnm\Downloads\Acrylic_WiFi_Home_v3.0.5788.23010-Setup.exe
2015-11-14 13:39 - 2015-11-14 13:39 - 00000920 _____ C:\Users\vbn cnm\Desktop\Acrylic Wi-Fi Home.lnk
2015-11-14 13:39 - 2015-11-14 13:39 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2015-11-14 13:23 - 2015-11-14 13:23 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_Administrator_HistoryPrediction.bin
2015-11-14 13:14 - 2015-11-14 13:14 - 00002415 _____ C:\Users\Administrator.klowds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-14 12:31 - 2015-11-14 12:31 - 00007058 _____ C:\WINDOWS\DPINST.LOG
2015-11-14 12:22 - 2015-11-14 12:59 - 00002526 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2015-11-14 12:21 - 2015-11-14 12:23 - 00000000 ____D C:\Users\Administrator.klowds\AppData\LocalLow\uTorrent
2015-11-14 11:00 - 2015-11-14 11:00 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\AMD
2015-11-14 11:00 - 2015-11-14 11:00 - 00000000 ____D C:\ProgramData\ATI
2015-11-14 10:45 - 2015-11-14 10:45 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201511141045078109.log
2015-11-14 10:44 - 2015-11-14 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-11-14 10:44 - 2015-11-14 10:44 - 00000000 ____D C:\Program Files\ATI Technologies
2015-11-14 10:36 - 2015-11-14 10:36 - 00066655 _____ C:\WINDOWS\SysWOW64\CCCInstall_201511141036543330.log
2015-11-14 10:34 - 2015-11-14 10:34 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 39712768 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-11-14 10:34 - 2015-11-14 10:34 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-11-14 10:34 - 2015-11-14 10:34 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00662392 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-11-14 10:34 - 2015-11-14 10:34 - 00662392 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-11-14 10:34 - 2015-11-14 10:34 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00471312 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00138376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00110312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-11-14 10:34 - 2015-11-14 10:34 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-11-14 10:34 - 2015-11-14 10:34 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-11-14 10:34 - 2015-11-14 10:34 - 00043536 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-11-14 10:34 - 2015-11-14 10:34 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-11-14 10:34 - 2015-11-14 10:34 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-11-14 10:28 - 2015-11-14 10:28 - 01729536 _____ C:\Users\vbn cnm\Downloads\AdwCleaner.exe
2015-11-14 10:27 - 2015-11-14 10:27 - 18979400 _____ C:\Users\vbn cnm\Downloads\RogueKiller (1).exe
2015-11-14 08:20 - 2015-11-14 11:26 - 00000000 ____D C:\AdwCleaner
2015-11-14 08:20 - 2015-11-14 09:43 - 00000000 _____ C:\WINDOWS\SysWOW64\outputfilePath
2015-11-14 08:19 - 2015-11-14 12:24 - 00000000 ____D C:\Program Files (x86)\SystemManager
2015-11-14 08:19 - 2015-11-14 11:08 - 00000000 _____ C:\WINDOWS\system32\outputfilePath
2015-11-14 08:19 - 2015-11-14 08:19 - 00003322 _____ C:\WINDOWS\System32\Tasks\JZIP
2015-11-14 08:18 - 2015-11-14 18:22 - 00000476 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020.job
2015-11-14 08:18 - 2015-11-14 09:37 - 00000510 _____ C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020.job
2015-11-14 08:18 - 2015-11-14 08:18 - 00003716 _____ C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020
2015-11-14 08:18 - 2015-11-14 08:18 - 00003594 _____ C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020
2015-11-14 08:17 - 2015-11-14 08:17 - 00002560 _____ C:\Users\vbn cnm\AppData\Local\uninstall.exe
2015-11-14 08:09 - 2015-11-14 08:09 - 03393566 _____ C:\Users\vbn cnm\Downloads\KMSpico v10.0.4 (Office and windows activator) [TechTools.NET].rar
2015-11-14 07:59 - 2015-11-14 07:59 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2015-11-14 05:38 - 2015-11-14 05:38 - 00000000 ____D C:\WINDOWS\RemotePackages
2015-11-14 05:31 - 2015-07-10 03:01 - 00032200 _____ C:\WINDOWS\Enterprise.xml
2015-11-14 05:17 - 2015-11-14 05:17 - 01919017 _____ () C:\Users\vbn cnm\Downloads\Windows Reloder.exe
2015-11-14 04:05 - 2015-11-14 04:05 - 00001705 _____ C:\Users\vbn cnm\Downloads\Add-Take-Ownership-Option.zip
2015-11-14 04:03 - 2015-11-14 04:03 - 00001731 _____ C:\Users\vbn cnm\Downloads\Add-Restore-Ownership-Option.zip
2015-11-14 04:03 - 2015-11-14 04:03 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\WinZip
2015-11-14 03:56 - 2015-11-14 18:21 - 00000062 _____ C:\Users\vbn cnm\Desktop\New Text Document.txt
2015-11-14 03:55 - 2015-11-14 09:55 - 00002490 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_vbn_cnm
2015-11-14 03:55 - 2015-11-14 09:55 - 00000296 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_vbn_cnm.job
2015-11-14 03:55 - 2015-11-14 03:55 - 00000000 ____D C:\Users\vbn cnm\AppData\LocalLow\IObit
2015-11-14 03:46 - 2015-11-04 21:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-14 03:46 - 2015-11-04 20:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-14 03:46 - 2015-11-04 20:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-14 03:46 - 2015-11-04 19:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-14 03:46 - 2015-11-04 19:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-14 03:45 - 2015-11-04 21:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-14 03:45 - 2015-11-04 21:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-14 03:45 - 2015-11-04 21:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-14 03:45 - 2015-11-04 21:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-14 03:45 - 2015-11-04 21:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-14 03:45 - 2015-11-04 21:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-14 03:45 - 2015-11-04 20:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-14 03:45 - 2015-11-04 20:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-14 03:45 - 2015-11-04 20:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-14 03:45 - 2015-11-04 20:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-14 03:45 - 2015-11-04 20:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-14 03:45 - 2015-11-04 20:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-14 03:45 - 2015-11-04 20:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-14 03:45 - 2015-11-04 20:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-14 03:45 - 2015-11-04 20:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-14 03:45 - 2015-11-04 20:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-14 03:45 - 2015-11-04 20:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-14 03:45 - 2015-11-04 20:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-14 03:45 - 2015-11-04 20:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-14 03:45 - 2015-11-04 20:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-14 03:45 - 2015-11-04 20:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-14 03:45 - 2015-11-04 20:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-14 03:45 - 2015-11-04 20:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-14 03:45 - 2015-11-04 20:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-14 03:45 - 2015-11-04 20:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-14 03:45 - 2015-11-04 19:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-14 03:45 - 2015-11-04 19:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-14 03:45 - 2015-11-04 19:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-14 03:45 - 2015-11-04 19:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-14 03:45 - 2015-11-04 19:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-14 03:45 - 2015-11-04 19:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-14 03:45 - 2015-11-04 19:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-14 03:45 - 2015-11-04 19:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-14 03:45 - 2015-11-04 19:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-14 03:45 - 2015-11-04 19:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-14 03:45 - 2015-11-04 19:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-14 03:45 - 2015-11-04 19:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-14 03:45 - 2015-11-04 19:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-14 03:45 - 2015-11-04 19:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-14 03:45 - 2015-11-04 19:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-14 03:45 - 2015-11-04 19:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-14 03:45 - 2015-11-04 19:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-14 03:44 - 2015-11-04 21:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-14 03:44 - 2015-11-04 20:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-14 03:44 - 2015-11-04 20:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-14 03:44 - 2015-11-04 20:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-14 03:44 - 2015-11-04 20:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-14 03:44 - 2015-11-04 19:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-14 03:42 - 2015-11-14 10:32 - 00024576 ___SH C:\Users\vbn cnm\Desktop\Thumbs.db
2015-11-14 03:14 - 2015-11-14 15:47 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1F3D1176-C6BB-499A-AF8A-4C430B6E4F37}
2015-11-14 02:05 - 2015-11-14 14:18 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Apps\2.0
2015-11-13 19:33 - 2015-11-14 16:58 - 00072020 _____ C:\Users\vbn cnm\Desktop\Console1.msc
2015-11-13 14:43 - 2015-11-13 14:43 - 00056060 _____ C:\Users\vbn cnm\Desktop\GYCS6Im9.jpeg
2015-11-13 14:18 - 2015-11-13 14:18 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Macromedia
2015-11-13 14:10 - 2015-11-13 14:10 - 01489785 _____ C:\Users\klowwds\Documents\cache.rfo
2015-11-13 13:55 - 2015-11-13 13:55 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\PeerDistRepub
2015-11-13 12:36 - 2015-11-13 12:36 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\RoboForm
2015-11-13 12:35 - 2015-11-13 12:35 - 00000000 ____D C:\Users\vbn cnm\Documents\My RoboForm Data
2015-11-13 12:35 - 2015-11-13 12:35 - 00000000 ____D C:\Users\vbn cnm\AppData\LocalLow\Siber Systems
2015-11-13 12:30 - 2015-11-13 12:30 - 00016148 _____ C:\WINDOWS\system32\KLOWDS_yeti_HistoryPrediction.bin
2015-11-13 12:24 - 2015-11-13 12:24 - 00000412 __RSH C:\Users\yeti\ntuser.pol
2015-11-02 10:17 - 2015-11-14 17:41 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\CrashDumps
2015-11-02 10:17 - 2015-11-14 03:55 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\ProductData
2015-11-02 10:16 - 2015-11-14 03:11 - 00002380 _____ C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-02 10:16 - 2015-11-14 03:11 - 00000000 ___RD C:\Users\vbn cnm\OneDrive
2015-11-02 10:16 - 2015-11-02 10:16 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Lenovo
2015-11-02 10:14 - 2015-11-02 10:14 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\MicrosoftEdge
2015-11-02 10:12 - 2015-11-02 10:12 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Publishers
2015-11-02 10:11 - 2015-11-02 10:11 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\VirtualStore
2015-11-02 10:10 - 2015-11-14 03:13 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Packages
2015-11-02 10:10 - 2015-11-13 14:11 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\Google
2015-11-02 10:10 - 2015-11-02 10:10 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Adobe
2015-11-02 10:10 - 2015-11-02 10:10 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\TileDataLayer
2015-11-02 10:09 - 2015-11-14 09:55 - 00000000 ____D C:\Users\vbn cnm
2015-11-02 10:09 - 2015-11-14 03:11 - 00000412 __RSH C:\Users\vbn cnm\ntuser.pol
2015-11-02 10:09 - 2015-11-13 12:19 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\IObit
2015-11-02 10:09 - 2015-11-02 10:10 - 00000000 ___RD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-02 10:09 - 2015-11-02 10:09 - 00000020 ___SH C:\Users\vbn cnm\ntuser.ini
2015-11-02 10:09 - 2015-11-02 10:09 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Highresolution Enterprises
2015-11-02 10:09 - 2015-10-12 15:25 - 00000000 __RSD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-11-02 10:09 - 2015-10-12 15:25 - 00000000 ___RD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-11-02 10:09 - 2015-10-12 15:25 - 00000000 ___RD C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-11-02 10:09 - 2015-09-12 18:31 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\ATI
2015-11-02 10:09 - 2015-09-12 18:31 - 00000000 ____D C:\Users\vbn cnm\AppData\Local\ATI
2015-11-02 10:09 - 2015-07-10 03:04 - 00000000 ____D C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 18:21 - 2015-03-19 18:30 - 00000000 ____D C:\FRST
2015-11-14 18:17 - 2015-08-07 12:06 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA.job
2015-11-14 18:16 - 2015-01-19 01:54 - 00000000 ____D C:\Users\klowwds\Documents\My RoboForm Data
2015-11-14 18:09 - 2015-09-12 18:42 - 00876876 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 18:06 - 2015-09-17 08:30 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-14 18:06 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-14 18:04 - 2015-10-13 10:44 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-14 18:04 - 2015-07-10 04:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-14 18:03 - 2015-10-13 10:42 - 00010352 _____ C:\WINDOWS\PFRO.log
2015-11-14 18:02 - 2015-09-12 18:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-14 18:02 - 2015-07-10 01:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 18:00 - 2015-05-14 07:54 - 00026112 _____ C:\WINDOWS\system32\.crusader
2015-11-14 17:51 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-14 17:35 - 2015-09-17 08:30 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 16:17 - 2015-08-07 12:06 - 00000870 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core.job
2015-11-14 13:22 - 2015-08-17 11:59 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Local\CrashDumps
2015-11-14 13:14 - 2015-10-11 10:48 - 00000000 ___RD C:\Users\Administrator.klowds\OneDrive
2015-11-14 13:07 - 2015-02-18 06:59 - 00146225 _____ C:\Users\Administrator.klowds\Desktop\Console1.msc
2015-11-14 13:00 - 2015-03-06 12:51 - 00005809 _____ C:\ProgramData\hpzinstall.log
2015-11-14 12:59 - 2015-03-07 17:07 - 00000308 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2015-11-14 12:40 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-14 12:37 - 2015-05-18 01:23 - 00000000 ____D C:\ProgramData\Auslogics
2015-11-14 12:37 - 2015-05-18 01:23 - 00000000 ____D C:\Program Files (x86)\Auslogics
2015-11-14 12:31 - 2015-05-13 18:45 - 00000000 ____D C:\Program Files (x86)\FBP - Facebook Blaster Pro
2015-11-14 12:31 - 2015-01-19 01:26 - 00000000 ___HD C:\Program Files (x86)\installshield installation information
2015-11-14 12:30 - 2015-10-13 01:34 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2015-11-14 12:30 - 2015-02-01 11:14 - 00000000 ____D C:\Program Files (x86)\IObit
2015-11-14 12:27 - 2015-02-26 17:22 - 00000000 ____D C:\ProgramData\ASUS
2015-11-14 12:27 - 2015-02-26 17:22 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-11-14 12:23 - 2015-10-14 01:01 - 00000000 ____D C:\Users\Administrator.klowds\AppData\Roaming\uTorrent
2015-11-14 12:09 - 2015-10-13 11:13 - 00000412 __RSH C:\Users\Administrator.klowds\ntuser.pol
2015-11-14 12:09 - 2015-09-12 18:22 - 00000000 ____D C:\Users\Administrator.klowds
2015-11-14 11:48 - 2015-10-13 09:20 - 00004038 _____ C:\WINDOWS\setupact.log
2015-11-14 11:09 - 2015-03-23 03:08 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-14 10:54 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 10:44 - 2015-09-12 18:18 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-11-14 10:42 - 2015-05-14 01:17 - 00000000 ____D C:\ProgramData\AMD
2015-11-14 10:40 - 2015-07-10 02:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-14 10:36 - 2015-05-14 01:15 - 00000000 ____D C:\AMD
2015-11-14 10:34 - 2015-08-20 20:51 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-11-14 10:34 - 2015-08-20 20:51 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-11-14 10:34 - 2015-08-20 20:46 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-11-14 10:34 - 2015-08-20 20:46 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-11-14 10:34 - 2015-08-20 20:46 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-11-14 10:34 - 2015-08-20 20:46 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-11-14 10:34 - 2015-08-20 20:46 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-11-14 10:31 - 2015-01-27 18:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 10:29 - 2015-04-21 19:52 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-14 10:14 - 2015-01-27 18:39 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 05:38 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-14 05:31 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-11-14 05:30 - 2015-09-12 19:07 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageInspector.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgogl32.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgocl32.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgu1132.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00109056 _____ C:\WINDOWS\system32\RDVGHelper.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgumd32.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsign.exe
2015-11-14 05:30 - 2015-07-10 03:00 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessCsp.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32_DeviceGuard.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIWmi.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSErrRedir.dll
2015-11-14 05:30 - 2015-07-10 03:00 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsPnPRdrCoInstaller.dll
2015-11-14 05:30 - 2015-07-10 02:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2015-11-13 12:40 - 2015-10-13 20:52 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-13 12:26 - 2015-09-14 07:21 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{743D9F7C-B2E3-4FE0-9FB2-472689916C70}
2015-11-13 12:24 - 2015-09-14 06:43 - 00000000 ____D C:\Users\yeti
2015-11-03 10:20 - 2015-07-10 03:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 10:20 - 2015-07-10 03:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-09-12 22:43 - 2015-09-12 22:43 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2015-11-14 08:10 - 2015-11-14 08:10 - 0000187 _____ () C:\Users\vbn cnm\AppData\Local\Grooveing.exe.config
2015-11-14 08:17 - 2015-11-14 08:17 - 0002560 _____ () C:\Users\vbn cnm\AppData\Local\uninstall.exe
2015-01-19 21:03 - 2015-01-19 21:03 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2015-03-06 12:51 - 2015-11-14 13:00 - 0005809 _____ () C:\ProgramData\hpzinstall.log
Files to move or delete:
====================
C:\ProgramData\C__Program Files (x86)_WebcamMax_webcammax.exe
Some files in TEMP:
====================
C:\Users\Administrator.klowds\AppData\Local\Temp\dllnt_dump.dll
C:\Users\vbn cnm\AppData\Local\Temp\c5w.exe
C:\Users\vbn cnm\AppData\Local\Temp\compete.exe
C:\Users\vbn cnm\AppData\Local\Temp\dllnt_dump.dll
C:\Users\vbn cnm\AppData\Local\Temp\Install_BubbleDock.exe
C:\Users\vbn cnm\AppData\Local\Temp\JZIP.exe
C:\Users\vbn cnm\AppData\Local\Temp\Quarantine.exe
C:\Users\vbn cnm\AppData\Local\Temp\sqlite3.dll
C:\Users\vbn cnm\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-13 12:54
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by vbn cnm (2015-11-14 18:22:55)
Running from C:\Users\klowwds\Downloads
Windows 10 Enterprise (X64) (2015-09-13 03:05:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-877872159-248972997-1231205137-500 - Administrator - Enabled) => C:\Users\Administrator.klowds
DefaultAccount (S-1-5-21-877872159-248972997-1231205137-503 - Limited - Disabled)
Guest (S-1-5-21-877872159-248972997-1231205137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-877872159-248972997-1231205137-1017 - Limited - Enabled)
vbn cnm (S-1-5-21-877872159-248972997-1231205137-1020 - Administrator - Enabled) => C:\Users\vbn cnm
yeti (S-1-5-21-877872159-248972997-1231205137-1019 - Administrator - Enabled) => C:\Users\yeti
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
Acrylic Wi-Fi Home v3.0 (HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.0 - Tarlogic Security S.L.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{3F48F53E-BC0F-A72E-AC89-EA9C3F8F4701}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CCProxy 8.0 (HKLM\...\CCProxy_is1) (Version: - Youngzsoft, Inc.)
Cok Free Auto Typer 3.0 (HKLM-x32\...\Cok Free Auto Typer_is1) (Version: 3.0 - Cok Free Software)
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.2 - goldensoft.org)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.0.3.171 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LG One Click Root (HKLM-x32\...\{5085AFF1-777B-4052-85D1-59140D26DB28}) (Version: 1.3.0.0 - avicohh software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
LGFlashTool 1.8.6.527 (HKLM-x32\...\LGFlashTool) (Version: 1.8.6.527 - LGE)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MetaX for Windows (HKLM-x32\...\{37C00961-B793-45A8-9BEF-0E9A281107B0}) (Version: 2.25 - No Bull Software)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Deployment Toolkit 2013 (6.2.5019.0) (HKLM\...\{CFF8B5ED-0A4D-4EDD-9159-32FE1D31C9E3}) (Version: 6.2.5019.0 - Microsoft Corporation)
Microsoft Message Analyzer (HKLM\...\{89A87FF1-607C-4551-B363-DDFA2719067E}) (Version: 4.0.6396.0 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NetStream 1.0 (HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\NetStream 1.0) (Version: - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RoboForm 7-9-15-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-15-8 - Siber Systems)
Sandboxie 5.04 (64-bit) (HKLM\...\Sandboxie) (Version: 5.04 - Sandboxie Holdings, LLC)
Sawbuck (HKLM-x32\...\{459BFE07-FCF3-4274-AC8B-8E8DDA7214BA}) (Version: 0.6.8.0 - Google Inc)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Sidekick Outlook plugin (HKLM-x32\...\{827BE278-1FD2-4319-A5A4-C106E6976010}) (Version: 1.2.7.0 - HubSpot, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
The Ultimate Troubleshooter (HKLM-x32\...\The Ultimate Troubleshooter) (Version: - AnswersThatWork.com)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TreeSize Professional V6.0.2 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.0.2 - JAM Software)
Ultimate Bot Setup (HKLM-x32\...\{E3FBF14B-C777-4737-9C49-197FB2C50A30}) (Version: 1.0.0 - Shivinder Singh Narr)
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.1 - Unified Intents AB)
USBlyzer - USB Protocol Analyzer (HKLM\...\USBlyzer) (Version: 2.1 Build 40 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git-20150421-0403 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
webcamXP 5 Free (HKLM-x32\...\wLite) (Version: 5.9.2.0 - Moonware Studios)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.240 - Broadcom Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8688 - WinZip Computing, S.L. )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version: - Blizzard Entertainment)
XLS Reader (HKLM-x32\...\{30D6D257-BE4B-48F2-8D9E-E787A52A0738}_is1) (Version: 1.0 - )
X-Mouse Button Control 2.5 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.5 - Highresolution Enterprises)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-877872159-248972997-1231205137-1020_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\vbn cnm\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
==================== Restore Points =========================
14-11-2015 05:36:22 Windows Update
14-11-2015 17:59:36 Checkpoint by HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-08-19 13:58 - 00003326 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80
127.0.0.1 199.7.54.72
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 209-34-83-73.ood.opsource.net
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
There are 54 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {06DF6072-2E8F-42F8-ADB6-6095088A315A} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {091FEFA0-A541-4796-AA9B-A0657B046B13} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {0A308030-35DF-419E-BE3A-1B4CCFFDEB16} - System32\Tasks\Uninstaller_SkipUac_razbo => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {0EBD8514-9BBF-479E-91C2-D97D766442BC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1034FCE5-519B-4BE3-ADA1-9CDB6AB2CE41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {12B3781A-0162-4D55-A099-F8E9066C68B3} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-07-20] (IObit)
Task: {16DEE494-E45F-4C0D-911E-793C3442CAD4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1959FC9A-3901-4F39-8A8D-E5028F2E6B8C} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {1D02129F-381A-4929-8873-8C3C8571BAEB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1ECD09A1-F3E8-4B7C-9F94-13B16EBCE82B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-17] (Siber Systems)
Task: {21C72CD0-D613-4A28-AE7E-6A58B36617B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2338CFAD-FAFD-41CA-BCCF-FE804D553B03} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2A8F595C-8651-4F23-9D69-CC5A10695994} - System32\Tasks\Uninstaller_SkipUac_klowwds => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {2C490F56-0E38-49EA-ABE7-307DE51882B7} - System32\Tasks\Uninstaller_SkipUac_vbn_cnm => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {326FA863-FA81-4063-8BCA-F81F2B3213FF} - System32\Tasks\Uninstaller_SkipUac_rocky => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {35CA1ABB-432D-4799-9DA9-B9D80845A8E6} - System32\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {3D6552F4-5A74-4195-8D04-257B5B6094E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {3E136149-E11A-4DB1-9406-A265B5976214} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {41F5C87A-9376-4E27-B9BD-EC4BBCC415A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {4399D457-82E0-43DE-A1F5-5BBC4F214868} - \Smp -> No File <==== ATTENTION
Task: {47B69202-8924-4330-B393-7D9A70DD2ECD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {50DA1C86-1C3D-42E2-ACD6-9A7DD0F58EC5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {563314DE-6910-4E01-B312-092D772769DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {577103A6-7001-4DD6-BF1E-223277096311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {597C1045-E7D3-4E9E-94DE-C27B331488CC} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {5B382885-9A1D-4E95-B149-ED15D1DE40C5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5F140450-F012-423D-B9ED-DBDF0F61D00B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {60BBEAEB-3F0B-476F-9136-752EC9A1F5D9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {63438434-B084-41F1-BB45-8B5A91151BE6} - System32\Tasks\R@1n-KMS\Windows64Enterprise => wmic
Task: {673AA7B9-F4A2-4D81-87AD-0999CB860DAB} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe
Task: {6CAA0C8E-34FA-4783-ABDD-96F00FBDBADD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-14] (Microsoft Corporation)
Task: {6DC66784-0A5A-401A-9C56-FCBC8B981146} - System32\Tasks\Uninstaller_SkipUac_yeti => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {799ACEBF-3B67-4DB0-90D4-70FEEA16156E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {7DE7259C-D24A-4102-883E-834F2B80E5A8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7F84AD46-8CCA-4C20-848C-A504CADFFDCD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {80F94C99-B9B4-494E-8581-E9921BAD21FE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {85925B63-43E9-40EC-BED6-6ECC81822FA0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {86B4E4F8-DFB2-43D7-828C-54038C584727} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {880DE06C-D5FC-415A-B84A-3E27BAA2F587} - System32\Tasks\{B4D85ADB-CB40-440A-B71F-3D1CA95C59E1} => pcalua.exe -a C:\Users\klowwds\Downloads\wd97vwr32.exe -d C:\Users\klowwds\Downloads
Task: {8981B414-832D-49FA-BE4F-119A9CA52F21} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.facebook.com/login.php?api_key=148551585250127&skip_api_login=1&display=page&cancel_url=http%3A%2F%2Fapps.facebook.com%2Fteam-slots%2F%3Fcount%3D21%26fb_bmpos%3D6_21%26fb_source%3Dbookmark_apps%26ref%3Dbookmarks%26signed_request%3D-6I6MEtyvECjXaVIjDDVGMsdECaolydFWzqVZyZ9kpc.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM1NjY3MDc4MywidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjAsIm1heCI6MTJ9fX0%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D148551585250127%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fteam-slots%252F%253Fcount%253D21%2526fb_bmpos%253D6_21%2526fb_source%253Dbookmark_apps%2526ref%253Dbookmarks%2526signed_request%253D-6I6MEtyvECjXaVIjDDVGMsdECaolydFWzqVZyZ9kpc.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTM1NjY3MDc4MywidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjAsIm1heCI6MTJ9fX0%26display%3Dpage%26response_type%3Dcode%26perms%3Duser_likes%252Cpublish_actions%252Cuser_birthday%252Cemail%26canvas%3D1%26from_login%3D1%26client_id%3D148551585250127&rcount=1"
Task: {8D782F50-A0AF-4D2F-8B60-1FC7D6DD4617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8EFBA9FD-E328-4696-B27B-1E98C0463205} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {8F6B0989-2573-4C42-AE43-15F5AA3E0C27} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {968D5ED9-4B0A-4AB9-8FD7-81DA7D1B6AFA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {96A1C83F-432C-413A-BFEE-9C0961911FCF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {9F387982-D45D-404B-A4C8-B33BA6E9FB2E} - System32\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {A027B223-4690-44D5-BF51-1609853F7474} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A04D5D02-9047-4861-B700-3411DB32D38E} - \YTDownloader -> No File <==== ATTENTION
Task: {A55A9EF8-56C9-4E9E-A7FF-A7EF893ED067} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {AB74666B-1F15-4012-8697-4DA24BF2A5A4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AD5D7820-EBBD-47C1-842A-D684BE4251C0} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {AF4A56C9-3927-4458-AB47-9C3377F5F2FC} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B0D416CC-46D0-40F7-9897-864864888B26} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B125619B-4C3F-4435-BE3D-641E14B67291} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BC7048A4-1D3E-4C25-8EC7-ED6A2D197997} - \Optimize Start Menu Cache Files-S-1-5-21-877872159-248972997-1231205137-1001 -> No File <==== ATTENTION
Task: {C7F05019-6CC3-4CF0-8D00-60D24DC3280D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {C8B09982-6F80-4B37-9270-1EF5046783C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CF2CBD6D-F1D9-4589-81AF-F1BBB5FA5BCF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {D22400C9-E4F3-44EC-92F2-15366C140AE7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D4D708CF-E865-4F06-9151-BAD31B05B113} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D7E54AF3-BEDA-431A-9973-6C0AEEF877B1} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {DDE8831B-6FAE-4D87-848E-3744A8C4A6E1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E2F83881-CAF6-4D28-BB5D-C58A20DB80CB} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-08-31] (IObit)
Task: {E602A23A-1CA2-49F7-8B3D-5B7C62F5E48E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E9444B64-B843-40B8-831C-7B6AF3B233F6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EF0F1DCA-9128-4DBB-9744-AD433DB434B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-13] (Adobe Systems Incorporated)
Task: {F6C7F60C-4E48-411B-AB48-DA39D74DFB55} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8B89A59-AE4A-4D0B-8942-691C3582373F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-877872159-248972997-1231205137-1020.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-877872159-248972997-1231205137-1020.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015Core.job => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877872159-248972997-1231205137-1015UA.job => C:\Users\rocky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_klowwds.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_razbo.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_rocky.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_vbn_cnm.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_yeti.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\WebReg HP Photosmart C4700 Series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe
==================== Loaded Modules (Whitelisted) ==============
2015-07-10 03:00 - 2015-07-10 03:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-12 19:07 - 2015-09-12 19:07 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-11-14 16:33 - 2015-11-14 16:33 - 00026112 _____ () C:\Windows\[email protected]
2015-10-14 12:55 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-14 12:55 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-14 12:54 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-14 12:55 - 2015-09-16 21:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-14 12:54 - 2015-09-16 21:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-14 12:54 - 2015-09-16 21:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-14 12:55 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-02-26 17:22 - 2015-02-26 17:22 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-02-26 17:22 - 2015-11-14 18:06 - 00035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-02-26 17:22 - 2015-02-26 17:19 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\125616160355829c234829:Win32App
AlternateDataStreams: C:\2c9637146487f139621de20652:Win32App
AlternateDataStreams: C:\4405067e23b4d253a2cb73fb45:Win32App
AlternateDataStreams: C:\a88559a11a9e4d2d9e:Win32App
AlternateDataStreams: C:\bcf70074be4bc5194087d64ec9:Win32App
AlternateDataStreams: C:\CCProxy:Win32App
AlternateDataStreams: C:\f82e7d9f51018f799c:Win32App
AlternateDataStreams: C:\Program Files\AMD:Win32App
AlternateDataStreams: C:\Program Files\CCleaner:Win32App
AlternateDataStreams: C:\Program Files\Defraggler:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Deployment Toolkit:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Message Analyzer:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files\PowerISO:Win32App
AlternateDataStreams: C:\Program Files\Recuva:Win32App
AlternateDataStreams: C:\Program Files\TeamSpeak 3 Client:Win32App
AlternateDataStreams: C:\Program Files\WinRAR:Win32App
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App
AlternateDataStreams: C:\Program Files (x86)\FBP - Facebook Blaster Pro:Win32App
AlternateDataStreams: C:\Program Files (x86)\GSAutoClicker3:Win32App
AlternateDataStreams: C:\Program Files (x86)\MediaMonkey:Win32App
AlternateDataStreams: C:\Program Files (x86)\MetaX:Win32App
AlternateDataStreams: C:\Program Files (x86)\Microsoft Money Plus:Win32App
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App
AlternateDataStreams: C:\Program Files (x86)\Unified Remote 3:Win32App
AlternateDataStreams: C:\Program Files (x86)\USBlyzer:Win32App
AlternateDataStreams: C:\Program Files (x86)\VROOT:Win32App
AlternateDataStreams: C:\Program Files (x86)\WinZip:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft Public Test:Win32App
AlternateDataStreams: C:\Program Files (x86)\XLS Reader:Win32App
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App
AlternateDataStreams: C:\ProgramData\HP:Win32App
AlternateDataStreams: C:\ProgramData\HP Product Assistant:Win32App
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB
AlternateDataStreams: C:\ProgramData\TEMP:D2F2F703
AlternateDataStreams: C:\Users\klowwds\AppData\Roaming\sidekick:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\JDownloader 2.0:Win32App
AlternateDataStreams: C:\Users\klowwds\AppData\Local\Temp:Win32App
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-877872159-248972997-1231205137-1020\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: amdacpusrsvc => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AsusFanControlService => 2
MSCONFIG\Services: AVP15.0.1 => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: BitMeterCaptureService => 2
MSCONFIG\Services: BitMeterWebService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Crashhd => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: Media Center 20 Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetAutoconnectFocusSvc => 2
MSCONFIG\Services: netcfgsvr => 2
MSCONFIG\Services: NetClientSvc => 2
MSCONFIG\Services: NetLogSvc => 2
MSCONFIG\Services: NetTcpHandler => 2
MSCONFIG\Services: PhoneMyPC_Helper => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwiCardDetectSvc => 2
MSCONFIG\Services: w7Svc => 3
MSCONFIG\Services: XMouseButton Launcher => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Acrobat Assistant 8.0 =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 =>
MSCONFIG\startupreg: DeskBar =>
MSCONFIG\startupreg: DV =>
MSCONFIG\startupreg: EvtMgr6 =>
MSCONFIG\startupreg: Logitech Download Assistant => c:\windows\system32\rundll32.exe c:\windows\system32\logilda.dll,logifetch
MSCONFIG\startupreg: NowUSeeIt Player =>
MSCONFIG\startupreg: OneDrive => "c:\users\vbn cnm\appdata\local\microsoft\onedrive\onedrive.exe" /background
MSCONFIG\startupreg: Selection Tools =>
MSCONFIG\startupreg: SmartWeb =>
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: YTDownloader =>
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AT&T Global Network Client.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Remote PC Server.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "SpUninstallCleanUp"
HKLM\...\StartupApproved\Run32: => "YouCam Service6"
HKLM\...\StartupApproved\Run32: => "ASUS WiFi GO! FileTransfer Execute"
HKLM\...\StartupApproved\Run32: => "Syslog"
HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ATNSOFT Key Manager"
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "Note-up"
HKLM\...\StartupApproved\Run32: => "ospd_us_014010146"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\StartupFolder: => "systemmgr.lnk"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\StartupFolder: => "JZIP.lnk"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\Run: => "dins64"
HKU\S-1-5-21-877872159-248972997-1231205137-1020\...\StartupApproved\Run: => "Itibiti.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{3FED5E5B-D691-4255-B805-CBEDACAD6501}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{B9808081-3091-4920-BCEA-65BA2DE1B45E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B763D65B-D631-4431-B6B6-610F3A66F59F}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{67A6E572-30F8-4C59-BCF9-431A885B6957}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [UDP Query User{996B58C9-4749-4441-A292-CF6C055D8F37}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{268944E1-E1BE-4EF6-B2D9-D42B20968E3F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{472D2826-40C4-493D-BF09-FD3975BE1197}C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [TCP Query User{BF220EC8-4DD6-4CCB-AB67-F4AFC8E5FD08}C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe] => (Allow) C:\users\rocky\appdata\roaming\kodi\userdata\addon_data\plugin.video.pulsar\bin\windows_x86\pulsar.exe
FirewallRules: [UDP Query User{25978F3E-EFEA-4AFF-8E27-9C5A00991BBB}C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe
FirewallRules: [TCP Query User{B7C1D899-66F7-46F8-B149-9158A8EDB1F2}C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\tnameserv.exe
FirewallRules: [UDP Query User{0EEE68DF-5E33-45A1-8040-C233D72C74EA}C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe
FirewallRules: [TCP Query User{117D28EA-7765-4BF5-99C5-E6C81EA383CC}C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe] => (Allow) C:\program files\java\jdk1.8.0_60\jre\bin\rmiregistry.exe
FirewallRules: [UDP Query User{C37F4C39-3266-420B-845A-D19F14BE507C}C:\program files\java\jdk1.8.0_60\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\jmc.exe
FirewallRules: [TCP Query User{7D4D416D-531E-4B21-8321-B305677B3197}C:\program files\java\jdk1.8.0_60\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_60\bin\jmc.exe
FirewallRules: [UDP Query User{ED2E9047-6FD6-4425-BFBC-F89AF58FE613}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{9523EB59-93FF-4B7B-9C1C-80C7894024C4}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{468C25E1-9E89-48DB-BA78-4DF06B068098}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{21DB82BC-DC0B-428D-801D-CE0BB8691EED}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{D022C6FB-C6FD-4F31-9631-2B3189329DB5}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{36F7D1FC-0391-4337-8100-D65DBF98C97F}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{DC855D69-08F6-4824-9CA1-964AD871F8EF}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{B48768F3-E67B-4142-80A5-201AC2E73D5A}C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\rocky\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [UDP Query User{306CB431-3515-4985-A23B-F15FE801093E}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [TCP Query User{21FCCC7F-725F-49EF-AC6D-C62BF307BFC9}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [UDP Query User{504DA670-6E1F-4C3A-AF4D-5F5EA9DD1D06}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [TCP Query User{868BC391-8085-4C85-962D-66550E481C6B}C:\ccproxy\ccproxy.exe] => (Allow) C:\ccproxy\ccproxy.exe
FirewallRules: [{BE018028-326F-460C-909E-2DF895AD9827}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FDF6498B-DAD6-4D4C-83CC-901F504B2962}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{442165E1-2D86-4D2E-953C-96E01D205878}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{64DB7B99-B400-4949-AE85-21FBC1270EC1}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{43A58AAF-4DAE-4B44-8C3B-0C82757D98E0}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{2085166C-2B25-458D-BD29-202531E5C2F2}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe
FirewallRules: [{7ADE2A82-96EA-4A9C-B8B7-E2EB9571ADE0}] => (Allow) C:\Program Files (x86)\webcamXP5\webcamXP.exe
FirewallRules: [UDP Query User{D7C0C455-C75C-4342-AA20-1B290C29609B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7D983C49-EC47-41B5-996D-0617391D5D64}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F4F83C58-47EF-49C6-985A-F1CF1CCC2E3B}C:\program files (x86)\winpcap\rpcapd.exe] => (Allow) C:\program files (x86)\winpcap\rpcapd.exe
FirewallRules: [TCP Query User{73968A52-DF5B-4338-88A8-3139C5DFCD5C}C:\program files (x86)\winpcap\rpcapd.exe] => (Allow) C:\program files (x86)\winpcap\rpcapd.exe
FirewallRules: [UDP Query User{F8F10505-B1FA-4B80-AD70-3CD4F815CB78}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{ED2F51E4-E919-40C5-AED3-CBAF4218C5A1}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{99574532-E252-4B9E-B25A-010DC79F6C5B}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{61A7BF37-1909-460D-B3B6-C99E4877FB8A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{AC80B600-6FC6-4E9B-A2B0-D025BF7F935E}C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe] => (Allow) C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe
FirewallRules: [TCP Query User{8792AD97-8CF3-4075-99AC-916D43F1ECE6}C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe] => (Allow) C:\users\klowwds\appdata\roaming\kodi\userdata\addon_data\plugin.video.p2p-streams\acestream\ace_engine.exe
FirewallRules: [UDP Query User{68202FB6-B028-43F5-99C0-A2A0A744F62F}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [TCP Query User{66235323-7DB7-4CCA-9E34-D7B00EA46E99}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [UDP Query User{FCBE9970-B2D1-40BC-AD3F-FA1D988FE9C3}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [TCP Query User{EF5475A0-EB8E-412C-A8A0-6BEDE044C16F}C:\lg\lgflashtool\lgflashtool.exe] => (Allow) C:\lg\lgflashtool\lgflashtool.exe
FirewallRules: [UDP Query User{D887439E-12C8-4053-BF53-F30BC947FB00}C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Allow) C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [TCP Query User{F5D5B69F-93EF-4650-B6EC-2525A3E12598}C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe] => (Allow) C:\users\klowwds\downloads\pyload-v0.4.9-win\pyload\dist\pyloadcore.exe
FirewallRules: [UDP Query User{A9FE5579-680B-4D38-842A-402666EC6D3E}C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe] => (Allow) C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe
FirewallRules: [TCP Query User{3611143E-2CA2-4736-A277-4580F1E1FD24}C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe] => (Allow) C:\users\klowwds\downloads\tftpd64.450\tftpd64.exe
FirewallRules: [UDP Query User{6DE0A573-8F65-4880-ABBF-0C850A04B076}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{BADAA19D-6E84-4B78-AE23-E343CC9A4B82}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{9BCF3E4D-366B-4AA2-8B09-3C777B35F289}C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{130DBF77-0824-474A-8547-D80A8C1D83B0}C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\klowwds\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{04800F8D-DDA2-46B8-9A0B-0D891BD7670B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{099F0B49-3B6A-4B41-8930-0E5E01D0A179}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6FE9602-B8D8-4FCB-B73A-39227B2F3EEB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{6096CA53-50CF-4991-9FD3-FA1BFB432B8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{65663FE1-9ADE-4036-9FC3-A82748A18251}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{62F868F1-93D2-47CF-8884-833B59FA43FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7E74874B-5CE6-4C40-8925-6D50E7DBDB05}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{152E04C0-98A8-46F0-AF87-3DBF4301966D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{76A30184-2A1E-4CFA-AA09-BE6D6497F554}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{14401A15-5B0A-48AC-8F94-A82009034F31}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D3505EE4-8E12-4C11-8CC8-3C5B9713BF54}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [UDP Query User{BF6EB70C-9693-4FED-9F6E-559B373B60D3}C:\users\klowwds\downloads\sharetvps (3).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (3).exe
FirewallRules: [TCP Query User{32AC22F1-8649-47DB-8BEF-A3C14C53BBB2}C:\users\klowwds\downloads\sharetvps (3).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (3).exe
FirewallRules: [{01836689-E1E6-488F-A3CA-89B39F932167}] => (Allow) LPort=1900
FirewallRules: [{83A515A1-1419-44A3-9597-3FA296B6FFE8}] => (Allow) LPort=2869
FirewallRules: [{02EF18BD-10D1-4D8F-9226-073D8F912599}] => (Allow) LPort=1900
FirewallRules: [{5CB198C3-0DC4-4073-B9BE-541F421E83CB}] => (Allow) LPort=2869
FirewallRules: [{CD3E8D71-0FE3-4CD3-B257-8ADC09FAF4D8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4DD0CD89-C605-495D-BA0F-99EE9D23B7AE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{A9DFE94D-F421-4B6D-AB45-C7699555F2A4}C:\users\klowwds\downloads\sharetvps (4).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (4).exe
FirewallRules: [TCP Query User{2F80BEDD-4546-4951-AE26-32369F5EB6C1}C:\users\klowwds\downloads\sharetvps (4).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (4).exe
FirewallRules: [{5C45E4B4-7CDB-4B9D-B628-20EC4AB94730}] => (Allow) C:\Users\klowwds\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{C6710B53-733E-44CE-BEC5-BC2209501651}C:\users\klowwds\downloads\sharetvps (2).exe] => (Block) C:\users\klowwds\downloads\sharetvps (2).exe
FirewallRules: [TCP Query User{8EE739D5-9155-4CB8-A46C-3DB95B31EC03}C:\users\klowwds\downloads\sharetvps (2).exe] => (Block) C:\users\klowwds\downloads\sharetvps (2).exe
FirewallRules: [UDP Query User{14833474-732C-4132-BAB3-7BFEEC37EFC7}C:\users\klowwds\downloads\sharetvps (1).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (1).exe
FirewallRules: [TCP Query User{736EF2AB-E6FE-4870-92DD-52BA6C13D5F1}C:\users\klowwds\downloads\sharetvps (1).exe] => (Allow) C:\users\klowwds\downloads\sharetvps (1).exe
FirewallRules: [UDP Query User{A2763E57-1354-44D7-9E47-7066B63C0AE5}C:\users\klowwds\downloads\sharetvps.exe] => (Allow) C:\users\klowwds\downloads\sharetvps.exe
FirewallRules: [TCP Query User{53383562-B016-4883-A5D0-94AF27F3953F}C:\users\klowwds\downloads\sharetvps.exe] => (Allow) C:\users\klowwds\downloads\sharetvps.exe
FirewallRules: [TCP Query User{93EDF0E7-373E-43A2-8BEC-7483B4C2355A}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{97818ED7-BD8C-4C1F-8CBF-96EBBC0CA75C}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [{23917CEE-0541-482B-AD93-539009452C40}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{9FF9F6CF-109B-417F-A6D2-EE4D2F292510}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{CBF955AF-13CF-4733-8944-208D36635EC5}] => (Allow) C:\Users\yeti\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{B8E2023C-48FF-4F6A-B1F7-EE48CF91793C}] => (Allow) C:\Users\yeti\AppData\Roaming\ICQM\icq.exe
FirewallRules: [{7EFF5966-B2EC-40D4-95D5-6BBEA5EE68A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{71642782-4BCF-4973-81FC-AC7C5B06D568}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92E10104-65DF-4124-BC66-0F49280AE97F}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E482A45-26D0-4895-AFB6-6FAB66B3D2B1}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4622F4B-7B83-48DD-891B-97C01A78F02A}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2931DA62-3EB5-4E1D-98EB-94907FC0E368}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0D4AA9E2-BF69-4E01-87EC-F56205CCADA8}] => (Allow) C:\Users\Administrator.klowds\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C656212B-2C7A-4F90-830D-E86913187354}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EDE1F169-828B-4BF7-8F8F-23901A9C2130}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E39D832-BFEC-4ED9-8907-90AAE8B4EFF1}] => (Allow) C:\Windows\[email protected]
FirewallRules: [{19144F72-491C-4C8B-840C-75297B50AB7E}] => (Allow) C:\Windows\[email protected]
==================== Faulty Device Manager Devices =============
Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth Device (Personal Area Network) #3
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP Photosmart C4700
Description: HP Photosmart C4700
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000C1580FEE20.72). hr = 0x80070005, Access is denied.
.
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ec8,(null),0,REG_BINARY,00000023B577D620.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {1a122492-d2e3-4e6e-a1fd-f054dac0c9d1}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000754,(null),0,REG_BINARY,00000046C3DCDA30.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53e7af72-9b06-4e2c-b8b2-f0a9b9ce8867}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000364,SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer,0,REG_BINARY,000000A9E62ADB30.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {fe5eae66-3c04-45ab-bac2-31233f134adb}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000228,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000C1598AF0E0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {778d76b0-9f6e-4762-a0c7-456824254466}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000258,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000C15829E8E0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {7194101d-bf6b-462d-bb4d-cd35034c763d}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000210,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000C15846E980.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {613f5dcd-1ccb-4b67-b5af-d5a79eb70841}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000ec8,(null),0,REG_BINARY,00000023B577D620.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {1a122492-d2e3-4e6e-a1fd-f054dac0c9d1}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000754,(null),0,REG_BINARY,00000046C3DCDA30.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {53e7af72-9b06-4e2c-b8b2-f0a9b9ce8867}
Error: (11/14/2015 06:00:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000364,SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer,0,REG_BINARY,000000A9E62ADB30.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {fe5eae66-3c04-45ab-bac2-31233f134adb}
System errors:
=============
Error: (11/14/2015 06:10:17 PM) (Source: iScsiPrt) (EventID: 70) (User: )
Description: Error occurred when processing iSCSI logon request. The request was not retried. Error status is given in the dump data.
Error: (11/14/2015 06:10:17 PM) (Source: iScsiPrt) (EventID: 1) (User: )
Description: Initiator failed to connect to the target. Target IP address and TCP Port number are given in dump data.
Error: (11/14/2015 06:10:02 PM) (Source: iScsiPrt) (EventID: 70) (User: )
Description: Error occurred when processing iSCSI logon request. The request was not retried. Error status is given in the dump data.
Error: (11/14/2015 06:10:02 PM) (Source: iScsiPrt) (EventID: 1) (User: )
Description: Initiator failed to connect to the target. Target IP address and TCP Port number are given in dump data.
Error: (11/14/2015 06:05:24 PM) (Source: XMouseButton Launcher) (EventID: 6) (User: )
Description: Process token open Error: 6 (The handle is invalid. )
Error: (11/14/2015 06:05:22 PM) (Source: XMouseButton Launcher) (EventID: 6) (User: )
Description: Process token open Error: 6 (The handle is invalid. )
Error: (11/14/2015 06:04:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0
Error: (11/14/2015 06:04:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058
Error: (11/14/2015 06:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ACP Kernel Service Driver service failed to start due to the following error:
%%2
Error: (11/14/2015 05:51:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Mail and Calendar.
CodeIntegrity:
===================================
Date: 2015-10-13 10:07:28.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 10:07:28.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 10:07:28.821
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 10:07:28.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 03:32:08.955
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 03:32:08.901
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 03:29:50.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 03:29:50.021
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 03:29:50.004
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-10-13 03:29:49.938
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD FX™-4300 Quad-Core Processor
Percentage of memory in use: 9%
Total physical RAM: 16281.5 MB
Available physical RAM: 14699.36 MB
Total Virtual: 24281.5 MB
Available Virtual: 22715.96 MB
==================== Drives ================================
Drive c: (cool) (Fixed) (Total:1861.18 GB) (Free:1412.69 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:923.51 GB) (Free:807.12 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:8 GB) (Free:7.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: B6A4089D)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4A56FFBE)
Partition 1: (Not Active) - (Size=923.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =========================
====================start of AdwCleaner scan log ============================
# AdwCleaner v5.020 - Logfile created 14/11/2015 at 11:04:53
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Enterprise (x64)
# Username : vbn cnm - KLOWDS
# Running from : C:\Users\vbn cnm\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
Service Found : swsedrvr_vw_1_10_0_25
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\ospd_us_014010146
Folder Found : C:\Program Files (x86)\ospd_us_014010146
Folder Found : C:\Program Files (x86)\ospd_us_014010146
Folder Found : C:\Program Files (x86)\SpaceSondPro_v53.4161
Folder Found : C:\Program Files (x86)\SpaceSondPro_v84.4188
Folder Found : C:\ProgramData\LolliScan
Folder Found : C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
Folder Found : C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
Folder Found : C:\Users\vbn cnm\AppData\Local\Consumer Input
Folder Found : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
Folder Found : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
Folder Found : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
Folder Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
Folder Found : C:\Users\vbn cnm\AppData\Roaming\NUIns
Folder Found : C:\Users\vbn cnm\AppData\Roaming\Note-up
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
Folder Found : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
Folder Found : C:\WINDOWS\Quicky Translator
Folder Found : C:\WINDOWS\SysNative\Tasks\jZip
***** [ Files ] *****
File Found : C:\END
File Found : C:\task.vbs
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\vbn cnm\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\vbn cnm\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jZip.lnk
File Found : C:\Users\vbn cnm\Desktop\Note-Up.lnk
File Found : C:\Users\VBNCNM~1\AppData\Local\Temp\task.vbs
File Found : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\searchplugins\yahoo_ff.xml
File Found : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\user.js
File Found : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
***** [ DLL ] *****
***** [ Shortcuts ] *****
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051 )
***** [ Scheduled tasks ] *****
Task Found : ConsumerInputUpdateTaskMachineCore
Task Found : ConsumerInputUpdateTaskMachineUA
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : updateTask
Task Found : SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
Task Found : SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
Task Found : CGROIETCMHGNTSPX
Task Found : JROYBVMF1
Task Found : YHSBSCKMGECGSCCX
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
Key Found : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
Key Found : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
Key Found : HKLM\SOFTWARE\CLASSES\dream.capture.1
Key Found : HKLM\SOFTWARE\CLASSES\dream.capture
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_014010146]
Key Found : HKLM\SOFTWARE\364797b9-f90d-41fe-827f-3adec21b9417
Key Found : HKLM\SOFTWARE\430e7092-5fe7-4dc4-ad8e-7dafd4cb6e1b
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Nosibay
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\LolliScan
Key Found : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Key Found : HKLM\SOFTWARE\ONESOFTPERDAY
Key Found : HKLM\SOFTWARE\Crashhd
Key Found : HKLM\SOFTWARE\NetTcpHandler
Key Found : HKLM\SOFTWARE\NtSvcHandler
Key Found : HKLM\SOFTWARE\AmazingTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\LolliScan
Key Found : [x64] HKLM\SOFTWARE\im-dosearch
Key Found : [x64] HKLM\SOFTWARE\SAKURA
Key Found : [x64] HKLM\SOFTWARE\AmazingTab
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=sunadusv3&uid=WD-WCAVY3757570_WDCWD20EARS-00S8B1&tm=1444744051
***** [ Web browsers ] *****
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : easyrecovery-professional.en.softonic.com
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cjhofhakdnfjgeobcioadclaekfbhndl
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cmclajginlihohopoeofghddnhpplhom
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dkpejdfnpdkhifgbancbammdijojoffk
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fbcohnmimjicjdomonkcbcpbpnhggkip
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fngmhnnpilhplaeedifhccceomclgfbg
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gngocbkfmikdgphklgmmehbjjlfgdemm
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lijndokalmoineioiefnioooafnkgond
[C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mgdcgnnjenhecpdnhpnhpmgndjenmnnk
########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [12735 bytes] ##########
====================start of AdwCleaner fix log ============================
# AdwCleaner v5.020 - Logfile created 14/11/2015 at 11:09:27
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Enterprise (x64)
# Username : vbn cnm - KLOWDS
# Running from : C:\Users\vbn cnm\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : swsedrvr_vw_1_10_0_25
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\ospd_us_014010146
[!] Folder Not Deleted : C:\Program Files (x86)\ospd_us_014010146
[!] Folder Not Deleted : C:\Program Files (x86)\ospd_us_014010146
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v53.4161
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v84.4188
[-] Folder Deleted : C:\ProgramData\LolliScan
[-] Folder Deleted : C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
[-] Folder Deleted : C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Consumer Input
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
[!] Folder Not Deleted : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
[!] Folder Not Deleted : C:\Users\vbn cnm\AppData\Local\ospd_us_014010146
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Roaming\NUIns
[-] Folder Deleted : C:\Users\vbn cnm\AppData\Roaming\Note-up
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
[-] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdcgnnjenhecpdnhpnhpmgndjenmnnk
[+] Folder Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijndokalmoineioiefnioooafnkgond
[!] Folder Not Deleted : C:\Users\yeti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
[-] Folder Deleted : C:\WINDOWS\Quicky Translator
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\jZip
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\task.vbs
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\vbn cnm\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\vbn cnm\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\vbn cnm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jZip.lnk
[-] File Deleted : C:\Users\vbn cnm\Desktop\Note-Up.lnk
[-] File Deleted : C:\Users\VBNCNM~1\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Users\yeti\AppData\Roaming\Mozilla\Firefox\Profiles\ddf436i5.default\user.js
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swsedrvr_vw_1_10_0_25.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : ConsumerInputUpdateTaskMachineCore
[-] Task Deleted : ConsumerInputUpdateTaskMachineUA
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : updateTask
[-] Task Deleted : SMW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
[-] Task Deleted : SPBIW_UpdateTask_Time_333637323730393532382d2d55506c2a5a55576c412334
[-] Task Deleted : CGROIETCMHGNTSPX
[-] Task Deleted : JROYBVMF1
[-] Task Deleted : YHSBSCKMGECGSCCX
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
[-] Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\BrowserAir.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_014010146]
[-] Key Deleted : HKLM\SOFTWARE\364797b9-f90d-41fe-827f-3adec21b9417
[-] Key Deleted : HKLM\SOFTWARE\430e7092-5fe7-4dc4-ad8e-7dafd4cb6e1b
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKCU\Software\Compete
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\LolliScan
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\Crashhd
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\AmazingTab
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Note-up
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_014010146_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\LolliScan
[-] Key Deleted : [x64] HKLM\SOFTWARE\im-dosearch
[-] Key Deleted : [x64] HKLM\SOFTWARE\SAKURA
[-] Key Deleted : [x64] HKLM\SOFTWARE\AmazingTab
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
***** [ Web browsers ] *****
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : easyrecovery-professional.en.softonic.com
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cjhofhakdnfjgeobcioadclaekfbhndl
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cmclajginlihohopoeofghddnhpplhom
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dkpejdfnpdkhifgbancbammdijojoffk
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fbcohnmimjicjdomonkcbcpbpnhggkip
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fngmhnnpilhplaeedifhccceomclgfbg
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gngocbkfmikdgphklgmmehbjjlfgdemm
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lijndokalmoineioiefnioooafnkgond
[-] [C:\Users\vbn cnm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mgdcgnnjenhecpdnhpnhpmgndjenmnnk
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C15].txt - [13547 bytes] ##########
Edited by razmage11, 14 November 2015 - 11:08 PM.
![HP desktop - google.com is in Norwegian [Solved] - last post by wayneman50](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-328601.jpg?_r=1546827512)
Sign In
Create Account
