This topic is locked
A friends laptop is is full of malware. I ran Malwarebytes Anti-Malware and found over 3500 objects. It did let me remove any of them. I then ran FRST64. It keeps briniging up PC Optimizer Pro multiple times. It also brings up a fake BSOD. Thank you in advance for your help.
FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Liyah241 (administrator) on DIVAS-PC (22-03-2016 20:48:35)
Running from F:\
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(ConsumerInput) C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp
() C:\Windows\rcore.exe
() C:\Program Files\shopperz270120160220\Icaorku.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\Program Files (x86)\sushileads\NpUpdaterService.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp
() C:\Program Files (x86)\Checked List\updateCheckedList.exe
() C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe
() C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe
(WWatcher) C:\Program Files (x86)\WinWiki\WWatcherProxy.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Valid Applications) C:\ProgramData\hKafruOyr\QUZNjUc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe
(IStealer updater) C:\Program Files (x86)\SpaceSondPro_v53.12311\SpaceSondPro_Service.exe
(IDealer updater) C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Space Sound Pro) C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
(Facebook Inc.) C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
() C:\Program Files (x86)\Optimizer Pro 3.99\OptProReminder.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
() C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
() C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe
() C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(SoftBrain Technologies Ltd.) C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebApp.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(TODO: <Company name>) C:\Program Files (x86)\Note-up\Note-up.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
() C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
() C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
() C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
() C:\Program Files\shopperz270120160220\Nurdaj.exe
() C:\Program Files\shopperz270120160220\Duahmi.exe
() C:\Program Files\shopperz270120160220\Duahmi64.exe
() C:\Program Files\shopperz270120160220\csrcc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\McUICnt.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\vnso6545.tmp
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44032 2016-01-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-13] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [gmsd_us_51] => [X]
HKLM-x32\...\Run: [gmsd_us_85] => [X]
HKLM-x32\...\Run: [gmsd_us_100] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [gmsd_us_349] => [X]
HKLM-x32\...\Run: [PlayGem] => C:\Program Files (x86)\PlayGem\PlayGem.exe [3195904 2015-06-03] (PlayGem)
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [popup] => "C:\windows\System32\MyTrayApp.exe"
HKLM-x32\...\Run: [TrailerTime] => C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe [49475088 2015-12-16] ()
HKLM-x32\...\Run: [gmsd_us_005010219] => C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe [3955888 2016-01-26] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat [164 2016-01-23] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Facebook Update] => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-23] (Facebook Inc.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-10-11] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [283648 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SearchModule] => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [391168 2015-12-01] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Winoneexe] => C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe [12288 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\MountPoints2: {ae32ec1a-535e-11e2-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
IFEO\sethc.exe: [Debugger] C:\Windows\System32\msconfig.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-17]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}: [NameServer] 104.197.191.4
ManualProxies:
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,&vp=ch&prd=set_ie
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> DefaultScope {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> OldSearch URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M31B147BA-977A-4994-A48D-0C90C7D61DDC&SearchSource=58&CUI=&UM=8&UP=SP36C2E74D-6022-4F05-B86C-FE828B025E6D&D=012316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {07217568-B3BA-4655-866E-9BDE000A7BE8} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {12739F39-9A8C-4A07-9DEE-9A9C4170F529} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=MC4A718D5-8355-475D-A0E3-0B42B994A080&SearchSource=58&CUI=&UM=8&UP=SP50EC8EA0-3617-4E14-AEAD-7384EDAD9240&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {B26DCD28-5C71-41A8-9267-16D15DE69EAE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev64.dll [2016-01-26] ()
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-01-23] (Microsoft Corporation)
BHO: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.x64.dll [2015-05-14] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.x64.dll [2015-05-06] ()
BHO: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.x64.dll [2015-05-14] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-26] (Microsoft Corporation)
BHO-x32: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev.dll [2016-01-26] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2015-10-02] (Checked List)
BHO-x32: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.dll [2015-05-14] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO-x32: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.dll [2015-05-06] ()
BHO-x32: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.dll [2015-05-14] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-2316278512-3877362351-3516534219-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2016-03-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2225152 2015-05-01] () [File not signed]
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [2297344 2015-05-01] () [File not signed]
R3 8F898A85-C4D3-441E-a6A4-8FF2923283FA; C:\Program Files\shopperz270120160220\Nurdaj.exe [291176 2016-01-26] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz270120160220\csrcc.exe [1497448 2016-01-26] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-13] (LeapFrog Enterprises, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 NetTcpHandler; C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 QUZNjUc; C:\ProgramData\hKafruOyr\QUZNjUc.exe [2931200 2015-10-23] (Valid Applications) [File not signed]
R2 qymumylo; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp [247808 2015-11-21] () [File not signed]
R2 rcores; C:\WINDOWS\rcore.exe [4686336 2014-12-29] () [File not signed]
R2 shopperz270120160220 Updater; C:\Program Files\shopperz270120160220\Icaorku.exe [159080 2016-01-26] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2447872 2016-01-24] (Search Module Ltd.) [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
R2 typikeni; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp [718336 2015-11-21] () [File not signed]
R2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [661192 2016-01-26] ()
R2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [661192 2016-01-26] ()
R2 WinNetSvc; C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () [File not signed]
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1739776 2015-10-15] (WWatcher)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R2 cybemove; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs [X]
S2 Lewry; "C:\Users\Liyah241\AppData\Roaming\BejmaDua\Zegbarvh.exe" -cms [X]
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S2 zigipyro; C:\Users\Liyah241\AppData\Local\02459A70-1453552013-D265-7A86-42E8B3913FF8\qnsbFBBF.tmp [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-02-08] (Symantec Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-01-26] ()
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2016-01-26] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-24] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSvia64.sys [513184 2013-04-19] (Symantec Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\ENG64.SYS [126192 2013-02-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\EX64.SYS [2087664 2013-02-24] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-12-30] (Realtek Semiconductor Corp.)
R3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23208 2016-03-22] (Corporation) [File not signed]
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [43776 2016-01-24] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {22b230b8-6e08-4687-afa6-31e3b13fe333}w64; C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys [48784 2015-01-21] (StdLib)
R1 {2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64; C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys [48784 2015-12-17] (StdLib)
R1 {2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64; C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys [48784 2015-03-22] (StdLib)
R1 {59074063-010c-49cd-9e33-7f8e3a63291d}w64; C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys [48784 2015-01-14] (StdLib)
R1 {6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64; C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys [48784 2015-01-26] (StdLib)
R1 {7076b5a4-952b-427a-a724-78a34643efb0}w64; C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys [48784 2015-01-11] (StdLib)
R1 {8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64; C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys [48744 2016-01-26] (StdLib)
R1 {f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64; C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys [48784 2015-01-15] (StdLib)
R1 {f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64; C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys [48784 2015-10-23] (StdLib)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-22 19:38 - 2016-03-22 19:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 19:38 - 2016-03-22 19:38 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 19:37 - 2016-03-22 20:48 - 00000000 ____D C:\FRST
2016-03-22 18:56 - 2016-03-22 19:34 - 00003740 _____ C:\WINDOWS\System32\Tasks\SecurityApps2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-22 20:55 - 2015-10-23 15:40 - 00000482 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job
2016-03-22 20:43 - 2015-10-23 15:38 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-03-22 20:24 - 2013-11-29 20:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-22 19:50 - 2015-10-23 15:47 - 00003266 _____ C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2016-03-22 19:49 - 2015-10-23 15:47 - 00003260 _____ C:\WINDOWS\System32\Tasks\Super Optimizer Schedule
2016-03-22 19:42 - 2013-12-09 00:58 - 00006424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 19:33 - 2015-10-23 15:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-22 19:33 - 2013-02-24 22:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2316278512-3877362351-3516534219-1005
2016-03-22 19:30 - 2016-01-23 13:49 - 00000000 ____D C:\Users\Liyah241\AppData\Local\TrailerTime
2016-03-22 19:30 - 2013-07-23 19:25 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job
2016-03-22 19:30 - 2013-07-23 19:25 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job
2016-03-22 19:30 - 2013-02-28 22:22 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\Skype
2016-03-22 19:29 - 2016-01-26 22:18 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-03-22 19:29 - 2015-12-17 21:52 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\SmartWeb
2016-03-22 19:28 - 2016-01-26 20:48 - 00000296 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-03-22 19:28 - 2015-10-23 15:37 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-03-22 19:28 - 2015-03-24 18:09 - 00001714 _____ C:\WINDOWS\Tasks\NVDVJDI.job
2016-03-22 19:28 - 2015-03-24 17:58 - 00001714 _____ C:\WINDOWS\Tasks\QXEBESK.job
2016-03-22 19:27 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-22 19:09 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 19:06 - 2015-10-23 16:06 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\RunDir
2016-03-22 19:03 - 2015-05-01 05:25 - 00000814 _____ C:\Users\Liyah241\AppData\Local\Temp-log.txt
2016-03-22 19:02 - 2016-01-23 13:18 - 00000000 ____D C:\ProgramData\DataFile
2016-03-22 07:34 - 2013-12-09 01:10 - 00000000 ____D C:\Users\Liyah241
2016-03-22 07:26 - 2016-01-23 13:23 - 00000000 ____D C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
2016-03-22 07:24 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-22 07:21 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
==================== Files in the root of some directories =======
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\NVDVJDI
2015-03-24 18:09 - 2015-03-24 18:09 - 1856000 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe
2015-01-01 20:41 - 2015-01-01 20:41 - 2052584 _____ (CinPlus2.6dV01.01) C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\QXEBESK
2015-03-24 17:58 - 2015-03-24 17:58 - 1933824 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe
2015-05-01 05:25 - 2016-03-22 19:03 - 0000814 _____ () C:\Users\Liyah241\AppData\Local\Temp-log.txt
Some files in TEMP:
====================
C:\Users\Liyah241\AppData\Local\Temp\2259.exe
C:\Users\Liyah241\AppData\Local\Temp\2472.exe
C:\Users\Liyah241\AppData\Local\Temp\4A0F.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\amisetup4390__15940.exe
C:\Users\Liyah241\AppData\Local\Temp\avg98A6.exe
C:\Users\Liyah241\AppData\Local\Temp\B531.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\B6A4.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\BD4DDBED-CB6C-C649-3219-F72671E8B9EA.exe
C:\Users\Liyah241\AppData\Local\Temp\c5w.exe
C:\Users\Liyah241\AppData\Local\Temp\cfcabfibcdg.exe
C:\Users\Liyah241\AppData\Local\Temp\CloudBackup3491.exe
C:\Users\Liyah241\AppData\Local\Temp\compete.exe
C:\Users\Liyah241\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Liyah241\AppData\Local\Temp\E1F5AFB4-6549-6E57-8478-36ABD8319C78.dll
C:\Users\Liyah241\AppData\Local\Temp\E1F5AFB4-6549-6E57-8478-36ABD8319C78.exe
C:\Users\Liyah241\AppData\Local\Temp\Extract.exe
C:\Users\Liyah241\AppData\Local\Temp\hib68A7.exe
C:\Users\Liyah241\AppData\Local\Temp\hib9A33.exe
C:\Users\Liyah241\AppData\Local\Temp\ICReinstall_4A0F.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\Launcher__10046.exe
C:\Users\Liyah241\AppData\Local\Temp\Launcher__10979.exe
C:\Users\Liyah241\AppData\Local\Temp\oprun11702.exe
C:\Users\Liyah241\AppData\Local\Temp\optprosetup.exe
C:\Users\Liyah241\AppData\Local\Temp\setacl.exe
C:\Users\Liyah241\AppData\Local\Temp\setupA9_.exe
C:\Users\Liyah241\AppData\Local\Temp\SetupCheck_43613.exe
C:\Users\Liyah241\AppData\Local\Temp\Setup_204756.exe
C:\Users\Liyah241\AppData\Local\Temp\Setup_22425.exe
C:\Users\Liyah241\AppData\Local\Temp\Setup_4470.exe
C:\Users\Liyah241\AppData\Local\Temp\setup_517.exe
C:\Users\Liyah241\AppData\Local\Temp\SP63599.exe
C:\Users\Liyah241\AppData\Local\Temp\SP63752.exe
C:\Users\Liyah241\AppData\Local\Temp\sp64126.exe
C:\Users\Liyah241\AppData\Local\Temp\SP64444.exe
C:\Users\Liyah241\AppData\Local\Temp\SP65428.exe
C:\Users\Liyah241\AppData\Local\Temp\SP65793.exe
C:\Users\Liyah241\AppData\Local\Temp\supoptsetup.exe
C:\Users\Liyah241\AppData\Local\Temp\tu17p84.exe
C:\Users\Liyah241\AppData\Local\Temp\Uninstall.exe
C:\Users\Liyah241\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Liyah241\AppData\Local\Temp\Validate.exe
C:\Users\Liyah241\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Liyah241\AppData\Local\Temp\Zzoooomit_uninstall.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2014-10-29 15:28] - [2014-10-29 15:28] - 0655360 ____A (Microsoft Corporation) 6C3F642285D54A1DDDBF7F6A40DC7544
C:\WINDOWS\SysWOW64\dnsapi.dll
[2014-10-29 15:28] - [2014-10-29 15:28] - 0494592 ____A (Microsoft Corporation) ED11721103CE93DF7C3D8D171476A29F
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-23 16:16
==================== End of FRST.txt ============================
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-22 20:55:56)
Running from F:\
Windows 8.1 (X64) (2013-12-09 08:34:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AAliyah (S-1-5-21-2316278512-3877362351-3516534219-1002 - Administrator - Enabled) => C:\Users\AAliyah
aavar_000 (S-1-5-21-2316278512-3877362351-3516534219-1003 - Administrator - Enabled) => C:\Users\aavar_000
Administrator (S-1-5-21-2316278512-3877362351-3516534219-500 - Administrator - Disabled)
Amanda (S-1-5-21-2316278512-3877362351-3516534219-1008 - Limited - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2316278512-3877362351-3516534219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2316278512-3877362351-3516534219-1007 - Limited - Enabled)
Liyah241 (S-1-5-21-2316278512-3877362351-3516534219-1005 - Administrator - Enabled) => C:\Users\Liyah241
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BBUyofast (HKLM-x32\...\{78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}) (Version: - "") <==== ATTENTION
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserAir (HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\BrowserAir) (Version: 47.0.0.3 - BrowserAir) <==== ATTENTION
BugDigger (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - "") <==== ATTENTION
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Checked List (HKLM\...\Checked List) (Version: 2015.10.23.210953 - Checked List) <==== ATTENTION
cheuap4alll (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version: - "") <==== ATTENTION
Chrome Voice Control (HKLM-x32\...\{E0D1F60C-E9D9-15B6-AAE9-066CD1EC25A2}) (Version: - "") <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ClickFOrSalee (HKLM-x32\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version: - "") <==== ATTENTION
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Software Service Inc.) <==== ATTENTION
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deAlo4REaL (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version: - "")
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Easyttosshhop (HKLM-x32\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version: - "") <==== ATTENTION
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Facebook Messenger Platinum (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version: - "")
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FinanceAlert (HKLM-x32\...\FinanceAlert) (Version: 3.0.86 - Valid Applications)
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Follow Extension (HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\{8508703C-F15E-D46B-6BAF-81CC435EA27C}) (Version: 1.0.1 - Experience Video corp) <==== ATTENTION
G Picture EXIF Viewer (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version: - "")
GamesDesktop 025.005010219 (HKLM-x32\...\gmsd_us_005010219_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Idle Crawler (HKLM-x32\...\32D03B26-CC1A-3941-B96F-FC1849C67FC0) (Version: 166.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION
IncrementInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{580a4029}) (Version: - Software Publisher) <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
jogotempo 3.4 (HKLM-x32\...\jogotempo) (Version: 3.4 - DN) <==== ATTENTION
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.1.18456 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Memory Key Detect (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Memory Key Detect) <==== ATTENTION
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Note-up (HKLM-x32\...\Note-up) (Version: - Note-up)
Note-UP (HKLM-x32\...\NUIns) (Version: - QUAHOG LIMITED)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
One10_PC_Cleaner (HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\One10_PC_Cleaner) (Version: v1.1 - Zeast_PC_Optimiser)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Orion File Recovery Software (HKLM-x32\...\Orion) (Version: - NCH Software)
PC Optimizer (HKLM-x32\...\{D2CB3C4E-701F-4277-B7B1-1708AE9364BF}) (Version: 1.0.0 - PC Optimizer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinner for Pinterest (HKLM-x32\...\{144AC25F-D7A7-B233-BFB8-433771ECB92D}) (Version: - "") <==== ATTENTION
PlayGem 1.0 (HKLM-x32\...\PlayGem) (Version: 1.0 - PlayGem)
Plurk Smile (HKLM-x32\...\{450F78BE-2B5E-C81D-0656-897759985405}) (Version: - "") <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PrincueCooupon (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version: - "") <==== ATTENTION
QQuicckshuoP (HKLM-x32\...\{D8A764DD-3FBA-FBBD-FFC8-90B4AE9B19B8}) (Version: - "") <==== ATTENTION
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QueennCOuPoN (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version: - "") <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SaverAddeOn (HKLM-x32\...\{10A0E600-D246-BD63-F465-4C849C688998}) (Version: - SaverAddon) <==== ATTENTION
Search Module 2.5.0.12 (HKLM-x32\...\Search Module_is1) (Version: 2.5.0.12 - ) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.300.22 - Client Connect LTD) <==== ATTENTION
SearchModule (HKLM-x32\...\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1) (Version: 2.8.9.113 - Goobzo LTD) <==== ATTENTION
shopperz (HKLM-x32\...\{6588DBC2-2540-4371-8234-EC5E120B01C3}) (Version: 2.0.0.480 - shopperz) <==== ATTENTION
shoppilation (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - shoppilation) <==== ATTENTION
Simple Media 1.0 (HKLM-x32\...\Simple Media) (Version: 1.0 - Simple Media)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ATTENTION
SpaceSoundPro Service (HKLM-x32\...\zz.12311.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
SpaceSoundPro Service (HKLM-x32\...\zz.5595.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
SushiLeads (HKLM-x32\...\sushileads) (Version: 2.6.0.0 - SushiLeads)
SustainerPlus (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6135ae48}) (Version: - Software Publisher) <==== ATTENTION
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.1.0.0 - SystemHealer)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
topbuyerr (HKLM-x32\...\{FE139F4C-CE5B-121A-8A2D-191FA2226094}) (Version: - "") <==== ATTENTION
TrailerTime - TrailerTime for Desktop (HKLM-x32\...\TrailerTime) (Version: 5.1.6cm - TrailerTime)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version: - LeapFrog)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
W3Schools Hider (HKLM-x32\...\{6E3B2E00-8ADC-98BD-428C-13CEC2925F29}) (Version: - "") <==== ATTENTION
Weather Wizard 1.0 (HKLM-x32\...\Weather Wizard) (Version: 1.0 - weatther wizard)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinWiki (HKLM-x32\...\WebWatcherInstall) (Version: - )
WinWiki (HKLM-x32\...\WinWiki) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zzoooomit (HKLM-x32\...\ZoomWebLists) (Version: - ZoomWebLists)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FA68CB1-F70F-497D-A7EA-70CCFD049024} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11F9950B-E7C0-4EDB-BC20-9B4F10657E5F} - System32\Tasks\NVDVJDI => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {1565E572-5707-4574-A166-82304ACDF0DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {19DBB75F-F185-4BE8-B5B7-26D953F04CDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1ED05F36-703D-4F12-9CC1-E75BB2289821} - System32\Tasks\DNSBRIDGEPORT => C:\Program Files (x86)\DNS Unlocker\dnsbridgeport.exe [2015-11-04] () <==== ATTENTION
Task: {26837C61-9A95-449B-A03B-97C86E539D6B} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {272E4711-0CE2-4CA7-9882-F36D01E5EB00} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {295B5A7E-4BE6-4DD3-B610-32933E1C64ED} - System32\Tasks\Runner for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {2CF78AB4-9F3C-4452-844E-D7520FE94AA2} - System32\Tasks\impo => C:\Windows\bs1.exe [2015-08-07] ()
Task: {320B8E21-9640-4748-B7EE-BD572F65FCAF} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe [2015-12-06] (Microsoft) <==== ATTENTION
Task: {43F28202-2529-47C8-80FD-A720B57BBD09} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {454644C7-933F-42B3-BFD9-A3DB8BD5274E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {4813F88F-ABA2-4467-B7B0-EBC483988773} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4F4922F9-801E-4DE8-8C5A-3CD868EA6CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-05-05] (Hewlett-Packard)
Task: {4FBADFDA-B9BA-4AAB-B9A4-B760FD138308} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51F80982-67AA-4214-BBB6-45FF6922D521} - System32\Tasks\Systemhi => C:\Windows\SysInfo.exe [2016-01-23] ()
Task: {56A7D303-FA5B-41F8-B35B-FFFF291BC163} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {57C7B5B6-414E-4DC8-B2B8-5C0D4EE33449} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {5A1B0BCE-2EFA-48B5-A163-08A6CFE62604} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5CCCE2F9-6773-422E-B35B-B842E8F3AA34} - System32\Tasks\Mudgin => C:\Program Files\shopperz270120160220\Pyhbo.bat [2016-01-26] () <==== ATTENTION
Task: {612A3083-C806-46DF-B39F-E21B9C91848A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {68A44B4E-300D-488E-A886-0FF1B2516BB8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {6BA988DD-0C5B-4C24-AA05-34B3DFE76619} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updatehelper.exe [2016-01-24] () <==== ATTENTION
Task: {6CCAF12A-CB64-4984-B398-44977B9FFF36} - System32\Tasks\Follow Extension => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll",#1 <==== ATTENTION
Task: {6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6D15F10C-3D66-4366-8BFE-38BBB3D2D841} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {6D236BA3-35AE-47D9-926D-1D6B18D9AFAA} - System32\Tasks\import => C:\Windows\Mint.exe [2015-12-24] (Microsoft)
Task: {6F37D558-1769-40F2-9B44-CCD4BF31EE96} - System32\Tasks\win => C:\Windows\win.exe
Task: {732CAE4E-D1C9-4537-8230-B3B263B6F120} - System32\Tasks\bvxvbxxvaa => C:\Users\Liyah241\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe [2016-01-14] () <==== ATTENTION
Task: {75BFCBC2-3C41-471B-AC93-99A7291EB17D} - System32\Tasks\IBUpd => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {77E2BEB9-0430-4A88-BCDB-D174072DB76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {790B0F82-FBF7-4A65-87FB-48A8B5719AE7} - System32\Tasks\QXEBESK => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {805BE1B9-C515-4804-82CE-79F282314AFC} - System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8277B1D0-5859-4939-B659-0B55517F6AAF} - System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: {8B6732DD-5A8B-4C92-859B-1D6A32F67ED2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-17] ()
Task: {8FD38911-4C73-437D-B5E3-FC9008166069} - System32\Tasks\IBUpd2 => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {92FC8ABE-4409-4EEA-82D2-FC89A5C0669C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {97884243-269F-4FF1-8971-B74350DE530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {98532C13-55F6-4DA8-AF76-A624A333BFEA} - System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMA (the data entry has 7520 more characters).
Task: {A08391D7-A1C3-446A-BA04-FEEB678698A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-26] (Microsoft Corporation)
Task: {A88DE84D-2355-4692-B7A7-0E6F1F3619C4} - System32\Tasks\RSPro => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [2015-12-01] () <==== ATTENTION
Task: {AB673388-6C32-46B6-BC8A-4C4C07820CD6} - System32\Tasks\YFPFTQOXE => C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe [2015-03-23] () <==== ATTENTION
Task: {ACE2EFD5-6E21-4DDA-8A8B-C4DEA67F7FC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {B2F8936D-EB49-420D-A0BD-60A8BC86C796} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-17] ()
Task: {B3EFC9BB-E9AD-4A41-9C24-653A4A377256} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {B6651D93-7630-4794-9B30-92DB1EF2D422} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {BCD1DD1A-1331-4187-B4B8-4F3D55F84D64} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {BEE85776-F774-4BDF-A094-A03253C81B95} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {C9B6A09B-47FA-4321-A384-73A5CD7DA441} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2016-01-10] ()
Task: {CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC} - System32\Tasks\Googleuptodate => C:\Windows\Wimboldon.exe [2015-12-24] (Microsoft) <==== ATTENTION
Task: {D2B88BE8-AB29-44BB-95EB-EF2A8CFDA298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {D33187A9-BA8C-4544-94E7-D2F21BDA6EC9} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe <==== ATTENTION
Task: {D9077C6D-1581-4391-90F3-6803A9E67B89} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {E2B92397-DCDE-4E70-B627-70306F7E7807} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {E72D99D0-8495-46D9-A54F-115AE55ABD94} - System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => pcalua.exe -a "C:\Program Files\WajaWebEnhancer\WWE_uninstall.exe"
Task: {EA241A42-EC85-4779-8BAC-585A6F9D08FC} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {ED0320A2-FD63-45A8-9CAC-A641B5B23FED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE4BF2FC-5016-49E2-9DF8-D253AFA1338A} - System32\Tasks\Optscan => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe [2014-10-23] () <==== ATTENTION
Task: {F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43} - System32\Tasks\Follow Extension2 => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll",#1 <==== ATTENTION
Task: {F3A1CB2A-B15E-4981-9C73-A65E24CFB758} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {F7AC100A-2518-4999-9E56-F5D0836B61E2} - System32\Tasks\Lanwifi => C:\Windows\amdave64Win.exe [2016-01-23] ()
Task: {F951DD44-C111-4DE3-AE28-5431AF203BEF} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {FB8A7251-4D78-4055-82E3-BA05A0D18C27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FDB6B95A-0EE1-42AD-9292-CB4D1C79B024} - System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\NVDVJDI.job => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Optscan.job => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QXEBESK.job => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
==================== Loaded Modules (Whitelisted) ==============
2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-15 20:03 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-11-21 14:08 - 2015-11-21 14:08 - 00537600 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs
2015-10-23 16:06 - 2015-07-08 18:26 - 00173088 _____ () C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe
2015-11-21 15:39 - 2015-11-21 15:39 - 00247808 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp
2015-01-01 20:40 - 2014-12-29 08:13 - 04686336 _____ () C:\WINDOWS\rcore.exe
2016-01-26 17:22 - 2016-01-26 22:18 - 00159080 _____ () C:\Program Files\shopperz270120160220\Icaorku.exe
2015-10-11 07:41 - 2015-10-11 07:41 - 00010240 _____ () C:\Program Files (x86)\sushileads\NpUpdaterService.exe
2015-10-11 07:41 - 2015-10-11 07:41 - 00006144 _____ () C:\Program Files (x86)\sushileads\AppResources.dll
2015-11-21 15:39 - 2015-11-21 15:39 - 00718336 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp
2015-10-23 16:07 - 2016-01-26 21:47 - 00661192 _____ () C:\Program Files (x86)\Checked List\updateCheckedList.exe
2015-10-23 13:16 - 2016-01-26 21:46 - 00661192 _____ () C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe
2015-12-17 22:02 - 2015-12-16 02:21 - 04845408 _____ () C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe
2016-01-23 12:46 - 2016-01-23 12:46 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-26 17:23 - 2016-01-26 22:18 - 00329576 _____ () C:\Program Files\shopperz270120160220\Cayrie64.DLL
2016-01-26 22:18 - 2015-12-01 12:35 - 00391168 _____ () C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe
2016-01-10 07:53 - 2016-01-10 07:53 - 01043456 _____ () C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe
2015-10-23 15:41 - 2015-07-31 11:33 - 00893072 _____ () C:\Program Files (x86)\Optimizer Pro 3.99\OptProReminder.exe
2015-10-23 15:53 - 2013-06-26 16:16 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2015-10-11 07:41 - 2015-10-11 07:41 - 00381440 _____ () C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
2016-01-26 22:20 - 2016-01-26 22:20 - 00012288 _____ () C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe
2015-12-02 10:08 - 2015-12-02 10:08 - 01197088 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2015-12-16 00:03 - 2015-12-16 00:03 - 49475088 _____ () C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
2016-01-26 21:39 - 2016-01-26 04:48 - 03955888 _____ () C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe
2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-01-26 17:22 - 2016-01-26 22:18 - 00291176 _____ () C:\Program Files\shopperz270120160220\Nurdaj.exe
2016-01-26 17:23 - 2016-01-26 22:18 - 00435560 _____ () C:\Program Files\shopperz270120160220\Duahmi.exe
2016-01-26 17:23 - 2016-01-26 22:18 - 00467304 _____ () C:\Program Files\shopperz270120160220\Duahmi64.exe
2016-01-26 17:22 - 2016-01-26 22:18 - 01497448 _____ () C:\Program Files\shopperz270120160220\csrcc.exe
2015-11-21 15:38 - 2016-01-24 00:04 - 00608379 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\vnso6545.tmp
2015-05-01 05:19 - 2015-05-01 05:19 - 02225152 _____ () c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll
2015-05-01 05:20 - 2015-05-01 05:20 - 02297344 _____ () c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-17 22:02 - 2015-11-28 02:45 - 00083456 _____ () C:\Users\Liyah241\AppData\Roaming\WinNetSvc\Interface.dll
2012-12-31 06:42 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-12-17 21:50 - 2015-12-17 21:50 - 00012800 _____ () C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll
2015-12-17 21:50 - 2015-12-17 21:50 - 00011264 _____ () C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\{AD241CE3-1DF4-FADD-DFF8-AC358D9A8116}.dat
2015-12-17 21:50 - 2015-12-17 21:50 - 00028160 _____ () C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll
2014-12-15 20:01 - 2012-05-29 23:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2016-01-26 17:23 - 2016-01-26 22:18 - 00292200 _____ () C:\Program Files\shopperz270120160220\Cayrie.DLL
2016-03-22 19:58 - 2016-03-22 19:58 - 00011264 _____ () C:\Users\Liyah241\AppData\Local\Temp\nsy7F8B.tmp\System.dll
2016-03-22 19:58 - 2016-03-22 19:58 - 00117248 _____ () C:\Users\Liyah241\AppData\Local\Temp\nsy7F8B.tmp\IpConfig.dll
2015-10-11 07:41 - 2015-10-11 07:41 - 00005632 _____ () C:\Program Files (x86)\sushileads\ScheduledTask.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0922-f039-11e5-be95-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0923-f039-11e5-be95-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0924-f039-11e5-be95-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0925-f039-11e5-be95-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6903347f-c4b0-11e5-be93-d89d677bbb11} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{69033480-c4b0-11e5-be93-d89d677bbb11} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7dd-f098-11e5-be98-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7de-f098-11e5-be98-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7df-f098-11e5-be98-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7e0-f098-11e5-be98-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b2-f09e-11e5-be99-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b3-f09e-11e5-be99-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b4-f09e-11e5-be99-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b7-f09e-11e5-be99-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{ce0bbe85-c4b6-11e5-be94-d89d677bbb11} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{ce0bbe86-c4b6-11e5-be94-d89d677bbb11} [31]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2015-11-21 15:35 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2316278512-3877362351-3516534219-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2316278512-3877362351-3516534219-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{04921156-F5CA-4A7E-AFB8-8ACD58D19EC6}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{45BCB7BF-0DC1-4772-81AC-D7A86D9CAB1D}] => (Allow) C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D7273131-9ED7-4132-AF18-A96F12591EA5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0FD2F110-1AB1-4A6E-848B-3B9B2C9E552D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{B64AFBC1-7E46-4B02-B864-1AA01B059FB2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5398BA8E-38D5-418B-8783-5CD7E2ED7FDD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1FE7B777-457D-4238-9360-A1F31F44F1D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DDFAEC5F-470C-4E5F-A155-16A0989F8319}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1B03AE4-837B-4190-A2FF-D27826303C73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42EE0529-A343-4AF0-8986-073C3B248A4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05EF2D9E-8D75-40F2-B052-2865B1DC0D14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D58582AF-22E5-4C02-B344-27C8199D947D}] => (Allow) LPort=1900
FirewallRules: [{5BD7BD99-EDCD-4755-AAEF-AB70F3F31B7C}] => (Allow) LPort=2869
FirewallRules: [{0758B42B-2DD6-4329-8DF8-FAECA7B668B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7ADDD6CF-165C-421A-A5E5-AD47E0C9840B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{C82D7AA4-08BB-4E3D-A408-82F01613DE89}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E121D7BA-7935-4DE3-A8F7-042ABDABF33A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{488A31B8-CB97-4F8A-B4D6-697D6A171764}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E740A7CC-6119-44AD-A924-5DB954A358D3}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{786F9F67-53ED-4E7B-B74A-C28A8BC0769F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{ADAFB897-C726-403E-A448-D32C1016B2EC}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{540021B5-F612-4C32-8512-4AFF485924CF}] => (Allow) C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe
==================== Restore Points =========================
17-03-2015 16:59:22 Windows Update
22-03-2015 12:30:00 Windows Modules Installer
22-03-2015 12:31:18 Windows Modules Installer
24-03-2015 18:13:09 HPSF Applying updates
30-04-2015 23:38:12 Windows Update
05-05-2015 16:23:03 Windows Update
23-10-2015 16:16:29 Windows Update
22-03-2016 18:59:30 Removed AllPCOptimizer.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/22/2016 08:51:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:46:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:41:04 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:31:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:21:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:11:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:01:10 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 08:00:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wimboldon.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 33ec
Start Time: 01d184af1d267270
Termination Time: 2105
Application Path: C:\Windows\Wimboldon.exe
Report Id: 59106e82-f0a3-11e5-be99-2016d8a9583c
Faulting package full name:
Faulting package-relative application ID:
Error: (03/22/2016 07:51:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
Error: (03/22/2016 07:46:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
System errors:
=============
Error: (03/22/2016 07:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Double Spaced Firewall service failed to start due to the following error:
%%2
Error: (03/22/2016 07:27:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PlumoWeb service failed to start due to the following error:
%%2
Error: (03/22/2016 07:27:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lewry service failed to start due to the following error:
%%2
Error: (03/22/2016 07:27:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error:
%%2
Error: (03/22/2016 07:27:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275
Error: (03/22/2016 07:16:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (03/22/2016 06:44:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Double Spaced Firewall service failed to start due to the following error:
%%2
Error: (03/22/2016 06:44:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PlumoWeb service failed to start due to the following error:
%%2
Error: (03/22/2016 06:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lewry service failed to start due to the following error:
%%2
Error: (03/22/2016 06:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error:
%%2
CodeIntegrity:
===================================
Date: 2015-10-23 16:06:30.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 16:04:37.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 16:02:19.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:59:33.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:58:57.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:58:13.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:58:11.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 3682.26 MB
Available physical RAM: 2058.8 MB
Total Virtual: 4322.26 MB
Available Virtual: 2351.99 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:273.59 GB) (Free:205.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.9 GB) (Free:14.87 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
. My name is Jr0x and I'll be helping you with your problem.
Sign In
Create Account
