Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wont download, upload, and installers wont work [Solved]

wont download upload installers malware virous

  • This topic is locked This topic is locked

#16
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Did #1 but issues with the adwear cleaner, it downloads, but won't start. Task manager says its running in processes but it doesn't start          

 

OK. Please post the log from Step#1.


  • 0

Advertisements


#17
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [fst_us_68] => [X]
HKLM-x32\...\Run: [fst_us_70] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\MountPoints2: {c49d0f64-b88b-11e4-851f-60eb69f1d265} - D:\Setup.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:61015;https=127.0.0.1:61015
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MC5D4DAF2-2435-4FB7-AD0A-732058797FCE&SearchSource=55&CUI=&UM=5&UP=SPF128739E-ED63-4E9B-9A3E-87C00BFBA299&SSPV=
hxxp://start.toshiba.com/g/
URLSearchHook: HKLM-x32 - Vgrabber Toolbar - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll (Conduit Ltd.)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=166&itype=n&ver=12565&tm=355&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=166&itype=n&ver=12565&tm=355&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9852&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MC5D4DAF2-2435-4FB7-AD0A-732058797FCE&SearchSource=58&CUI=&UM=5&UP=SPF128739E-ED63-4E9B-9A3E-87C00BFBA299&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MC5D4DAF2-2435-4FB7-AD0A-732058797FCE&SearchSource=58&CUI=&UM=5&UP=SPF128739E-ED63-4E9B-9A3E-87C00BFBA299&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={56B6D338-F6B9-4F56-8D48-2565410D86F0}&mid=3304f7d12e4c47d1bcc4b1a22f153b96-c6d99d63e392968ecb995946e7d1e069db742ae9&lang=en&ds=oc011&coid=avgtbdisoc&cmpid=&pr=sa&d=2014-09-02 21:02:30&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=166&itype=n&ver=12565&tm=355&src=ds&p={searchTerms}
BHO-x32: I Want This -> {11111111-1111-1111-1111-110011221158} -> C:\Program Files (x86)\I Want This\I Want This.dll [2012-01-25] (215 Apps)
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14] (Babylon BHO)
BHO-x32: Vgrabber Toolbar -> {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} -> C:\Program Files (x86)\Vgrabber\prxtbVgra.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll [2011-08-14] (Babylon Ltd.)
Toolbar: HKLM-x32 - Vgrabber Toolbar - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - C:\Program Files (x86)\Vgrabber\prxtbVgra.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} -  No File
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331616&octid=EB_ORIGINAL_CTID&ISID=M4D44265B-90FD-4784-9FBE-7385541A7A8C&SearchSource=55&CUI=&UM=6&UP=SPB142F516-F74D-4FB9-876A-5C64721774E2&SSPV="
CHR Extension: (Ask Search) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-11-21]
CHR Extension: (MyTools extension) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkbppmdgdfccoihhajoeflficbpgcnm [2014-06-19] [UpdateUrl: hxxp://mytoolsapp.info/chrome_update.xml] <==== ATTENTION
CHR Extension: (Bflix) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpojpihgafjhbgkgaglhighomjceieff [2014-06-19] [UpdateUrl: hxxp://thebflix.com/chrome_update.xml] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [kpojpihgafjhbgkgaglhighomjceieff] - C:\Program Files (x86)\BFlix\BFlix.crx [2012-02-03]
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Llynne\AppData\Local\I Want This\Chrome\I Want This.crx <not found>
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_68 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_us_70 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c49d0f64-b88b-11e4-851f-60eb69f1d265}" => key removed successfully
HKCR\CLSID\{c49d0f64-b88b-11e4-851f-60eb69f1d265} => key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => key removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
hxxp://start.toshiba.com/g/ => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} => value removed successfully
"HKCR\Wow6432Node\CLSID\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found. 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011221158}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value removed successfully
"HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} => value removed successfully
HKCR\Wow6432Node\CLSID\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => value removed successfully
HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => key not found. 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found. 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} => value removed successfully
HKCR\CLSID\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => moved successfully
C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkbppmdgdfccoihhajoeflficbpgcnm <==== ATTENTION => not found
C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpojpihgafjhbgkgaglhighomjceieff <==== ATTENTION => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpojpihgafjhbgkgaglhighomjceieff" => key removed successfully
C:\Program Files (x86)\BFlix\BFlix.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk" => key removed successfully
EmptyTemp: => 1.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:42:14 ====

  • 0

#18
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Thanks. Please do the following.

 

JRT by Malwarebytes
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open. Press any key at the Disclaimer screen and the program will start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. Post the contents of JRT.txt into your next message.


  • 0

#19
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Operating System: Windows 7 Home Premium x64 
Ran by JOHN THE MAN (Administrator) on Tue 02/02/2016 at  8:14:25.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 52 
 
Failed to delete: C:\Users\JOHN THE MAN\AppData\Local\com (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\babylon (Folder) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\stormfall (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\babylontoolbar (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\conduit (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\funmoods (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\pricegong (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\vgrabber (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\visi_coupon (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\Appdata\LocalLow\yahoocouponaddon (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\play games.lnk (Shortcut) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Roaming\opencandy (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Roaming\pccustubinstaller (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Roaming\settings manager (Folder) 
Successfully deleted: C:\windows\reimage.ini (File) 
Successfully deleted: C:\Program Files (x86)\anyprotectex (Folder) 
Successfully deleted: C:\Program Files (x86)\babylontoolbar (Folder) 
Successfully deleted: C:\Program Files (x86)\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\GUT37E3.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUT4E70.tmp (File) 
Successfully deleted: C:\Program Files (x86)\i want this (Folder) 
Successfully deleted: C:\Program Files (x86)\ibryte (Folder) 
Successfully deleted: C:\Program Files (x86)\mytools (Folder) 
Successfully deleted: C:\Program Files (x86)\predm (Folder) 
Successfully deleted: C:\Program Files (x86)\v-grabber (Folder) 
Successfully deleted: C:\Program Files (x86)\vgrabber (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78C5041C (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYX265DN (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBYOH7UN (Folder) 
Successfully deleted: C:\Users\JOHN THE MAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJA39GOI (Folder) 
Successfully deleted: C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
Successfully deleted: C:\windows\SysWOW64\sho2EB0.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho3134.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho6020.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho76A0.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho7903.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\sho9307.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoA1A.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoA21E.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoAA36.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoB346.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoBF44.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoC4C8.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoCE6C.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoDF0C.tmp (File) 
Successfully deleted: C:\windows\SysWOW64\shoFBDC.tmp (File) 
 
 
 
Registry: 9 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SurfEasyVPN (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{03BBFD85-1FF2-4987-92B0-A312987B7E66} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/02/2016 at  8:25:19.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#20
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Thanks. Let's continue.
 
Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): uTorrent

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Babylon toolbar on IE
BFlix
MyTools
vGrabber
Vgrabber Toolbar

 

Step#3 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post
1. FRST and Addition logs


  • 0

#21
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

i  got rid of the add ons in the list, but the Bflix wont uninstall,   for a test i tried to uninstall a few other programs, it will let me remove add ons, but locks on any install/uninstall  launcher.

 

here are the reposts

 

 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Users\JOHN THE MAN\AppData\Local\Temp\~nsu.tmp\Au_.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
() C:\Users\JOHN THE MAN\Desktop\AdwCleaner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2015-11-12] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VERIZONDM] => C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1269208 2014-08-09] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => C:\program files (x86)\real\realplayer\update\realsched.exe [286984 2015-09-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-14] (Google Inc.)
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-24]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{144C2DBE-8B41-4B4B-AC04-F4FE717B8A26}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{8A592FC1-E520-409E-B0DB-2CB24AEF2EBE}: [DhcpNameServer] 10.8.0.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
URLSearchHook: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {03BBFD85-1FF2-4987-92B0-A312987B7E66} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {03BBFD85-1FF2-4987-92B0-A312987B7E66} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {43586782-C232-4C3A-88A4-859FB844FDA7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {43586782-C232-4C3A-88A4-859FB844FDA7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\.DEFAULT -> DefaultScope {03BBFD85-1FF2-4987-92B0-A312987B7E66} URL = 
SearchScopes: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> {43586782-C232-4C3A-88A4-859FB844FDA7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS453
SearchScopes: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> {9B58A700-D065-4E65-B6C3-5C8743AC0DD7} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-11-10] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-27] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-11-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-27] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-20] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-27] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\JOHN THE MAN\AppData\Roaming\Mozilla\Firefox\Profiles\iacpkkad.default-1454270609525
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-25] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-20] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.0.1236 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-09-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.0.1236 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-09-24] (RealTimes)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1981047535-1425690070-2209561917-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\JOHN THE MAN\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-04] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1981047535-1425690070-2209561917-1001: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\JOHN THE MAN\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2014-09-01] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-09-23] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR Profile: C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (YouTube) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-10]
CHR Extension: (Google Search) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-02]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JOHNTH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cnkbppmdgdfccoihhajoeflficbpgcnm] - C:\Program Files (x86)\MyTools\MyTools.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe [135608 2011-12-16] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1103656 2015-09-24] (RealNetworks, Inc.)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems)
R3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39048 2015-01-16] (The OpenVPN Project)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2014-11-21] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 08:25 - 2016-02-02 08:25 - 00005869 _____ C:\Users\JOHN THE MAN\Desktop\JRT.txt
2016-02-02 08:13 - 2016-02-02 08:13 - 01609032 _____ (Malwarebytes) C:\Users\JOHN THE MAN\Desktop\JRT.exe
2016-02-01 16:41 - 2016-02-01 16:41 - 00000000 ____D C:\AdwCleaner
2016-02-01 16:38 - 2016-02-01 16:38 - 01508352 _____ C:\Users\JOHN THE MAN\Desktop\AdwCleaner.exe
2016-02-01 15:27 - 2016-02-01 15:42 - 00017700 _____ C:\Users\JOHN THE MAN\Desktop\Fixlog.txt
2016-02-01 06:59 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-02-01 06:59 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-01-31 19:44 - 2016-01-31 19:48 - 00058172 _____ C:\Users\JOHN THE MAN\Desktop\Addition.txt
2016-01-31 19:40 - 2016-02-02 09:30 - 00030691 _____ C:\Users\JOHN THE MAN\Desktop\FRST.txt
2016-01-31 17:16 - 2016-01-31 17:16 - 00004740 _____ C:\Users\JOHN THE MAN\Downloads\FRST.txt
2016-01-31 17:14 - 2016-02-02 09:30 - 00000000 ____D C:\FRST
2016-01-31 17:12 - 2016-01-31 17:14 - 02370560 _____ (Farbar) C:\Users\JOHN THE MAN\Desktop\FRST64.exe
2016-01-31 14:09 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2016-01-31 14:08 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2016-01-31 14:08 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-01-31 14:08 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-01-31 14:08 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2016-01-31 14:08 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2016-01-31 14:08 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-01-31 14:08 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2016-01-31 14:08 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2016-01-31 14:08 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2016-01-31 14:08 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-01-31 14:08 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-01-31 14:08 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-01-31 14:08 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2016-01-31 14:08 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2016-01-31 14:08 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2016-01-31 14:08 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-01-31 14:08 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-01-31 13:38 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2016-01-31 13:37 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2016-01-31 13:36 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-01-31 13:36 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2016-01-31 13:14 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\windows\SysWOW64\SQSRVRES.DLL
2016-01-31 13:14 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll
2016-01-31 12:03 - 2016-01-31 12:04 - 00000000 ____D C:\afae688b76afab8db3b634d356512108
2016-01-31 12:03 - 2016-01-31 12:03 - 00000000 ____D C:\Users\JOHN THE MAN\Desktop\Old Firefox Data
2016-01-31 11:46 - 2015-08-05 09:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-01-31 11:46 - 2015-08-05 09:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-01-31 11:43 - 2016-01-31 11:43 - 00000119 _____ C:\Users\JOHN THE MAN\Desktop\NoScan.reg
2016-01-31 10:50 - 2016-01-31 10:50 - 00165248 _____ (ArenaNet) C:\Users\JOHN THE MAN\Downloads\Unconfirmed 436658.crdownload
2016-01-28 09:51 - 2016-01-28 09:51 - 00000000 __SHD C:\found.003
2016-01-14 21:34 - 2016-01-14 21:34 - 00000000 ____D C:\15489c3774bf297d62ba59b6dd4c
2016-01-14 19:15 - 2016-01-14 19:15 - 00000000 ____H C:\Users\JOHN THE MAN\AppData\Local\BIT67B7.tmp
2016-01-14 19:14 - 2016-01-14 19:14 - 00000000 _____ C:\Users\JOHN THE MAN\AppData\Local\{7736DF6D-1B59-4871-AE9A-CE299CEAFE22}
2016-01-12 11:57 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-12 11:57 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-12 11:57 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-12 11:57 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-12 11:57 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 11:57 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-12 11:57 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-12 11:57 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-12 11:57 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 11:57 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-12 11:57 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-12 11:57 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-12 11:57 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-12 11:57 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-12 11:57 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-12 11:57 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-12 11:57 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-12 11:57 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-12 11:57 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-12 11:57 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-12 11:57 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-12 11:57 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-12 11:57 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-12 11:57 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-12 11:57 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-12 11:57 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-12 11:57 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-12 11:57 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-12 11:57 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-12 11:57 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-12 11:56 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 11:56 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-12 11:56 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 11:56 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-12 11:56 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-12 11:56 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-12 11:56 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-12 11:56 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-12 11:56 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-12 11:56 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-12 11:56 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-12 11:56 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-12 11:56 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-12 11:56 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-12 11:56 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-12 11:56 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-12 11:56 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-12 11:56 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-12 11:56 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-12 11:56 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-12 11:56 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-12 11:56 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-12 11:56 - 2015-12-08 09:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-01-12 11:55 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-01-12 11:55 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-01-12 11:55 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-01-12 11:55 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-01-12 11:55 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-01-12 11:55 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-01-12 11:55 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-12 11:55 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-01-12 11:55 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-01-12 11:55 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-01-12 11:55 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-01-12 11:55 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-12 11:55 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-01-12 11:55 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-01-12 11:55 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-01-12 11:55 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-01-12 11:55 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-01-12 11:55 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 11:55 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-12 11:55 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-12 11:55 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-01-12 11:55 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-01-12 11:55 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-01-12 11:55 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-01-12 11:55 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-01-12 11:55 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-01-12 11:55 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-01-12 11:55 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-01-12 11:55 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-01-12 11:55 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-01-12 11:55 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-12 11:55 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-01-12 11:55 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-01-12 11:55 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-01-12 11:55 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-12 11:55 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-01-12 11:55 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-01-12 11:55 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-01-12 11:55 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-01-12 11:55 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-12 11:55 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 11:55 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-01-12 11:55 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-01-12 11:55 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-01-12 11:55 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-12 11:55 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-01-12 11:55 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-01-12 11:55 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-12 11:55 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-01-12 11:55 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-01-12 11:55 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-12 11:55 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-12 11:55 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-12 11:55 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-12 11:55 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-12 11:54 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-12 11:54 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-01-12 11:54 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-01-12 11:54 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-12 11:54 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-12 11:54 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-01-12 11:54 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-01-12 11:54 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-12 11:54 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-12 11:53 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-12 11:53 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-12 11:52 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-12 11:52 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-01-12 11:52 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-12 11:52 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-12 11:51 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-12 11:51 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-01-12 11:51 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-12 11:51 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-01-12 11:51 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-01-12 11:51 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-01-12 11:51 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-01-12 11:51 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-01-12 11:51 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-01-12 11:51 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-01-12 11:51 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-12 11:51 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-01-12 11:51 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-01-12 11:51 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-01-12 11:51 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-01-12 11:51 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-01-12 11:51 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-01-12 11:51 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-12 11:51 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-01-12 11:51 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-12 11:51 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-01-12 11:51 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-01-12 11:51 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-01-12 11:51 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-01-12 11:51 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-01-12 11:51 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-01-12 11:51 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-01-12 11:51 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-01-12 11:51 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-01-12 11:51 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-01-12 11:51 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-12 11:51 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-01-12 11:51 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-01-12 11:51 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-12 11:51 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-01-12 11:51 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-01-12 11:51 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-01-12 11:51 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-01-12 11:51 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-01-12 11:51 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-01-12 11:51 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-01-12 11:51 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-12 11:51 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-01-12 11:51 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-12 11:51 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-01-12 11:51 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-01-12 11:51 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-01-12 11:51 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-01-12 11:51 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-01-12 11:51 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-01-12 11:51 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-01-12 11:51 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 11:51 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 09:20 - 2014-07-23 07:06 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-02-02 09:08 - 2012-05-04 13:04 - 00000000 ____D C:\Users\JOHN THE MAN\AppData\Local\CrashDumps
2016-02-02 08:57 - 2010-10-14 20:04 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 08:37 - 2011-12-17 22:48 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1981047535-1425690070-2209561917-1003UA.job
2016-02-02 07:36 - 2009-07-13 20:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 07:36 - 2009-07-13 20:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 07:31 - 2010-10-14 20:04 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 04:29 - 2015-04-19 16:33 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-02-02 04:13 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-02 03:22 - 2011-12-23 16:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-02-01 15:57 - 2014-05-22 14:39 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-02-01 15:39 - 2014-12-02 12:30 - 00000000 ____D C:\Users\JOHN THE MAN\AppData\LocalLow\Temp
2016-02-01 15:33 - 2012-02-15 17:46 - 00000000 ____D C:\Program Files (x86)\BFlix
2016-02-01 15:33 - 2009-07-13 19:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-02-01 15:33 - 2009-07-13 19:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-02-01 13:37 - 2011-12-17 22:48 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1981047535-1425690070-2209561917-1003Core.job
2016-02-01 10:52 - 2010-10-14 20:04 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 10:52 - 2010-10-14 20:04 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 18:20 - 2014-06-27 19:35 - 00000000 ____D C:\Users\JOHN THE MAN\AppData\Local\ElevatedDiagnostics
2016-01-31 18:20 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache
2016-01-31 14:31 - 2009-07-13 19:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-01-31 14:30 - 2009-07-13 19:20 - 00000000 ____D C:\windows\inf
2016-01-31 13:14 - 2011-10-17 14:43 - 00834548 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-01-31 13:11 - 2011-12-23 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2016-01-31 10:10 - 2014-05-05 10:58 - 00000000 ____D C:\Users\JOHN THE MAN\Desktop\HotCityCatering
2016-01-31 10:08 - 2015-02-01 10:43 - 00000000 ____D C:\Users\JOHN THE MAN\Desktop\pics n [bleep]
2016-01-28 18:57 - 2014-06-19 11:37 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-28 18:57 - 2010-10-14 20:04 - 00002223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-21 16:29 - 2015-02-26 18:32 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-21 16:24 - 2014-07-23 07:06 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-21 16:23 - 2014-07-23 07:06 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-21 16:23 - 2011-12-13 13:54 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-21 16:04 - 2015-02-26 18:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-18 08:54 - 2014-12-23 17:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 22:27 - 2009-07-13 21:13 - 00905816 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-14 22:17 - 2009-07-13 20:45 - 00439280 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-14 22:02 - 2014-12-11 03:50 - 00000000 ____D C:\windows\system32\appraiser
2016-01-14 22:02 - 2014-05-18 02:49 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-14 21:49 - 2013-03-28 20:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 21:48 - 2013-03-28 20:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 21:32 - 2013-03-28 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-14 21:22 - 2013-08-31 10:42 - 00000000 ____D C:\windows\system32\MRT
2016-01-14 21:00 - 2012-02-06 10:58 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-14 20:46 - 2009-07-13 18:34 - 00000478 _____ C:\windows\win.ini
2016-01-14 19:09 - 2009-07-13 21:08 - 00032562 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-01-12 12:14 - 2015-02-11 07:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-12 12:00 - 2015-06-24 16:11 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 08:02 - 2014-09-03 18:02 - 00000000 ____D C:\windows\Minidump
2016-01-12 08:01 - 2015-11-22 09:01 - 583827779 _____ C:\windows\MEMORY.DMP
 
==================== Files in the root of some directories =======
 
2014-05-22 14:30 - 2014-05-19 06:19 - 1705063 _____ (AnyProtect.com) C:\Users\JOHN THE MAN\AppData\Local\AnyProtectScannerSetup.exe
2016-01-14 19:15 - 2016-01-14 19:15 - 0000000 ____H () C:\Users\JOHN THE MAN\AppData\Local\BIT67B7.tmp
2014-07-10 21:18 - 2014-07-10 21:18 - 0003584 _____ () C:\Users\JOHN THE MAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-15 16:06 - 2014-09-15 16:06 - 0007605 _____ () C:\Users\JOHN THE MAN\AppData\Local\Resmon.ResmonCfg
2016-01-14 19:14 - 2016-01-14 19:14 - 0000000 _____ () C:\Users\JOHN THE MAN\AppData\Local\{7736DF6D-1B59-4871-AE9A-CE299CEAFE22}
2015-02-19 13:53 - 2015-02-19 13:53 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-10-19 11:24 - 2012-04-09 19:39 - 0004250 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\JOHN THE MAN\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-29 18:50
 
==================== End of FRST.txt ============================
 
 
 
not sure if it added anything to this but here it is
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by JOHN THE MAN (2016-01-31 19:44:52)
Running from C:\Users\JOHN THE MAN\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-16 08:00:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1981047535-1425690070-2209561917-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1981047535-1425690070-2209561917-1009 - Limited - Enabled)
Guest (S-1-5-21-1981047535-1425690070-2209561917-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1981047535-1425690070-2209561917-1002 - Limited - Enabled)
JOHN THE MAN (S-1-5-21-1981047535-1425690070-2209561917-1001 - Administrator - Enabled) => C:\Users\JOHN THE MAN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BFlix (HKLM-x32\...\BFlix) (Version: 0.0.0.1 - BFlix) <==== ATTENTION
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.4138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.4138 - BlueStack Systems, Inc.)
Browse For Change (HKLM-x32\...\iBryte_browseforchange) (Version:  - iBryte)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Cake Mania - Lights, Camera, Action!™ (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.200.0.0 - Power Technology)
DISH Anywhere Video Player (HKLM-x32\...\{80940219-E895-4311-B541-3FB8E7AFD392}) (Version: 2.18.0 - DISH Anywhere)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Easy Media Player 1.1.12 (HKLM-x32\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Every Landlord's Legal Guide (HKLM-x32\...\Every Landlord's Legal Guide) (Version:  - )
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free IP Switcher (HKLM-x32\...\Free IP Switcher) (Version: http://www.eusing.co...ip_switcher.htm- Eusing Software)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
G-Force (HKLM-x32\...\G-Force) (Version: 4.3.2 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP Officejet 5740 series Basic Device Software (HKLM\...\{7FAA9D15-FF0B-4593-8D4A-0B941FD1977A}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet 5740 series Help (HKLM-x32\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{68550918-63B5-4762-85CB-3C160AA4B213}) (Version: 14.0 - HP)
HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I Want This (HKLM-x32\...\I Want This) (Version: 1.7.146.147 - 215 Apps)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4486 - Microsoft Corporation)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyTools (HKLM-x32\...\MyTools) (Version: 0.0.0.1 - MyTools) <==== ATTENTION
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{308C7555-5D43-4D9A-BDC0-14B2948EF438}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
PS_AIO_06_C4700_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0011 - Realtek)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
SurfEasy VPN 3.0.400 (HKLM-x32\...\SurfEasy VPN) (Version: 3.0.400 - SurfEasy Inc)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.03.02.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.5.60 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.05.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.03.02.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Download Manager (HKLM-x32\...\{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}) (Version: 16 - SupportSoft)
Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.5.67 - Verizon)
vGrabber (HKLM-x32\...\vGrabber) (Version: 1.14 - hxxp://vgrabber.org)
Vgrabber Toolbar (HKLM-x32\...\Vgrabber Toolbar) (Version: 6.8.5.1 - Vgrabber) <==== ATTENTION
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {098A479D-178B-4BEA-BB13-41A844659E56} - System32\Tasks\{46BCF3A6-62CF-4E47-943D-D3E5649B4FD3} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {33B8300F-E32C-41CB-9489-F1D00DB47C95} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1981047535-1425690070-2209561917-1003UA => C:\Users\Llynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3746629F-9431-4D6F-A5D0-DF50DCA3B5D7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1981047535-1425690070-2209561917-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {3C382BD9-411C-4FF6-8E4C-E4067CFD4F15} - System32\Tasks\HP AR Program Upload - 8b6856558e694090a3a3391e221106f9a7323a0e179845189e97d4eb778d7d30 => C:\Program Files\HP\HP Officejet 5740 series\bin\HPRewards.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {42E927B6-F580-47AA-850D-6F04C811A7C8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1981047535-1425690070-2209561917-1003Core => C:\Users\Llynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {4523BEC8-7B44-4888-838A-05E9A37DBBDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4561A871-B441-4256-B791-B2388502124C} - System32\Tasks\{E557C175-297F-4251-904A-C04F3A97A829} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {4653C79A-500C-4F96-83B9-72DE1DA4B699} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {505946D4-D01A-4782-A6A6-90EA6C757D99} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-21] (Microsoft Corporation)
Task: {53EC65BD-B4E5-4D59-B3C1-A3DD68B08558} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1981047535-1425690070-2209561917-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {58BBC6A1-BB62-4BEF-AE2A-E250B65178DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5F0B1D0C-D6FF-4520-8A69-610024FE8BDF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1981047535-1425690070-2209561917-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {63A0A737-2696-4055-83EA-16C5BDD27BAF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {728B5319-84E0-4525-92D3-E09FC066EEDC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {72BCC344-2C23-4B16-A81B-2970A3FD818B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {73D6DD6E-A781-4F37-9C57-82379B94EFC4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1981047535-1425690070-2209561917-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {80EBAA98-5D81-4100-B479-F67460284503} - System32\Tasks\{209DF523-D278-4113-8D7F-5C956AA5D65A} => pcalua.exe -a "C:\Users\JOHN THE MAN\Downloads\FISSetup.exe" -d "C:\Users\JOHN THE MAN\Downloads"
Task: {8C3E160E-5D98-4473-8BAE-ADC06782115C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1981047535-1425690070-2209561917-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {90832B12-3433-4CB6-A11C-45145C694081} - System32\Tasks\HPCustPartic.exe_{3C678EDE-7D33-4BBB-B2C4-F9C1872C1830} => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {923D3C26-503F-436A-A097-BAF6DDB7D8AF} - System32\Tasks\{510A93B9-6AB3-4896-A692-1AA6A584AB19} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/en/abandoninstall?page=tsProgressBar
Task: {9556F731-5E45-4156-A4FB-E1835DE63A12} - System32\Tasks\HP AR Program Upload - 171af37deac94f34ba72ba4ac60b0ea5ed68cbe4425747598f5b6aa64b292ced => C:\Program Files\HP\HP Officejet 5740 series\bin\HPRewards.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {A0493078-3213-47C7-A2EF-90C73B09E2D2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1981047535-1425690070-2209561917-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A672475A-2A68-4D50-A78D-4AA28FF0BD3A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1981047535-1425690070-2209561917-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {AC7AE714-EAF6-4B49-90DB-09B06800A954} - System32\Tasks\{27181674-7506-4283-A76D-7E0FBFBA9192} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {ADAE3308-25E4-47A4-9179-7F0DE2FCA4C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {AF55EF5B-7F95-4384-A687-3353ECB2B70C} - System32\Tasks\{F016E4D3-17AA-4992-A410-6C18F941FC73} => pcalua.exe -a "C:\Users\JOHN THE MAN\Downloads\FISSetup.exe" -d "C:\Users\JOHN THE MAN\Downloads"
Task: {CBDFB5A2-08FD-43A1-9B37-4411A5C3E8BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)
Task: {D78F7551-941A-4CAA-B658-AAF22018141C} - System32\Tasks\{B9B1D84B-1DA5-4D5E-A1C7-3459B6AF95F7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.0.102/en/abandoninstall?page=tsProgressBar
Task: {D7C0CCEF-3A81-4397-8FB4-DEAC6F7615F3} - System32\Tasks\HP AR Program Upload - 34e506c758b642f5879a5cb8a65a7ee84bcdf5b94e704338a658e4f9e9f3a23a => C:\Program Files\HP\HP Officejet 5740 series\bin\HPRewards.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {DB80A90E-270A-4487-9E15-6DB2FC8DC69F} - System32\Tasks\HPCustParticipation HP Officejet 5740 series => C:\Program Files\HP\HP Officejet 5740 series\Bin\HPCustPartic.exe [2014-08-22] (Hewlett-Packard Development Company, LP)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {FE938568-3FA4-4765-B5B4-6B2186CC6132} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1981047535-1425690070-2209561917-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1981047535-1425690070-2209561917-1003Core.job => C:\Users\Llynne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1981047535-1425690070-2209561917-1003UA.job => C:\Users\Llynne\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:38 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-05 11:09 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-04-07 15:07 - 2010-04-07 15:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-14 19:53 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-04-16 02:07 - 2013-04-16 02:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-01-16 15:18 - 2015-01-16 15:18 - 03272048 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-09-24 17:38 - 2015-09-24 17:38 - 00022312 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\mediautil.dll
2015-09-24 17:38 - 2015-09-24 17:38 - 01520936 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\avformat-55.dll
2015-09-24 17:38 - 2015-09-24 17:38 - 04274984 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2015-09-24 17:38 - 2015-09-24 17:38 - 00322856 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\avutil-52.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MZA => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\...\sharepoint.com -> hxxps://netorg402108.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JOHN THE MAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8E9E864D-DB5A-4835-B29A-4AD1E723A7BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0BA9CF43-267F-4DA6-8B7B-9E7CB10981F6}] => (Allow) LPort=2869
FirewallRules: [{6A1F2482-A969-444B-BAC4-D40AC9D2DD68}] => (Allow) LPort=1900
FirewallRules: [{210C2287-7277-4032-9D84-EBEE9835DECF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DC5C4C5C-F17A-4336-A26C-570AA9C8A5DD}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{05E96D40-8AED-4AEF-8347-E2D6E9A144F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{40D7B59C-74A6-4F7C-B1C5-165F64F16352}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C770FE38-04AA-4ED5-BBC0-49F679496900}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{115B4420-67FA-46DC-B03B-8C31C8AE9F97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{105F6245-A2D1-4876-A602-53010E404590}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1AFF27E1-12F4-4AAB-B2E6-3E38EE4D7785}] => (Allow) C:\Users\Llynne\AppData\Local\Temp\7zS5430\setup\hpznui40.exe
FirewallRules: [{F03F2350-9616-4FBD-AF75-F3EEB24ECEB3}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{48116BA2-64BC-42A6-B463-A342C9EEB4BE}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.exe
FirewallRules: [{F8DCE619-ACB9-4542-AAF8-EC71016C6AB8}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [{78B92E3E-082D-495B-8070-B8043F104A83}] => (Allow) C:\Program Files (x86)\World of Warcraft\Launcher.patch.exe
FirewallRules: [TCP Query User{FD039AEB-E11D-4F0C-8E65-E96C0DFCBFA2}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{879F3542-9D9F-49E5-9C27-7B34E0D7E7F3}C:\program files (x86)\world of warcraft\backgrounddownloader.exe] => (Allow) C:\program files (x86)\world of warcraft\backgrounddownloader.exe
FirewallRules: [{C4772620-563C-4FF1-9095-389218C29B64}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{A8380BE4-EA88-4BAA-A005-1096D58D885D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{E9F88790-6DDE-4466-95DB-DFB9BF14DCEA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{E13E703B-B0CB-4BF5-9876-52D426BBC706}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{49C648A9-F5DC-4E40-8FBC-DED03FEC8E5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{18F50816-906F-49DF-ACC5-C097225D47B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{5988956D-F600-43E0-B2EF-4A96B4E23F0A}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{22945D32-2A9B-4C34-8998-9D04C20CA0BE}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{0A7BCA58-CCC9-4B33-86C1-05CEEC6F9E0E}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [TCP Query User{F5961F01-212E-41C5-BE58-87AC9D4DBB49}C:\program files (x86)\world of warcraft\launcher.patch.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.patch.exe
FirewallRules: [UDP Query User{3D72C2B2-5764-4E31-B17F-8E1E764CF326}C:\program files (x86)\world of warcraft\launcher.patch.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.patch.exe
FirewallRules: [TCP Query User{2CF45091-766C-45F6-9871-7518BA8B4685}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe
FirewallRules: [UDP Query User{AAB2A904-0C7E-44EF-BB58-D2465CF4F59B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe] => (Allow) C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe
FirewallRules: [TCP Query User{B86CDAE7-2FC3-4147-997F-FEE416125013}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [UDP Query User{D594E6A7-047C-402F-90F1-A4FD3A220EAE}C:\program files (x86)\world of warcraft\launcher.exe] => (Allow) C:\program files (x86)\world of warcraft\launcher.exe
FirewallRules: [TCP Query User{19D76B2C-BBD1-4A9C-9636-872F4D823FA8}E:\techwizard.exe] => (Allow) E:\techwizard.exe
FirewallRules: [UDP Query User{75E8EFF0-205B-47F3-8D54-268BC5818900}E:\techwizard.exe] => (Allow) E:\techwizard.exe
FirewallRules: [{FDE57DAC-5BAB-40CD-8289-13912FAFE52E}] => (Allow) LPort=50000
FirewallRules: [{090D797C-D7F4-4B03-B48B-96822FA042BD}] => (Allow) LPort=50000
FirewallRules: [{D4799F62-1761-4AFC-AB4C-B6D6E52B78F7}] => (Allow) C:\Users\JOHN THE MAN\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{50AB65D2-0DD1-4C00-BECD-0C4BE69CC354}] => (Allow) C:\Users\JOHN THE MAN\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0D88727A-9E8D-4E91-9114-B4BA1E0900AD}C:\users\john the man\appdata\local\temp\gw2.exe] => (Allow) C:\users\john the man\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{12DFD39F-BCCE-4F80-9168-8B2D5956C415}C:\users\john the man\appdata\local\temp\gw2.exe] => (Allow) C:\users\john the man\appdata\local\temp\gw2.exe
FirewallRules: [TCP Query User{BD3C24E8-BE05-44B2-92E1-497A271DCC6A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{50FB03AF-CEB4-40DD-B5DC-F382C6756A75}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{3405FEBC-1F85-412D-A060-6156B0DF84C4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{FBCB93B5-CBD7-4CF7-B778-08667795E523}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0F126B84-74A4-47E3-918F-2CC8DE1AAF3B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4F509CF3-F769-4459-873A-0CE4828D56C8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{2FF97A06-5F78-4141-888F-DF04848E62FB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C3AE6E84-A3C2-4093-9CC5-59ADEF50642C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{7D0E64C2-7CB0-4499-8DA6-6ABCDD2A4DA5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3DCE9FF0-08DF-42FB-8013-4BE68B564604}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\FaxApplications.exe
FirewallRules: [{3E8B1C5E-9D83-44DE-83B3-6F02CAB622CB}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\DigitalWizards.exe
FirewallRules: [{43938FDC-3A8E-44C5-9763-0A7DA102242E}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\bin\SendAFax.exe
FirewallRules: [{611445B1-A65B-4149-AA82-02B2103A8E19}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe
FirewallRules: [{61FDC3DE-6629-48DF-BFA9-92C878BD1135}] => (Allow) LPort=5357
FirewallRules: [{F5AEE7B2-5BEC-4E85-8C93-485C402C19B9}] => (Allow) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E99DDF85-1194-4AB4-9DD5-D6A32FC46B8E}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS24B8\HPDiagnosticCoreUI.exe
FirewallRules: [{CFB79A99-760C-4170-B908-8C4485D003E6}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS24B8\HPDiagnosticCoreUI.exe
FirewallRules: [{D2B8156F-41AD-4DFA-BC25-D8DBDB6078C3}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS34AA\HPDiagnosticCoreUI.exe
FirewallRules: [{B371DD3F-ABA3-4E23-ADC4-D0528C87823E}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS34AA\HPDiagnosticCoreUI.exe
FirewallRules: [{C7818D48-E29F-4BD4-BE49-95ACE63A5790}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B02B5178-4703-4E5F-8FBD-253DAA62F355}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS190E\HPDiagnosticCoreUI.exe
FirewallRules: [{608B79B8-F0AC-44A2-952F-2122CA91C4CF}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS190E\HPDiagnosticCoreUI.exe
FirewallRules: [{1CFBC6C0-B78E-40D5-AFEA-5DF6115F2422}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS2200\HPDiagnosticCoreUI.exe
FirewallRules: [{028A898C-78A0-48BB-90A6-FD266B0FC71C}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS2200\HPDiagnosticCoreUI.exe
FirewallRules: [{5EC87518-2D1E-4A69-90A7-FB3252219357}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS5C7D\HPDiagnosticCoreUI.exe
FirewallRules: [{15D3C1CD-B73A-41C6-A556-5DBADA25FB26}] => (Allow) C:\Users\JOHN THE MAN\AppData\Local\Temp\7zS5C7D\HPDiagnosticCoreUI.exe
FirewallRules: [{6CB34FD9-F2A5-4974-BDE4-022B3A259E91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{97A05711-48FC-4183-8350-A661D598B996}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09F6AEA6-3984-4A3A-9D3A-33AE74EB9B57}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{143DED9F-3640-490F-9075-DF47E6542312}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7190569F-7ACE-4D48-9513-B129D04C752E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1BDBD723-5FAF-419F-91BE-7EC933CBF632}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1F1101A2-7A51-4196-ABC6-3C00A7C152B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{65C51285-E522-4855-A417-057AB878609F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
21-01-2016 15:43:39 Windows Update
25-01-2016 15:26:07 Windows Update
28-01-2016 18:33:19 Windows Update
31-01-2016 13:18:19 Windows Modules Installer
31-01-2016 13:35:05 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet Pro 8620
Description: HP Officejet Pro 8620
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart C4700 series
Description: Photosmart C4700 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/31/2016 05:40:19 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/31/2016 05:34:00 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service
 
Error: (01/31/2016 05:27:13 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program TOSHIBA Web Camera Application because of this error.
 
Program: TOSHIBA Web Camera Application
File: C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (01/31/2016 05:27:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TWebCamera.exe, version: 1.1.1.15, time stamp: 0x4b841370
Faulting module name: COMCTL32.dll, version: 6.10.7601.18837, time stamp: 0x553a8345
Exception code: 0xc0000006
Fault offset: 0x00085c67
Faulting process id: 0x524
Faulting application start time: 0xTWebCamera.exe0
Faulting application path: TWebCamera.exe1
Faulting module path: TWebCamera.exe2
Report Id: TWebCamera.exe3
 
Error: (01/31/2016 05:26:58 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (01/31/2016 05:23:40 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Run Once Wrapper because of this error.
 
Program: Run Once Wrapper
File: C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (01/31/2016 05:23:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: runonce.exe, version: 6.1.7601.17514, time stamp: 0x4ce797ce
Faulting module name: COMCTL32.dll, version: 6.10.7601.18837, time stamp: 0x553a8345
Exception code: 0xc0000006
Fault offset: 0x00085c67
Faulting process id: 0x9ac
Faulting application start time: 0xrunonce.exe0
Faulting application path: runonce.exe1
Faulting module path: runonce.exe2
Report Id: runonce.exe3
 
Error: (01/31/2016 05:09:07 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Internet Explorer because of this error.
 
Program: Internet Explorer
File: C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
Error: (01/31/2016 05:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18163, time stamp: 0x566c4c47
Faulting module name: comctl32.dll, version: 6.10.7601.18837, time stamp: 0x553a8345
Exception code: 0xc0000006
Fault offset: 0x0008c876
Faulting process id: 0x13e0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (01/31/2016 05:06:02 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Problem Reporting because of this error.
 
Program: Windows Problem Reporting
File: C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
 
System errors:
=============
Error: (01/31/2016 07:40:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 07:30:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 07:20:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 07:10:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 07:00:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 06:50:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 06:40:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 06:30:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 06:20:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/31/2016 06:10:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 36%
Total physical RAM: 3893.86 MB
Available physical RAM: 2464.4 MB
Total Virtual: 7785.93 MB
Available Virtual: 5802.41 MB
 
==================== Drives ================================
 
Drive c: (TI106033W0C) (Fixed) (Total:452.58 GB) (Free:222.85 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 38A39E6A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=17)
 
==================== End of Addition.txt ============================

  • 0

#22
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Good job. We'll handle Bflix in a bit. Let's do the following now.

 

Step#1 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#2 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 


  • 0

#23
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I downloaded it but it won't run

Attached Thumbnails

  • IMG_20160202_125153926_HDR.jpg

  • 0

#24
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

OK, skip that for the moment. Please do the following.

 

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Attached Files


  • 0

#25
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CHR HKLM-x32\...\Chrome\Extension: [cnkbppmdgdfccoihhajoeflficbpgcnm] - C:\Program Files (x86)\MyTools\MyTools.crx <not found>
CHR HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JOHNTH~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx <not found>
2014-05-22 14:30 - 2014-05-19 06:19 - 1705063 _____ (AnyProtect.com) C:\Users\JOHN THE MAN\AppData\Local\AnyProtectScannerSetup.exe
2016-01-14 19:15 - 2016-01-14 19:15 - 0000000 ____H () C:\Users\JOHN THE MAN\AppData\Local\BIT67B7.tmp
2014-07-10 21:18 - 2014-07-10 21:18 - 0003584 _____ () C:\Users\JOHN THE MAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-15 16:06 - 2014-09-15 16:06 - 0007605 _____ () C:\Users\JOHN THE MAN\AppData\Local\Resmon.ResmonCfg
2016-01-14 19:14 - 2016-01-14 19:14 - 0000000 _____ () C:\Users\JOHN THE MAN\AppData\Local\{7736DF6D-1B59-4871-AE9A-CE299CEAFE22}
Task: {4561A871-B441-4256-B791-B2388502124C} - System32\Tasks\{E557C175-297F-4251-904A-C04F3A97A829} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {80EBAA98-5D81-4100-B479-F67460284503} - System32\Tasks\{209DF523-D278-4113-8D7F-5C956AA5D65A} => pcalua.exe -a "C:\Users\JOHN THE MAN\Downloads\FISSetup.exe" -d "C:\Users\JOHN THE MAN\Downloads"
FirewallRules: [{05E96D40-8AED-4AEF-8347-E2D6E9A144F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{40D7B59C-74A6-4F7C-B1C5-165F64F16352}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{C4772620-563C-4FF1-9095-389218C29B64}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{A8380BE4-EA88-4BAA-A005-1096D58D885D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{E9F88790-6DDE-4466-95DB-DFB9BF14DCEA}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{E13E703B-B0CB-4BF5-9876-52D426BBC706}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{49C648A9-F5DC-4E40-8FBC-DED03FEC8E5F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{18F50816-906F-49DF-ACC5-C097225D47B9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
EmptyTemp:
 
 
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnkbppmdgdfccoihhajoeflficbpgcnm" => key removed successfully
"HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf" => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji" => key removed successfully
C:\Users\JOHN THE MAN\AppData\Local\AnyProtectScannerSetup.exe => moved successfully
C:\Users\JOHN THE MAN\AppData\Local\BIT67B7.tmp => moved successfully
C:\Users\JOHN THE MAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\JOHN THE MAN\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\JOHN THE MAN\AppData\Local\{7736DF6D-1B59-4871-AE9A-CE299CEAFE22} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4561A871-B441-4256-B791-B2388502124C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4561A871-B441-4256-B791-B2388502124C}" => key removed successfully
C:\windows\System32\Tasks\{E557C175-297F-4251-904A-C04F3A97A829} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E557C175-297F-4251-904A-C04F3A97A829}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80EBAA98-5D81-4100-B479-F67460284503}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80EBAA98-5D81-4100-B479-F67460284503}" => key removed successfully
C:\windows\System32\Tasks\{209DF523-D278-4113-8D7F-5C956AA5D65A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{209DF523-D278-4113-8D7F-5C956AA5D65A}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05E96D40-8AED-4AEF-8347-E2D6E9A144F3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40D7B59C-74A6-4F7C-B1C5-165F64F16352} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4772620-563C-4FF1-9095-389218C29B64} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8380BE4-EA88-4BAA-A005-1096D58D885D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9F88790-6DDE-4466-95DB-DFB9BF14DCEA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E13E703B-B0CB-4BF5-9876-52D426BBC706} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49C648A9-F5DC-4E40-8FBC-DED03FEC8E5F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18F50816-906F-49DF-ACC5-C097225D47B9} => value removed successfully
 
=========  wevtutil cl application =========
 
 
========= End of CMD: =========
 
 
=========  wevtutil cl system =========
 
 
========= End of CMD: =========
 
 
=========  wevtutil cl security =========
 
 
========= End of CMD: =========
 
EmptyTemp: => 126.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:09:59 =

  • 0

Advertisements


#26
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Step#1 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post
1. Contents of the ESET log file

 


  • 0

#27
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

OK so heres what happend

i couldn't get any of it to work or download, if it did download it wouldnt run.

so last night with nothing left to loose i downloaded and installed windows 10.

It worked everything is now back working.

so i ran the adwcleaner, and that did work now too.

i really want to make sure this bug is gone, ( probably not as it did keep my old files )

so here is the report from the addwear cleaner.

 

 

 

 

 

# AdwCleaner v5.032 - Logfile created 03/02/2016 at 08:31:09
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : JOHN THE MAN - DARINSWORKCOMP
# Running from : C:\Users\JOHN THE MAN\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\Users\JOHN THE MAN\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\JOHN THE MAN\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\JOHN THE MAN\AppData\Roaming\Yahoo!\Companion
 
***** [ Files ] *****
 
[-] File Deleted : C:\WINDOWS\SysNative\reimage.rep
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF521630-EB03-9984-BAFD-0E502341A6FD}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\BabylonToolbar
[-] Key Deleted : HKCU\Software\BFlix
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\WEDLMNGR
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\BabylonToolbar
[-] Key Deleted : HKLM\SOFTWARE\BFlix
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\FreeSoftToday
[-] Key Deleted : HKLM\SOFTWARE\SystemK
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFlix
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\BFlix
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\I Want This
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AnyProtect
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\APN PIP
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\BabylonToolbar
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\BFlix
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\InstallCore
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Linkey
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\TutoTag
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\WEDLMNGR
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\Software\BlockAndSurf
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\Software\I Want This
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\Software\PriceGong
[!] Key Not Deleted : HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\BabylonToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\BFlix
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Funmoods
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1981047535-1425690070-2209561917-1001\Software\Yahoo\YFriendsBar
 
***** [ Web browsers ] *****
 
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.com
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com_
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : blekko
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : okcupid.com
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : routingnumbers.org
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : default-search.net
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\JOHN THE MAN\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15505 bytes] ##########

  • 0

#28
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Good job on updating to Windows 10. Let's try Malwarebytes again. Please follow the instructions from the previous post.

 

http://www.geekstogo...work/?p=2549688


  • 0

#29
Chef April

Chef April

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/3/2016
Scan Time: 9:42 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.03.04
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: JOHN THE MAN
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 514660
Time Elapsed: 1 hr, 39 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 43
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220022222258}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440044224458}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066226658}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77777777-7777-7777-7777-770077227758}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{55555555-5555-5555-5555-550055225558}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{66666666-6666-6666-6666-660066226658}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{77777777-7777-7777-7777-770077227758}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440044224458}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{44444444-4444-4444-4444-440044224458}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{22222222-2222-2222-2222-220022222258}, Quarantined, [fe52fd5f148537ff1f8d254f30d2837d], 
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{33333333-3333-3333-3333-330033223358}, Quarantined, [d57bda82b0e9a195bcf1c4b06b978b75], 
Adware.GamePlayLab, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{33333333-3333-3333-3333-330033223358}, Quarantined, [d57bda82b0e9a195bcf1c4b06b978b75], 
PUP.Optional.MyTools, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\CLASSES\MyTools.MyTools.1, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\CLASSES\MyTools.MyTools, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyTools.MyTools, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MyTools.MyTools, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyTools.MyTools.1, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\CLASSES\WOW6432NODE\MyTools.MyTools.1, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}, Quarantined, [e26e95c7544502341e23dec09969a35d], 
PUP.Optional.MyTools, HKU\S-1-5-21-1981047535-1425690070-2209561917-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C3A44133-7EAD-434C-AC9E-7F1DA176BA8C}, Quarantined, [e26e95c7544502341e23dec09969a35d], 
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, Quarantined, [be92ee6e0a8fb284bbf0d99bc240e917], 
PUP.Optional.BFlix, HKLM\SOFTWARE\CLASSES\BFlix.BFlix, Quarantined, [d67a3527c9d005313a065d4129d9857b], 
PUP.Optional.BFlix, HKLM\SOFTWARE\CLASSES\BFlix.BFlix.1, Quarantined, [9ab6a3b958414fe7e45c0c9218eae21e], 
PUP.Optional.BFlix, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BFlix.BFlix, Quarantined, [9ab6a3b958414fe7e45c0c9218eae21e], 
PUP.Optional.BFlix, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BFlix.BFlix.1, Quarantined, [9ab6a3b958414fe7e45c0c9218eae21e], 
PUP.Optional.BFlix, HKLM\SOFTWARE\CLASSES\WOW6432NODE\BFlix.BFlix, Quarantined, [9ab6a3b958414fe7e45c0c9218eae21e], 
PUP.Optional.BFlix, HKLM\SOFTWARE\CLASSES\WOW6432NODE\BFlix.BFlix.1, Quarantined, [9ab6a3b958414fe7e45c0c9218eae21e], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, Quarantined, [66ea69f3d6c3a78f2d473c4fd131e917], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, Quarantined, [9db309530b8e5ed8b6bea9e238cab749], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc, Quarantined, [9db309530b8e5ed8b6bea9e238cab749], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.BabylonESrvc.1, Quarantined, [9db309530b8e5ed8b6bea9e238cab749], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.BabylonESrvc, Quarantined, [9db309530b8e5ed8b6bea9e238cab749], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.BabylonESrvc.1, Quarantined, [9db309530b8e5ed8b6bea9e238cab749], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\b, Quarantined, [63ed8dcff7a2b284ccac9cefcc361ce4], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b, Quarantined, [e46cbaa2f3a668ce7404c1cac53d4bb5], 
PUP.Optional.BabylonToolBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\b, Quarantined, [e46cbaa2f3a668ce7404c1cac53d4bb5], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E076618B-381F-42C8-974D-88EBB97A40C4}, Quarantined, [6ee289d3f6a3ac8abe8e755537cc8878], 
 
Registry Values: 3
PUP.Optional.VGrabber, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}, Quarantined, [64ec94c891080b2bbd7b464d37cb42be], 
PUP.Optional.VGrabber, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}, ¯ í² rÑF`"&õËŸ, Quarantined, [64ec94c891080b2bbd7b464d37cb42be]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E076618B-381F-42C8-974D-88EBB97A40C4}|AppPath, C:\Users\Llynne\AppData\Local\Conduit\CT3059010, Quarantined, [6ee289d3f6a3ac8abe8e755537cc8878]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.BFlix, C:\Program Files (x86)\BFlix, Quarantined, [0b45f6660f8aec4a883d96b6897bae52], 
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [212faab23366fd39e16c5e400200c040], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0870A8C23B03B91C, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.NewPlayer, C:\Users\JOHN THE MAN\AppData\Local\com\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha, Quarantined, [331d7fddc3d6df57a09614bad52dbb45], 
 
Files: 18
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\MZA64.dll, Quarantined, [4b05adafafea77bf8c725c0954ad01ff], 
PUP.Optional.WebSearcher, C:\Users\JOHN THE MAN\Downloads\Unconfirmed 291020.crdownload, Quarantined, [b89858047d1c9d996297a9257190867a], 
PUP.Optional.WebSearcher, C:\Users\JOHN THE MAN\Downloads\Unconfirmed 70720.crdownload, Quarantined, [024e3a2216833ef842b703cb25dccd33], 
PUP.Optional.WebSearcher, C:\Users\JOHN THE MAN\Downloads\Unconfirmed 898905.crdownload, Quarantined, [84cca1bb7b1e79bd0beef3db4fb205fb], 
PUP.Optional.WebSearcher, C:\Users\JOHN THE MAN\Downloads\Unconfirmed 575058.crdownload, Quarantined, [2c24adaf9cfdee484dace1ed9e630ff1], 
PUP.Optional.BundleInstaller, C:\Users\JOHN THE MAN\Google Drive\adobe flash player ie setup.exe, Quarantined, [5df32d2fe1b8c6700bb376be25dc39c7], 
PUP.Optional.BFlix, C:\Program Files (x86)\BFlix\Bflix.dll, Quarantined, [0b45f6660f8aec4a883d96b6897bae52], 
PUP.Optional.BFlix, C:\Program Files (x86)\BFlix\onload.js, Quarantined, [0b45f6660f8aec4a883d96b6897bae52], 
PUP.Optional.BFlix, C:\Program Files (x86)\BFlix\uninstall.exe, Quarantined, [0b45f6660f8aec4a883d96b6897bae52], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120215194524.log, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120215195229.log, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll, Quarantined, [0e423a223762c6700328a80bb54d0ff1], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#30
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,582 posts

Excellent. Now do the ESET scan from Post#26.

 

http://www.geekstogo...work/?p=2549722


  • 0






Similar Topics


Also tagged with one or more of these keywords: wont download, upload, installers, malware, virous

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP