Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Computer is somehow infected by malware [Solved]


  • This topic is locked This topic is locked

#1
henrymills

henrymills

    Member

  • Member
  • PipPip
  • 47 posts

Hello.My computer is somehow infected by malware but I think its clean already,I just have one concern and need extra opinion.Here's the details:

I reinstalled Internet explorer 11 from Programs and Features in control panel and I also installed Chrome.I tried opening a website I usually open in Firefox that loads advertisement in both  IE 11 and chrome.Then I just found out my homepage was changed.So I run rkill.exe and scan my pc using Adwcleaner and TDSSkiller and JRT and all of them remove unnecessary adware.Then I run Superantispyware and Malwarebytes Antimalware and both found tracking cookies and the 2 homepage malware which redirect chrome and IE 11.I delete them and then run Avast antivirus on bootscan mode and it found virus on hiberfil.sys named MBR:Alureon-O[Rtk].I tried deleting it but it wont nor does move it to chest.So i turn off hibernation using elevated command prompt.Then I rescan using Avast on bootscan and it found no virus.Then I renable the hibernation and rescan again using Avast on bootscan mode and it found a virus on hiberfil.sys named Win32:Rimecud[Trj].This time the virus name for hiberfil.sys is different which makes me think its false positive.I rescan using Malwarebytes Antimalware and it doesnt find anymore malware.The browsers homepage return to normal also.I hope to hear any expert opinion if this is false positive or not.This is the FRST log as recommended.

 

=============================================================

FRST Log

=============================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-12-2015
Ran by JV (administrator) on CK12 (10-12-2015 21:45:21)
Running from C:\Users\JV\Desktop
Loaded Profiles: JV (Available Profiles: JV & Guest)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Chicony Electronics Co., Ltd.) C:\Program Files\ChiconyCam\CECPLFKT.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\HexChat\hexchat.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Microsoft Corporation) C:\Users\JV\Downloads\Windows-KB890830-V5.31.exe
(Microsoft Corporation) C:\2c1271da504185d8ffca0a6422\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-25] (Avast Software s.r.o.)
HKLM\...\Run: [NSU_agent] => C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [DownloadAccelerator] => "C:\Program Files\DAP\DAP.EXE" /STARTUP
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [634504 2015-06-24] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [] => [X]
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia)
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [Viber] => C:\Users\JV\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-12-02] (SUPERAntiSpyware)
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {00cd985d-f759-11e2-80af-0090f5b2a4a6} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {10e6f10b-7424-11e1-a247-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {10e6f11a-7424-11e1-a247-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {1ffbed76-b1e7-11e2-bc07-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {1ffc0235-b1e7-11e2-bc07-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {464226f4-ae93-11e2-a798-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {60434a31-ccbd-11e2-9fc8-0090f5a76241} - G:\Autorun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {60b7afb9-b277-11e2-a4da-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {7b9e0f0b-91ac-11e4-8761-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {89d0ae4a-c116-11e2-bf24-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {89d0ae52-c116-11e2-bf24-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {9d0a7d8b-1c81-11e3-98bc-0090f5b2a4a6} - E:\Autorun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {9d65efa6-b1eb-11e2-bc07-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {9d65f2ef-b1eb-11e2-bc07-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {b7c4efcf-ce4e-11e2-96db-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {e12d7514-c2f6-11e2-b7a9-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {e2de45f5-b1fc-11e2-bc07-0090f5a76241} - F:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {ec3f2e0f-ae99-11e2-a798-0090f5a76241} - F:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {ec3f4192-ae99-11e2-a798-0090f5a76241} - E:\AutoRun.exe
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {f964ff73-94b3-11e4-af50-0090f5b2a4a6} - E:\AutoRun.exe
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-25] (Avast Software s.r.o.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-04-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.1 192.168.254.1
Tcpip\..\Interfaces\{28EFEA0C-3E6B-41E8-B421-601655388E88}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{7EF0F4CC-F911-4151-AE99-50219EDC6958}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8212067E-CD09-4F98-828D-E0754EEFE98C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{854BA6D0-002D-48F3-9B17-6F9C1513CFB0}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{8606FECD-9B49-4F07-AB16-5DBB18B7F58C}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{C12ACE4E-8A69-4007-A822-BB23D8D20B47}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{C12ACE4E-8A69-4007-A822-BB23D8D20B47}: [DhcpNameServer] 192.168.254.1 192.168.254.1

Internet Explorer:
==================
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4288802170-422726538-3330711173-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-25] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation)
Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4288802170-422726538-3330711173-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4288802170-422726538-3330711173-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\JV\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\i585k2w0.default\searchplugins\google-avast.xml [2014-12-18]
FF SearchPlugin: C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\searchplugins\google-avast.xml [2014-12-18]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\extensions\[email protected] [2015-12-08]
FF Extension: anonymoX - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\i585k2w0.default\Extensions\[email protected] [2014-12-04] [not signed]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\i585k2w0.default\Extensions\[email protected] [2014-12-04] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\[email protected] [2013-06-26] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\[email protected] [2013-07-01] [not signed]
FF Extension: HTTPS-Everywhere - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\[email protected] [2013-07-01] [not signed]
FF Extension: Adblock Plus - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-26] [not signed]
FF Extension: BetterPrivacy - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-26] [not signed]
FF Extension: anonymoX - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\sr7klcl4.Default User\Extensions\[email protected] [2014-12-20] [not signed]
FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\sr7klcl4.Default User\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-22] [not signed]
FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\1isjgkdr.Jb\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-06] [not signed]
FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\kdehjshi.Anon\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-23] [not signed]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\[email protected] [2015-02-13] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-02-13] [not signed]
FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-01] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-13] [not signed]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\t3pdit8x.QueLocura\Extensions\[email protected] [2015-03-09] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\t3pdit8x.QueLocura\Extensions\[email protected] [2015-03-12] [not signed]
FF Extension: Stealthy - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\t3pdit8x.QueLocura\Extensions\[email protected] [2015-02-23] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\[email protected] [2015-07-16] [not signed]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\[email protected] [2015-10-02] [not signed]
FF Extension: FoxyProxy Standard - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\[email protected] [2015-09-23]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\[email protected] [2015-10-18] [not signed]
FF Extension: Video DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31]
FF Extension: Adblock Plus - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\r0awm7rs.Default User\Extensions\[email protected] [2015-12-01]
FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\r0awm7rs.Default User\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-01] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DAP\daplinkchecker => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-25] [not signed]
FF HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox => not found

Chrome:
=======
CHR Profile: C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-03]
CHR Extension: (Google Docs) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-03]
CHR Extension: (Google Drive) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03]
CHR Extension: (Google Search) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Google Sheets) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-03]
CHR Extension: (Google Docs Offline) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03]
CHR Extension: (Avast Online Security) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-03]
CHR Extension: (Video DownloadHelper) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2015-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03]
CHR Extension: (Gmail) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-13]
 

 

=============================================================

Addition.txt

=============================================================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-12-2015
Ran by JV (2015-12-10 21:38:09)
Running from C:\Users\JV\Desktop
Microsoft Windows 7 Starter  Service Pack 1 (X86) (2012-03-20 15:50:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4288802170-422726538-3330711173-500 - Administrator - Disabled)
Guest (S-1-5-21-4288802170-422726538-3330711173-501 - Limited - Enabled) => C:\Users\Guest
JV (S-1-5-21-4288802170-422726538-3330711173-1000 - Administrator - Enabled) => C:\Users\JV

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Any Video Converter Ultimate 4.6.1 (HKLM\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Assessment and Deployment Kit (HKLM\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
BisonCam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.2728.07.1 - BisonCam)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
calibre (HKLM\...\{98B88424-054D-4866-8EC1-513616801BAE}) (Version: 1.1.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cheat Engine 6.3 (HKLM\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
ChiconyCam (HKLM\...\{A2201542-DA80-457F-8BD9-6C9C90196481}) (Version: 1.0.28.111 - Chicony Electronics Co.,Ltd.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1705 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Deluge 1.3.6 (HKLM\...\Deluge) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10060 (Build 2599) - Speedbit Ltd.)
Dream Chronicles The Chosen Child  Powerd by Lay-by.org (HKLM\...\Dream Chronicles The Chosen Child  Powerd by Lay-by.org) (Version:  - )
DVD X Player Professional V3.0 (HKLM\...\DVD X Player Professional 3.0_is1) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Flasher version 3.12.1 (HKLM\...\NokiaFlasher_is1) (Version: 3.12.1 - Nokia)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
Fraps (HKLM\...\Fraps) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version:  - )
Globe Tattoo Broadband (HKLM\...\Globe Tattoo Broadband) (Version: 23.009.09.01.158 - Huawei Technologies Co.,Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GTK2-Runtime (HKLM\...\GTK2-Runtime) (Version: 2.16.6-2010-05-12-ash - Alexander Shaduri)
HandBrake 0.10.2 (HKLM\...\HandBrake) (Version: 0.10.2 - )
HeRO Mini version 1.1 (HKLM\...\{3942218E-B7AA-4D8E-BC3B-0573FF8A36BD}_is1) (Version: 1.1 - HeRO Server.net)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
inSSIDer 3 (HKLM\...\{CDF246AE-C6E3-438F-AA76-21700DCC15F6}) (Version: 3.0.6.42 - MetaGeek, LLC)
Intel Driver Update Utility (HKLM\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron Ethernet Adapter NDIS Driver (HKLM\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.14.11 - JMicron Technology Corp.)
Kits Configuration Installer (Version: 8.59.25584 - Microsoft) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
LinuxLive USB Creator (HKLM\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version:  - )
Magic ISO Maker v5.4 (build 0256) (HKLM\...\Magic ISO Maker v5.4 (build 0256)) (Version:  - )
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
Metric Collection SDK (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student with Encarta Premium 2007 (HKLM\...\{07041881-E9B4-4DF6-A845-CAAFD093E477}) (Version: 2007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 6.35 - mIRC Co. Ltd.)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.22.00.158 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}) (Version: 7.02.5608 - Nero AG)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Software Updater (HKLM\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia Corporation)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden
Opera Stable 34.0.2036.25 (HKLM\...\Opera 34.0.2036.25) (Version: 34.0.2036.25 - Opera Software)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{3ACD85F2-BD6D-44FE-8CAE-5C1C3757ED7E}) (Version: 4.3.20 - Oracle Corporation)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version:  - )
Photomatix Pro version 4.2.7 (HKLM\...\PhotomatixPro42x32_is1) (Version: 4.2.7 - HDRsoft Ltd)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Python 2.6 python-libtorrent-0.15.0 (HKLM\...\{80288C53-0091-47AE-8361-69E0170A72EE}) (Version: 0.15.0 - Arvid Norberg)
Python python-libtorrent-0.16.10 (HKLM\...\{2107E270-83E8-4E3E-A1C8-B78B308F663E}) (Version: 0.16.10 - Arvid Norberg)
REACHit (HKLM\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.000.12 - Lenovo)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Return To Krondor (HKLM\...\Return To Krondor_is1) (Version:  - GOG.com)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.20 (32-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
SMART BRO (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Subtitle Edit 3.4.6 (HKLM\...\SubtitleEdit_is1) (Version: 3.4.6.544 - Nikse)
Sun Broadband Hotspot (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
Tattoo (HKLM\...\Tattoo) (Version: 1.09.00.158 - Huawei Technologies Co.,Ltd)
Toolkit Documentation (Version: 8.59.25584 - Microsoft) Hidden
Total Video Converter 3.71 100812 (HKLM\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Viber (HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\{7de2db6a-6f4b-4b45-82b9-57d5d7f1c952}) (Version: 5.4.0.1664 - Viber Media Inc.)
Viber (Version: 5.4.0.1664 - Viber Media Inc.) Hidden
Video Mover (HKLM\...\Video Mover_is1) (Version:  - )
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows PE x86 x64 (HKLM\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4288802170-422726538-3330711173-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\JV\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4288802170-422726538-3330711173-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\JV\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4288802170-422726538-3330711173-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\JV\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4288802170-422726538-3330711173-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\JV\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0096714F-B602-4AD7-866E-5457F88D4CA6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-03] (AVAST Software)
Task: {1672768E-1743-4BA5-8B87-512BCBB1B07A} - System32\Tasks\{78EA0D6E-12C0-4911-9420-FB8E517A7C89} => pcalua.exe -a D:\AutoRun\AutoRun.exe -d D:\
Task: {17992D0E-1DF1-4B53-8A22-34E3CDBF3D81} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files\Lenovo\REACHit\webAgent.exe [2015-11-11] (Lenovo)
Task: {2447BC18-2FB0-42B2-93F4-09B0F741DCE8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {27F9D2F5-2911-410E-8E79-CE6FFC2B680D} - System32\Tasks\{699142F1-5243-4597-860D-708E97526D1E} => pcalua.exe -a "C:\Program Files\OPPLUS-EN.EXE" -d "C:\Program Files"
Task: {331C804C-5DBB-4873-92D9-D2E3C08EC34A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {34CEA2E9-2383-4DD4-B7C3-7F6F605CB6F4} - System32\Tasks\{B68CBDB6-A3B1-4451-A16E-53A4EF4A81BD} => pcalua.exe -a D:\OPPLUS-EN.EXE -d D:\
Task: {3DA333AB-2F7F-485E-BEF9-76AEB2BC132E} - System32\Tasks\avastBCLRestartS-1-5-21-4288802170-422726538-3330711173-1000 => Firefox.exe
Task: {4051B077-028F-4655-B899-127C8229EE71} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4288802170-422726538-3330711173-1000UA => C:\Users\JV\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-16] (Facebook Inc.)
Task: {4369C65D-F332-4D2F-B1C7-D801184A0944} - System32\Tasks\Opera scheduled Autoupdate 1449128365 => C:\Program Files\Opera\launcher.exe [2015-12-04] (Opera Software)
Task: {4C382A07-3DAE-4E53-8D04-FF30CF304E96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {6D61D7F4-E44D-494D-A327-F10E5EC656D7} - System32\Tasks\{64FC0251-32FB-4DA2-A1C7-DB6FF64A4E11} => pcalua.exe -a C:\VC6\vcredist.exe -d C:\VC6
Task: {70CF628C-823C-450F-B297-BA56EB943734} - System32\Tasks\{8E2CEFE5-46B0-4F06-8C7F-7F6CFB3FB2AA} => pcalua.exe -a C:\Users\JV\AppData\Local\Temp\7zSDFD3.tmp\MicroInstallerNative.exe -d C:\Users\JV\AppData\Local\Temp\7zSDFD3.tmp
Task: {826612A8-F6B6-47EF-AD54-16267E0E5890} - System32\Tasks\{5112848E-7B32-4B3C-887A-8E02E26670CA} => C:\Program Files\GOGcom\Return To Krondor\RtK.exe
Task: {8BDA7A56-F49B-432A-93F0-93D1817157CB} - System32\Tasks\{2FCAB470-B028-4B49-920A-9FCD5A29DB0E} => pcalua.exe -a "C:\Program Files\LiveUSB Creator\liveusb-creator.exe" -d "C:\Program Files\LiveUSB Creator"
Task: {9409D851-87BD-47A4-92C3-AEDE2D321651} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files\Lenovo\REACHit\webAgent.exe [2015-11-11] (Lenovo)
Task: {A6E77EF8-173D-49C8-AC5C-7D8918E4D464} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-25] (Avast Software s.r.o.)
Task: {B1CBA65F-A114-4476-956C-CF32DF2F88C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-03] (Google Inc.)
Task: {B6C00253-9870-41B5-95C0-EC7E69E39C4F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4288802170-422726538-3330711173-1000Core => C:\Users\JV\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-16] (Facebook Inc.)
Task: {BB129500-C3C5-4858-9BBD-912B0D4272AA} - System32\Tasks\{456F7CAA-B186-4CB8-BD00-53B4276683B2} => pcalua.exe -a E:\OPPLUS-EN.EXE -d E:\
Task: {CE7E42AF-99F0-4B05-B438-0B8BDACFD611} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-03] (Google Inc.)
Task: {D2B68DB8-13E8-418C-9AE3-D82B6FBEF962} - System32\Tasks\{F6254570-9A46-49BB-B9CC-D0C432639E28} => pcalua.exe -a C:\Users\Keith\Downloads\pecsetup.exe -d C:\Users\Keith\Downloads
Task: {FA4FAB6E-73EC-4925-B0D2-FA37CDE9C5CE} - System32\Tasks\{263E2554-5CE8-4457-9F68-4BD17F9A5154} => pcalua.exe -a C:\Users\JV\Downloads\pecsetup.exe -d C:\Users\JV\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4288802170-422726538-3330711173-1000Core.job => C:\Users\JV\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4288802170-422726538-3330711173-1000UA.job => C:\Users\JV\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Sun Broadband.lnk -> C:\Program Files\Hotspot\Sun Broadband\LaunchWebUI.exe () -> hxxp://ufi.home <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-06-25 02:18 - 2015-06-25 02:18 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-25 02:17 - 2015-06-25 02:17 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-09 15:45 - 2015-12-09 15:45 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15120804\algo.dll
2015-12-10 21:29 - 2015-12-10 21:29 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121000\algo.dll
2013-05-12 09:34 - 2010-07-29 18:19 - 00234496 _____ () C:\Program Files\Total Video Converter\TVCShellExt.dll
2013-05-10 18:22 - 2011-04-19 16:29 - 00132608 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2015-03-13 02:11 - 2015-03-13 02:11 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 19:33 - 2014-11-25 19:09 - 00596480 _____ () C:\Program Files\HexChat\hexchat.exe
2014-12-12 19:33 - 2014-11-22 19:44 - 00021504 _____ () C:\Program Files\HexChat\iconv.dll
2014-12-12 19:33 - 2014-11-22 19:46 - 01164288 _____ () C:\Program Files\HexChat\cairo.dll
2014-12-12 19:33 - 2014-11-22 19:44 - 00562688 _____ () C:\Program Files\HexChat\fontconfig.dll
2014-12-12 19:33 - 2014-11-22 19:44 - 01103360 _____ () C:\Program Files\HexChat\libxml2.dll
2014-12-12 19:33 - 2014-11-22 19:44 - 00590336 _____ () C:\Program Files\HexChat\pixman-1.dll
2014-12-12 19:33 - 2014-11-22 19:44 - 00167936 _____ () C:\Program Files\HexChat\libpng16.dll
2014-12-12 19:33 - 2014-11-22 19:44 - 00068096 _____ () C:\Program Files\HexChat\zlib1.dll
2014-12-12 19:33 - 2014-11-22 19:46 - 00638976 _____ () C:\Program Files\HexChat\harfbuzz.dll
2014-12-12 19:33 - 2014-11-22 19:47 - 00045568 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2014-12-12 19:33 - 2014-11-22 19:46 - 00250368 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2014-12-12 19:33 - 2014-11-25 19:09 - 00010752 _____ () C:\Program Files\HexChat\plugins\hcupd.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:BF3D62E7
AlternateDataStreams: C:\Users\Guest\Documents\Shakespeare in Love.avi:TOC.WMV

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35683292.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62276656.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35683292.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62276656.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JV\Pictures\slide_329660_3226554_free_tonemapped.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: Belkin Local Backup Service => 2
MSCONFIG\Services: Belkin Network USB Helper => 2
MSCONFIG\Services: BrowserProtect => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: Globe Tattoo Broadband. RunOuc => 2
MSCONFIG\Services: HWDeviceService.exe => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: Mobile Broadband HL Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: UI Assistant Service => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDSmartWareBackgroundService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^JV^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: CheckNDISPort_df => C:\Program Files\Hotspot\Sun Broadband\CheckNDISPort_df.exe
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAP10 => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
MSCONFIG\startupreg: Facebook Update => "C:\Users\JV\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HDAudDeck => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Mobile Partner => C:\Program Files\Tattoo\Tattoo
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: tuto4pc_ph_3 => "C:\Program Files\tuto4pc_ph_3\tuto4pc_ph_3.exe"
MSCONFIG\startupreg: UIExec => "C:\Program Files\SMART BRO\UIExec.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A2C36785-4F54-430B-BDDF-CBF63566DA3C}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CAF92A68-02DA-4E00-809F-A2662276ADDF}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{31BA0E7A-5B8D-4289-8137-A3EDFEBC6B40}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{29C380EB-17DD-4034-A5B4-325731006514}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{011F72B6-0945-4973-9425-2EFEA39C43B2}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{BC866431-7F66-4FDF-A97F-271C79854F7F}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{C6CB9D5E-04B8-4F99-8D56-88B0542AEFF2}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E99D52E9-D138-4BFD-867F-552449C96D65}] => (Allow) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
FirewallRules: [{5FE2EA27-171E-4359-8370-18C6B717702F}] => (Allow) LPort=19540
FirewallRules: [TCP Query User{7F7AEBE5-C2D1-46E7-83E7-36113D00F5F9}C:\program files\droidpad\droidpad.exe] => (Allow) C:\program files\droidpad\droidpad.exe
FirewallRules: [UDP Query User{F06F025B-CF6B-42BF-A320-23315C1CA38B}C:\program files\droidpad\droidpad.exe] => (Allow) C:\program files\droidpad\droidpad.exe
FirewallRules: [{4F031E1A-BD1B-4535-A6D0-71D370E1D2D5}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B5DC6213-91F2-4A08-8B78-B964A7AE76E2}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD9.EXE
FirewallRules: [TCP Query User{9076DD80-6C0B-4D01-8C70-3B6072051136}C:\program files\deluge\deluge.exe] => (Allow) C:\program files\deluge\deluge.exe
FirewallRules: [UDP Query User{8D950510-1053-4C9C-AA2B-D9F7E9C17CF1}C:\program files\deluge\deluge.exe] => (Allow) C:\program files\deluge\deluge.exe
FirewallRules: [{87599544-6C53-463B-BB6F-1B5EE54E3E54}] => (Block) C:\program files\deluge\deluge.exe
FirewallRules: [{E062327D-6D42-4894-A80A-E4A4C4A2B4F8}] => (Block) C:\program files\deluge\deluge.exe
FirewallRules: [TCP Query User{659502A6-3819-437D-917F-289F5111BCF6}C:\program files\deluge\deluged.exe] => (Block) C:\program files\deluge\deluged.exe
FirewallRules: [UDP Query User{21F2547D-3EB4-4736-BA19-22F323B079D8}C:\program files\deluge\deluged.exe] => (Block) C:\program files\deluge\deluged.exe
FirewallRules: [TCP Query User{3219103D-15D3-4CF7-862D-8E8C1CB8F0E7}C:\program files\kainy\kainy.exe] => (Allow) C:\program files\kainy\kainy.exe
FirewallRules: [UDP Query User{103CF424-48DC-4461-BF28-A8DF797F4B92}C:\program files\kainy\kainy.exe] => (Allow) C:\program files\kainy\kainy.exe
FirewallRules: [TCP Query User{658D15EB-D259-43CA-A113-A4DC3F6F0BA7}C:\program files\deluge\deluged.exe] => (Allow) C:\program files\deluge\deluged.exe
FirewallRules: [UDP Query User{77A26D6E-914D-4493-B4A8-2B8C162B07F4}C:\program files\deluge\deluged.exe] => (Allow) C:\program files\deluge\deluged.exe
FirewallRules: [{76B0A695-A0BD-49CE-8713-5AAD542D75EC}] => (Allow) C:\Users\JV\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{C22E62F9-1F4A-4847-AC0C-4BA26A11E097}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{4FDE137F-5F6F-4107-84BD-0825C3F71041}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{0EECF8F6-51CB-4863-A807-73D01463A443}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{635CD570-3F5E-4CBF-A2A5-A6746ED0AB03}C:\program files\hexchat\hexchat.exe] => (Block) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{0FEDDF23-A695-4563-ACD8-114DF8F86F66}C:\program files\hexchat\hexchat.exe] => (Block) C:\program files\hexchat\hexchat.exe
FirewallRules: [{A4234EA0-BB55-4983-B347-A22790F3EE33}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{75DBDAAF-9611-436D-8074-91155187986C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{83AF9D3A-B877-4CFF-A5A7-31FCE4DDC555}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4AED7E9B-3511-4A4C-855C-B6868C6DD47A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0EB6006D-B60B-412D-8607-327799F911F7}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5514A9C7-E3E9-47C1-A175-CC96B85D74D3}] => (Allow) LPort=2869
FirewallRules: [{AEA5AB46-EE43-4870-BED3-7D4522C4AA03}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{A9F1B304-DBD5-4376-BB90-011D6A99D138}C:\program files\dap\dap.exe] => (Allow) C:\program files\dap\dap.exe
FirewallRules: [UDP Query User{D3506515-E732-4538-98C6-C57ED825241D}C:\program files\dap\dap.exe] => (Allow) C:\program files\dap\dap.exe
FirewallRules: [TCP Query User{EC637348-1613-44A8-B018-76D3EE95A64A}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{37831E6E-6C17-4BF8-9137-16554ED1A1EE}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{D131907C-4736-4DE3-988D-104E1D2BFEFD}] => (Allow) C:\Program Files\nokia\nokia suite\nokiasuite.exe
FirewallRules: [{DC609E6C-D67E-4BAF-AEBE-94AF361548C7}] => (Allow) C:\Program Files\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{5F50D24D-A95A-4F57-956E-EE7984F8453B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{BA224110-0759-462F-AF11-6CE72E45DAE5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5C31B598-2EB4-465B-9884-B9ADBF6EEB6F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: DroidPad Joystick
Description: DroidPad Joystick
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Digitalsquid
Service: droidpad
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: TSSTcorp CDDVDW TS-L633C ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2015 12:32:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (12/10/2015 06:24:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="AMD64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/10/2015 05:13:41 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/10/2015 05:12:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 10:41:31 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/09/2015 10:36:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 07:42:06 PM) (Source: Google Update) (EventID: 20) (User: CK12)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (12/09/2015 03:08:38 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/09/2015 03:06:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2015 01:42:05 PM) (Source: Google Update) (EventID: 20) (User: CK12)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


System errors:
=============
Error: (12/10/2015 03:34:31 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (12/10/2015 05:20:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (12/10/2015 05:13:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/09/2015 10:42:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (12/09/2015 10:41:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/09/2015 10:36:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The BlueStacks Android Service service hung on starting.

Error: (12/09/2015 10:34:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:48:17 PM on ‎12/‎9/‎2015 was unexpected.

Error: (12/09/2015 03:14:16 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (12/09/2015 03:08:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (12/09/2015 03:06:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The BlueStacks Android Service service hung on starting.


CodeIntegrity:
===================================
  Date: 2015-11-20 23:58:33.544
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_6.2.8250.0_none_52d3f248b304423d\CredentialUIBroker.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:33.509
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_6.2.8250.0_none_52d3f248b304423d\CredentialUIBroker.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:33.474
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_6.2.8250.0_none_52d3f248b304423d\CredentialUIBroker.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:33.429
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-a..cation-creduibroker_31bf3856ad364e35_6.2.8250.0_none_52d3f248b304423d\CredentialUIBroker.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:24.623
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.8250.0_none_36ffad4a914b0e0b\TM.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:24.560
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.8250.0_none_36ffad4a914b0e0b\TM.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:24.482
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.8250.0_none_36ffad4a914b0e0b\TM.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:24.404
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_6.2.8250.0_none_36ffad4a914b0e0b\TM.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:21.284
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-appid_31bf3856ad364e35_6.2.8250.0_none_df64e2b657f308cb\appidapi.dll because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2015-11-20 23:58:21.269
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume21\Windows\WinSxS\x86_microsoft-windows-appid_31bf3856ad364e35_6.2.8250.0_none_df64e2b657f308cb\appidapi.dll because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 68%
Total physical RAM: 1908.54 MB
Available physical RAM: 601.61 MB
Total Virtual: 3639.24 MB
Available Virtual: 2007.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:341.7 GB) (Free:2.17 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:29.3 GB) (Free:0.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 36AC6F0D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=341.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=124 GB) - (Type=05)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry we missed you, could I have some fresh logs please

I think I would agree that Hiberfile is a false positive

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
henrymills

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-12-14 22:05:45
-----------------------------
22:05:45.701    OS Version: Windows 6.1.7601 Service Pack 1
22:05:45.701    Number of processors: 4 586 0x2502
22:05:45.701    ComputerName: CK12  UserName: JV
22:05:47.027    Initialize success
22:05:47.090    VM: initialized successfully
22:05:47.105    VM: Intel CPU supported
22:05:49.779    VM: supported disk I/O ataport.SYS
22:05:51.698    AVAST engine defs: 15121302
22:06:14.864    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:06:14.880    Disk 0 Vendor: TOSHIBA_MK5065GSX GJ003A Size: 476940MB BusType: 11
22:06:15.082    VM: Disk 0 MBR read successfully
22:06:15.098    Disk 0 MBR scan
22:06:15.098    Disk 0 unknown MBR code
22:06:15.644    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
22:06:15.738    Disk 0 default boot code
22:06:15.847    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       349900 MB offset 206848
22:06:15.862    Disk 0 Partition - 00     05       Extended            126937 MB offset 716804094
22:06:15.894    Disk 0 Partition 3 00     83          Linux             29999 MB offset 716804096
22:06:16.408    Disk 0 Partition - 00     05       Extended             30000 MB offset 778243550
22:06:16.486    Disk 0 scanning sectors +976771072
22:06:16.814    Disk 0 scanning C:\Windows\system32\drivers
22:06:33.256    Service scanning
22:07:36.648    Modules scanning
22:07:36.649    Disk 0 trace - called modules:
22:07:37.097    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
22:07:37.098    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86849868]
22:07:37.098    3 CLASSPNP.SYS[8978a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866d7908]
22:07:38.680    AVAST engine scan C:\Windows
22:07:42.292    AVAST engine scan C:\Windows\system32
22:10:54.122    AVAST engine scan C:\Windows\system32\drivers
22:11:14.496    AVAST engine scan C:\Users\JV
22:14:43.256    File: C:\Users\JV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3WTXOK3\FRST[1].exe  **INFECTED** Win32:Evo-gen [Susp]
22:43:18.916    File: C:\Users\JV\AppData\Local\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\cache2\entries\B8824AF5A4632BCD3D5409E3D7100B52EC050ED0  **INFECTED** Win32:Evo-gen [Susp]
23:35:09.873    File: C:\Users\JV\Desktop\FRST-OlderVersion\FRST.exe  **INFECTED** Win32:Evo-gen [Susp]
23:35:10.554    File: C:\Users\JV\Desktop\FRST.exe  **INFECTED** Win32:Evo-gen [Susp]
23:51:32.733    AVAST engine scan C:\ProgramData
23:58:51.327    Disk 0 statistics 4668202/0/22808 @ 0.38 MB/s
23:58:51.337    Scan finished successfully
03:17:18.105    Disk 0 MBR has been saved successfully to "C:\Users\JV\Desktop\MBR.dat"
03:17:18.114    The log file has been saved successfully to "C:\Users\JV\Desktop\aswMBR.txt"

I just wanna add that FRST.exe was detected Win32:Evo-gen when I download it that i needed to disable Avast first.And as you can see it detect copies of it in Firefox cache and Internet Explorer Cache as Win32:Evo-gen also.

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Avast tends to do that every third or fourth update, I will forward as a false positive

Hiberfile is a false positive

What problems do you have at the moment ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieSiteList
2015-12-04 01:30 - 2015-12-04 01:30 - 00000000 ____D C:\Users\JV\AppData\Local\{81E4B7B8-A54C-DB00-C8D4-FEE8ECBC0270}
2013-05-06 14:43 - 2013-05-06 14:43 - 0000037 ___SH () C:\Users\JV\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\JV\HexChat 2.10.2 x86.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
henrymills

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Nothing much.Like I said IE and Chrome's homepage is being redirected before and there's a downloader but after scanning with Malwarebytes Antimalware and Antirootkit
,Avast,Superantispyware,TDSSkiller,Adwcleaner and others it all returns to normal.
I have a question before i do what you ask.I saw this line "2013-05-06 14:43 - 2013-05-06 14:43 - 0000037 ___SH () C:\Users\JV\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\JV\HexChat 2.10.2 x86.exe".Im using hexchat regularly to chat somewhere and also in geekstogo and bleepingcomputers chatroom;would that affect hexchat?


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

If you are happy with the programme you can leave it there, however, it is just the installer being removed not the programme itself


  • 0

#7
henrymills

henrymills

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Fix result of Farbar Recovery Scan Tool (x86) Version:14-12-2015
Ran by JV (2015-12-16 10:57:13) Run:1
Running from C:\Users\JV\Desktop
Loaded Profiles: JV (Available Profiles: JV & Guest)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieSiteList
2015-12-04 01:30 - 2015-12-04 01:30 - 00000000 ____D C:\Users\JV\AppData\Local\{81E4B7B8-A54C-DB00-C8D4-FEE8ECBC0270}
2013-05-06 14:43 - 2013-05-06 14:43 - 0000037 ___SH () C:\Users\JV\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\JV\HexChat 2.10.2 x86.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found.
C:\Users\Guest\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\JV\AppData\Local\{81E4B7B8-A54C-DB00-C8D4-FEE8ECBC0270} => moved successfully
C:\Users\JV\AppData\Local\70149b02515b3bb20dd492.47983420 => moved successfully
C:\Users\JV\HexChat 2.10.2 x86.exe => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-4288802170-422726538-3330711173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1E21745E-0020-418A-BFCA-CF0335080674}.
Unable to cancel {9250799A-CCFA-4685-B9EB-8A868BAEF226}.
0 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 3.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:14:32 ====


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think you are now good to go, any further queries before I tidy up ?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP