Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop Full of Malware [Solved]

PC Optimizer Pro

  • This topic is locked This topic is locked

#1
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Member
  • PipPip
  • 56 posts

A friends laptop is is full of malware.  I ran Malwarebytes Anti-Malware and found over 3500 objects.  It did let me remove any of them.  I then ran FRST64.  It keeps briniging up PC Optimizer Pro multiple times.  It also brings up a fake BSOD.  Thank you in advance for your help.

 

FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Liyah241 (administrator) on DIVAS-PC (22-03-2016 20:48:35)
Running from F:\
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(ConsumerInput) C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp
() C:\Windows\rcore.exe
() C:\Program Files\shopperz270120160220\Icaorku.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\Program Files (x86)\sushileads\NpUpdaterService.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp
() C:\Program Files (x86)\Checked List\updateCheckedList.exe
() C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe
() C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe
(WWatcher) C:\Program Files (x86)\WinWiki\WWatcherProxy.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Valid Applications) C:\ProgramData\hKafruOyr\QUZNjUc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe
(IStealer updater) C:\Program Files (x86)\SpaceSondPro_v53.12311\SpaceSondPro_Service.exe
(IDealer updater) C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Space Sound Pro) C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
(Facebook Inc.) C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
() C:\Program Files (x86)\Optimizer Pro 3.99\OptProReminder.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
() C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
() C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe
() C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(SoftBrain Technologies Ltd.) C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebApp.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(TODO: <Company name>) C:\Program Files (x86)\Note-up\Note-up.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
() C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
() C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
() C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
() C:\Program Files\shopperz270120160220\Nurdaj.exe
() C:\Program Files\shopperz270120160220\Duahmi.exe
() C:\Program Files\shopperz270120160220\Duahmi64.exe
() C:\Program Files\shopperz270120160220\csrcc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\McUICnt.exe
() C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\vnso6545.tmp
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44032 2016-01-23] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-13] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [gmsd_us_51] => [X]
HKLM-x32\...\Run: [gmsd_us_85] => [X]
HKLM-x32\...\Run: [gmsd_us_100] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [gmsd_us_349] => [X]
HKLM-x32\...\Run: [PlayGem] => C:\Program Files (x86)\PlayGem\PlayGem.exe [3195904 2015-06-03] (PlayGem)
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [popup] => "C:\windows\System32\MyTrayApp.exe"
HKLM-x32\...\Run: [TrailerTime] => C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe [49475088 2015-12-16] ()
HKLM-x32\...\Run: [gmsd_us_005010219] => C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe [3955888 2016-01-26] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat [164 2016-01-23] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Facebook Update] => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-23] (Facebook Inc.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-10-11] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [283648 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SearchModule] => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [391168 2015-12-01] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Winoneexe] => C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe [12288 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\MountPoints2: {ae32ec1a-535e-11e2-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
IFEO\sethc.exe: [Debugger] C:\Windows\System32\msconfig.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-21]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-10-06]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-17]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}: [NameServer] 104.197.191.4
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,&vp=ch&prd=set_ie
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> DefaultScope {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> OldSearch URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M31B147BA-977A-4994-A48D-0C90C7D61DDC&SearchSource=58&CUI=&UM=8&UP=SP36C2E74D-6022-4F05-B86C-FE828B025E6D&D=012316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {07217568-B3BA-4655-866E-9BDE000A7BE8} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {12739F39-9A8C-4A07-9DEE-9A9C4170F529} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=MC4A718D5-8355-475D-A0E3-0B42B994A080&SearchSource=58&CUI=&UM=8&UP=SP50EC8EA0-3617-4E14-AEAD-7384EDAD9240&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {B26DCD28-5C71-41A8-9267-16D15DE69EAE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev64.dll [2016-01-26] ()
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-01-23] (Microsoft Corporation)
BHO: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.x64.dll [2015-05-14] ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.x64.dll [2015-05-06] ()
BHO: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.x64.dll [2015-05-14] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-26] (Microsoft Corporation)
BHO-x32: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev.dll [2016-01-26] ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2015-10-02] (Checked List)
BHO-x32: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.dll [2015-05-14] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO-x32: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.dll [2015-05-06] ()
BHO-x32: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.dll [2015-05-14] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-2316278512-3877362351-3516534219-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2016-03-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2225152 2015-05-01] () [File not signed]
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [2297344 2015-05-01] () [File not signed]
R3 8F898A85-C4D3-441E-a6A4-8FF2923283FA; C:\Program Files\shopperz270120160220\Nurdaj.exe [291176 2016-01-26] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz270120160220\csrcc.exe [1497448 2016-01-26] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-13] (LeapFrog Enterprises, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 NetTcpHandler; C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 QUZNjUc; C:\ProgramData\hKafruOyr\QUZNjUc.exe [2931200 2015-10-23] (Valid Applications) [File not signed]
R2 qymumylo; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp [247808 2015-11-21] () [File not signed]
R2 rcores; C:\WINDOWS\rcore.exe [4686336 2014-12-29] () [File not signed]
R2 shopperz270120160220 Updater; C:\Program Files\shopperz270120160220\Icaorku.exe [159080 2016-01-26] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2447872 2016-01-24] (Search Module Ltd.) [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
R2 typikeni; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp [718336 2015-11-21] () [File not signed]
R2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [661192 2016-01-26] ()
R2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [661192 2016-01-26] ()
R2 WinNetSvc; C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () [File not signed]
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1739776 2015-10-15] (WWatcher)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R2 cybemove; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs [X]
S2 Lewry; "C:\Users\Liyah241\AppData\Roaming\BejmaDua\Zegbarvh.exe" -cms [X]
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S2 zigipyro; C:\Users\Liyah241\AppData\Local\02459A70-1453552013-D265-7A86-42E8B3913FF8\qnsbFBBF.tmp [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-02-08] (Symantec Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-01-26] ()
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [56728 2016-01-26] (Windows ® Win 7 DDK provider)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-24] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSvia64.sys [513184 2013-04-19] (Symantec Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\ENG64.SYS [126192 2013-02-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\EX64.SYS [2087664 2013-02-24] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-12-30] (Realtek Semiconductor Corp.)
R3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23208 2016-03-22] (Corporation) [File not signed]
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [43776 2016-01-24] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {22b230b8-6e08-4687-afa6-31e3b13fe333}w64; C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys [48784 2015-01-21] (StdLib)
R1 {2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64; C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys [48784 2015-12-17] (StdLib)
R1 {2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64; C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys [48784 2015-03-22] (StdLib)
R1 {59074063-010c-49cd-9e33-7f8e3a63291d}w64; C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys [48784 2015-01-14] (StdLib)
R1 {6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64; C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys [48784 2015-01-26] (StdLib)
R1 {7076b5a4-952b-427a-a724-78a34643efb0}w64; C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys [48784 2015-01-11] (StdLib)
R1 {8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64; C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys [48744 2016-01-26] (StdLib)
R1 {f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64; C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys [48784 2015-01-15] (StdLib)
R1 {f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64; C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys [48784 2015-10-23] (StdLib)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-22 19:38 - 2016-03-22 19:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 19:38 - 2016-03-22 19:38 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 19:37 - 2016-03-22 20:48 - 00000000 ____D C:\FRST
2016-03-22 18:56 - 2016-03-22 19:34 - 00003740 _____ C:\WINDOWS\System32\Tasks\SecurityApps2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-22 20:55 - 2015-10-23 15:40 - 00000482 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job
2016-03-22 20:43 - 2015-10-23 15:38 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-03-22 20:24 - 2013-11-29 20:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-22 19:50 - 2015-10-23 15:47 - 00003266 _____ C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2016-03-22 19:49 - 2015-10-23 15:47 - 00003260 _____ C:\WINDOWS\System32\Tasks\Super Optimizer Schedule
2016-03-22 19:42 - 2013-12-09 00:58 - 00006424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 19:33 - 2015-10-23 15:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-22 19:33 - 2013-02-24 22:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2316278512-3877362351-3516534219-1005
2016-03-22 19:30 - 2016-01-23 13:49 - 00000000 ____D C:\Users\Liyah241\AppData\Local\TrailerTime
2016-03-22 19:30 - 2013-07-23 19:25 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job
2016-03-22 19:30 - 2013-07-23 19:25 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job
2016-03-22 19:30 - 2013-02-28 22:22 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\Skype
2016-03-22 19:29 - 2016-01-26 22:18 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-03-22 19:29 - 2015-12-17 21:52 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\SmartWeb
2016-03-22 19:28 - 2016-01-26 20:48 - 00000296 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-03-22 19:28 - 2015-10-23 15:37 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-03-22 19:28 - 2015-03-24 18:09 - 00001714 _____ C:\WINDOWS\Tasks\NVDVJDI.job
2016-03-22 19:28 - 2015-03-24 17:58 - 00001714 _____ C:\WINDOWS\Tasks\QXEBESK.job
2016-03-22 19:27 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-22 19:09 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 19:06 - 2015-10-23 16:06 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\RunDir
2016-03-22 19:03 - 2015-05-01 05:25 - 00000814 _____ C:\Users\Liyah241\AppData\Local\Temp-log.txt
2016-03-22 19:02 - 2016-01-23 13:18 - 00000000 ____D C:\ProgramData\DataFile
2016-03-22 07:34 - 2013-12-09 01:10 - 00000000 ____D C:\Users\Liyah241
2016-03-22 07:26 - 2016-01-23 13:23 - 00000000 ____D C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
2016-03-22 07:24 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-22 07:21 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
 
==================== Files in the root of some directories =======
 
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\NVDVJDI
2015-03-24 18:09 - 2015-03-24 18:09 - 1856000 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe
2015-01-01 20:41 - 2015-01-01 20:41 - 2052584 _____ (CinPlus2.6dV01.01) C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\QXEBESK
2015-03-24 17:58 - 2015-03-24 17:58 - 1933824 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe
2015-05-01 05:25 - 2016-03-22 19:03 - 0000814 _____ () C:\Users\Liyah241\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\Liyah241\AppData\Local\Temp\2259.exe
C:\Users\Liyah241\AppData\Local\Temp\2472.exe
C:\Users\Liyah241\AppData\Local\Temp\4A0F.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\amisetup4390__15940.exe
C:\Users\Liyah241\AppData\Local\Temp\avg98A6.exe
C:\Users\Liyah241\AppData\Local\Temp\B531.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\B6A4.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\BD4DDBED-CB6C-C649-3219-F72671E8B9EA.exe
C:\Users\Liyah241\AppData\Local\Temp\c5w.exe
C:\Users\Liyah241\AppData\Local\Temp\cfcabfibcdg.exe
C:\Users\Liyah241\AppData\Local\Temp\CloudBackup3491.exe
C:\Users\Liyah241\AppData\Local\Temp\compete.exe
C:\Users\Liyah241\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Liyah241\AppData\Local\Temp\E1F5AFB4-6549-6E57-8478-36ABD8319C78.dll
C:\Users\Liyah241\AppData\Local\Temp\E1F5AFB4-6549-6E57-8478-36ABD8319C78.exe
C:\Users\Liyah241\AppData\Local\Temp\Extract.exe
C:\Users\Liyah241\AppData\Local\Temp\hib68A7.exe
C:\Users\Liyah241\AppData\Local\Temp\hib9A33.exe
C:\Users\Liyah241\AppData\Local\Temp\ICReinstall_4A0F.tmp.exe
C:\Users\Liyah241\AppData\Local\Temp\Launcher__10046.exe
C:\Users\Liyah241\AppData\Local\Temp\Launcher__10979.exe
C:\Users\Liyah241\AppData\Local\Temp\oprun11702.exe
C:\Users\Liyah241\AppData\Local\Temp\optprosetup.exe
C:\Users\Liyah241\AppData\Local\Temp\setacl.exe
C:\Users\Liyah241\AppData\Local\Temp\setupA9_.exe
C:\Users\Liyah241\AppData\Local\Temp\SetupCheck_43613.exe
C:\Users\Liyah241\AppData\Local\Temp\Setup_204756.exe
C:\Users\Liyah241\AppData\Local\Temp\Setup_22425.exe
C:\Users\Liyah241\AppData\Local\Temp\Setup_4470.exe
C:\Users\Liyah241\AppData\Local\Temp\setup_517.exe
C:\Users\Liyah241\AppData\Local\Temp\SP63599.exe
C:\Users\Liyah241\AppData\Local\Temp\SP63752.exe
C:\Users\Liyah241\AppData\Local\Temp\sp64126.exe
C:\Users\Liyah241\AppData\Local\Temp\SP64444.exe
C:\Users\Liyah241\AppData\Local\Temp\SP65428.exe
C:\Users\Liyah241\AppData\Local\Temp\SP65793.exe
C:\Users\Liyah241\AppData\Local\Temp\supoptsetup.exe
C:\Users\Liyah241\AppData\Local\Temp\tu17p84.exe
C:\Users\Liyah241\AppData\Local\Temp\Uninstall.exe
C:\Users\Liyah241\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Liyah241\AppData\Local\Temp\Validate.exe
C:\Users\Liyah241\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Liyah241\AppData\Local\Temp\Zzoooomit_uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2014-10-29 15:28] - [2014-10-29 15:28] - 0655360 ____A (Microsoft Corporation) 6C3F642285D54A1DDDBF7F6A40DC7544
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2014-10-29 15:28] - [2014-10-29 15:28] - 0494592 ____A (Microsoft Corporation) ED11721103CE93DF7C3D8D171476A29F
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-23 16:16
 
==================== End of FRST.txt ============================
 
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-22 20:55:56)
Running from F:\
Windows 8.1 (X64) (2013-12-09 08:34:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
AAliyah (S-1-5-21-2316278512-3877362351-3516534219-1002 - Administrator - Enabled) => C:\Users\AAliyah
aavar_000 (S-1-5-21-2316278512-3877362351-3516534219-1003 - Administrator - Enabled) => C:\Users\aavar_000
Administrator (S-1-5-21-2316278512-3877362351-3516534219-500 - Administrator - Disabled)
Amanda (S-1-5-21-2316278512-3877362351-3516534219-1008 - Limited - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2316278512-3877362351-3516534219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2316278512-3877362351-3516534219-1007 - Limited - Enabled)
Liyah241 (S-1-5-21-2316278512-3877362351-3516534219-1005 - Administrator - Enabled) => C:\Users\Liyah241
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BBUyofast (HKLM-x32\...\{78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}) (Version:  - "") <==== ATTENTION
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserAir (HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\BrowserAir) (Version: 47.0.0.3 - BrowserAir) <==== ATTENTION
BugDigger (HKLM-x32\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version:  - "") <==== ATTENTION
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Checked List (HKLM\...\Checked List) (Version: 2015.10.23.210953 - Checked List) <==== ATTENTION
cheuap4alll (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version:  - "") <==== ATTENTION
Chrome Voice Control (HKLM-x32\...\{E0D1F60C-E9D9-15B6-AAE9-066CD1EC25A2}) (Version:  - "") <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ClickFOrSalee (HKLM-x32\...\{6C998B44-82D8-CC7E-D847-4CD73036412A}) (Version:  - "") <==== ATTENTION
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Software Service Inc.) <==== ATTENTION
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.) <==== ATTENTION
Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deAlo4REaL (HKLM-x32\...\{2FA77785-00C3-A920-6452-D4FE5C9C129F}) (Version:  - "")
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Easyttosshhop (HKLM-x32\...\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}) (Version:  - "") <==== ATTENTION
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Facebook Messenger Platinum (HKLM-x32\...\{40DC4B27-4588-C56F-7737-D03A0ACE4383}) (Version:  - "")
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FinanceAlert (HKLM-x32\...\FinanceAlert) (Version: 3.0.86 - Valid Applications)
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Follow Extension (HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\{8508703C-F15E-D46B-6BAF-81CC435EA27C}) (Version: 1.0.1 - Experience Video corp) <==== ATTENTION
G Picture EXIF Viewer (HKLM-x32\...\{8B114619-78B7-1CFF-55EF-74266954F883}) (Version:  - "")
GamesDesktop 025.005010219 (HKLM-x32\...\gmsd_us_005010219_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Idle Crawler (HKLM-x32\...\32D03B26-CC1A-3941-B96F-FC1849C67FC0) (Version: 166.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION
IncrementInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{580a4029}) (Version:  - Software Publisher) <==== ATTENTION
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
jogotempo 3.4 (HKLM-x32\...\jogotempo) (Version: 3.4 - DN) <==== ATTENTION
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.1.18456 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Memory Key Detect (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Memory Key Detect) <==== ATTENTION
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Note-up (HKLM-x32\...\Note-up) (Version:  - Note-up)
Note-UP (HKLM-x32\...\NUIns) (Version:  - QUAHOG LIMITED)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
One10_PC_Cleaner (HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\One10_PC_Cleaner) (Version: v1.1 - Zeast_PC_Optimiser)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Orion File Recovery Software (HKLM-x32\...\Orion) (Version:  - NCH Software)
PC Optimizer (HKLM-x32\...\{D2CB3C4E-701F-4277-B7B1-1708AE9364BF}) (Version: 1.0.0 - PC Optimizer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinner for Pinterest (HKLM-x32\...\{144AC25F-D7A7-B233-BFB8-433771ECB92D}) (Version:  - "") <==== ATTENTION
PlayGem 1.0 (HKLM-x32\...\PlayGem) (Version: 1.0 - PlayGem)
Plurk Smile (HKLM-x32\...\{450F78BE-2B5E-C81D-0656-897759985405}) (Version:  - "") <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PrincueCooupon (HKLM-x32\...\{D86C82B0-1F02-816A-5F3D-6466F6A67566}) (Version:  - "") <==== ATTENTION
QQuicckshuoP (HKLM-x32\...\{D8A764DD-3FBA-FBBD-FFC8-90B4AE9B19B8}) (Version:  - "") <==== ATTENTION
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QueennCOuPoN (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version:  - "") <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
SaverAddeOn (HKLM-x32\...\{10A0E600-D246-BD63-F465-4C849C688998}) (Version:  - SaverAddon) <==== ATTENTION
Search Module 2.5.0.12 (HKLM-x32\...\Search Module_is1) (Version: 2.5.0.12 - ) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.300.22 - Client Connect LTD) <==== ATTENTION
SearchModule (HKLM-x32\...\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1) (Version: 2.8.9.113 - Goobzo LTD) <==== ATTENTION
shopperz (HKLM-x32\...\{6588DBC2-2540-4371-8234-EC5E120B01C3}) (Version: 2.0.0.480 - shopperz) <==== ATTENTION
shoppilation (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - shoppilation) <==== ATTENTION
Simple Media 1.0 (HKLM-x32\...\Simple Media) (Version: 1.0 - Simple Media)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ATTENTION
SpaceSoundPro Service (HKLM-x32\...\zz.12311.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
SpaceSoundPro Service (HKLM-x32\...\zz.5595.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
SushiLeads (HKLM-x32\...\sushileads) (Version: 2.6.0.0 - SushiLeads)
SustainerPlus (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6135ae48}) (Version:  - Software Publisher) <==== ATTENTION
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.1.0.0 - SystemHealer)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
topbuyerr (HKLM-x32\...\{FE139F4C-CE5B-121A-8A2D-191FA2226094}) (Version:  - "") <==== ATTENTION
TrailerTime - TrailerTime for Desktop (HKLM-x32\...\TrailerTime) (Version: 5.1.6cm - TrailerTime)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
W3Schools Hider (HKLM-x32\...\{6E3B2E00-8ADC-98BD-428C-13CEC2925F29}) (Version:  - "") <==== ATTENTION
Weather Wizard 1.0 (HKLM-x32\...\Weather Wizard) (Version: 1.0 - weatther wizard)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinWiki (HKLM-x32\...\WebWatcherInstall) (Version:  - )
WinWiki (HKLM-x32\...\WinWiki) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zzoooomit (HKLM-x32\...\ZoomWebLists) (Version:  - ZoomWebLists)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FA68CB1-F70F-497D-A7EA-70CCFD049024} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {11F9950B-E7C0-4EDB-BC20-9B4F10657E5F} - System32\Tasks\NVDVJDI => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {1565E572-5707-4574-A166-82304ACDF0DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {19DBB75F-F185-4BE8-B5B7-26D953F04CDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1ED05F36-703D-4F12-9CC1-E75BB2289821} - System32\Tasks\DNSBRIDGEPORT => C:\Program Files (x86)\DNS Unlocker\dnsbridgeport.exe [2015-11-04] () <==== ATTENTION
Task: {26837C61-9A95-449B-A03B-97C86E539D6B} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {272E4711-0CE2-4CA7-9882-F36D01E5EB00} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {295B5A7E-4BE6-4DD3-B610-32933E1C64ED} - System32\Tasks\Runner for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {2CF78AB4-9F3C-4452-844E-D7520FE94AA2} - System32\Tasks\impo => C:\Windows\bs1.exe [2015-08-07] ()
Task: {320B8E21-9640-4748-B7EE-BD572F65FCAF} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe [2015-12-06] (Microsoft) <==== ATTENTION
Task: {43F28202-2529-47C8-80FD-A720B57BBD09} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {454644C7-933F-42B3-BFD9-A3DB8BD5274E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {4813F88F-ABA2-4467-B7B0-EBC483988773} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4F4922F9-801E-4DE8-8C5A-3CD868EA6CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-05-05] (Hewlett-Packard)
Task: {4FBADFDA-B9BA-4AAB-B9A4-B760FD138308} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {51F80982-67AA-4214-BBB6-45FF6922D521} - System32\Tasks\Systemhi => C:\Windows\SysInfo.exe [2016-01-23] ()
Task: {56A7D303-FA5B-41F8-B35B-FFFF291BC163} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {57C7B5B6-414E-4DC8-B2B8-5C0D4EE33449} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {5A1B0BCE-2EFA-48B5-A163-08A6CFE62604} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5CCCE2F9-6773-422E-B35B-B842E8F3AA34} - System32\Tasks\Mudgin => C:\Program Files\shopperz270120160220\Pyhbo.bat [2016-01-26] () <==== ATTENTION
Task: {612A3083-C806-46DF-B39F-E21B9C91848A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {68A44B4E-300D-488E-A886-0FF1B2516BB8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {6BA988DD-0C5B-4C24-AA05-34B3DFE76619} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updatehelper.exe [2016-01-24] () <==== ATTENTION
Task: {6CCAF12A-CB64-4984-B398-44977B9FFF36} - System32\Tasks\Follow Extension => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll",#1 <==== ATTENTION
Task: {6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6D15F10C-3D66-4366-8BFE-38BBB3D2D841} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {6D236BA3-35AE-47D9-926D-1D6B18D9AFAA} - System32\Tasks\import => C:\Windows\Mint.exe [2015-12-24] (Microsoft)
Task: {6F37D558-1769-40F2-9B44-CCD4BF31EE96} - System32\Tasks\win => C:\Windows\win.exe
Task: {732CAE4E-D1C9-4537-8230-B3B263B6F120} - System32\Tasks\bvxvbxxvaa => C:\Users\Liyah241\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe [2016-01-14] () <==== ATTENTION
Task: {75BFCBC2-3C41-471B-AC93-99A7291EB17D} - System32\Tasks\IBUpd => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {77E2BEB9-0430-4A88-BCDB-D174072DB76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {790B0F82-FBF7-4A65-87FB-48A8B5719AE7} - System32\Tasks\QXEBESK => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {805BE1B9-C515-4804-82CE-79F282314AFC} - System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8277B1D0-5859-4939-B659-0B55517F6AAF} - System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: {8B6732DD-5A8B-4C92-859B-1D6A32F67ED2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-17] ()
Task: {8FD38911-4C73-437D-B5E3-FC9008166069} - System32\Tasks\IBUpd2 => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {92FC8ABE-4409-4EEA-82D2-FC89A5C0669C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {97884243-269F-4FF1-8971-B74350DE530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {98532C13-55F6-4DA8-AF76-A624A333BFEA} - System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMA (the data entry has 7520 more characters).
Task: {A08391D7-A1C3-446A-BA04-FEEB678698A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-26] (Microsoft Corporation)
Task: {A88DE84D-2355-4692-B7A7-0E6F1F3619C4} - System32\Tasks\RSPro => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [2015-12-01] () <==== ATTENTION
Task: {AB673388-6C32-46B6-BC8A-4C4C07820CD6} - System32\Tasks\YFPFTQOXE => C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe [2015-03-23] () <==== ATTENTION
Task: {ACE2EFD5-6E21-4DDA-8A8B-C4DEA67F7FC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {B2F8936D-EB49-420D-A0BD-60A8BC86C796} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-17] ()
Task: {B3EFC9BB-E9AD-4A41-9C24-653A4A377256} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {B6651D93-7630-4794-9B30-92DB1EF2D422} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {BCD1DD1A-1331-4187-B4B8-4F3D55F84D64} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {BEE85776-F774-4BDF-A094-A03253C81B95} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {C9B6A09B-47FA-4321-A384-73A5CD7DA441} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2016-01-10] ()
Task: {CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC} - System32\Tasks\Googleuptodate => C:\Windows\Wimboldon.exe [2015-12-24] (Microsoft) <==== ATTENTION
Task: {D2B88BE8-AB29-44BB-95EB-EF2A8CFDA298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {D33187A9-BA8C-4544-94E7-D2F21BDA6EC9} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe <==== ATTENTION
Task: {D9077C6D-1581-4391-90F3-6803A9E67B89} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {E2B92397-DCDE-4E70-B627-70306F7E7807} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {E72D99D0-8495-46D9-A54F-115AE55ABD94} - System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => pcalua.exe -a "C:\Program Files\WajaWebEnhancer\WWE_uninstall.exe"
Task: {EA241A42-EC85-4779-8BAC-585A6F9D08FC} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {ED0320A2-FD63-45A8-9CAC-A641B5B23FED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {EE4BF2FC-5016-49E2-9DF8-D253AFA1338A} - System32\Tasks\Optscan => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe [2014-10-23] () <==== ATTENTION
Task: {F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43} - System32\Tasks\Follow Extension2 => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll",#1 <==== ATTENTION
Task: {F3A1CB2A-B15E-4981-9C73-A65E24CFB758} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {F7AC100A-2518-4999-9E56-F5D0836B61E2} - System32\Tasks\Lanwifi => C:\Windows\amdave64Win.exe [2016-01-23] ()
Task: {F951DD44-C111-4DE3-AE28-5431AF203BEF} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {FB8A7251-4D78-4055-82E3-BA05A0D18C27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FDB6B95A-0EE1-42AD-9292-CB4D1C79B024} - System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\NVDVJDI.job => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Optscan.job => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QXEBESK.job => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-15 20:03 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-11-21 14:08 - 2015-11-21 14:08 - 00537600 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs
2015-10-23 16:06 - 2015-07-08 18:26 - 00173088 _____ () C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe
2015-11-21 15:39 - 2015-11-21 15:39 - 00247808 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp
2015-01-01 20:40 - 2014-12-29 08:13 - 04686336 _____ () C:\WINDOWS\rcore.exe
2016-01-26 17:22 - 2016-01-26 22:18 - 00159080 _____ () C:\Program Files\shopperz270120160220\Icaorku.exe
2015-10-11 07:41 - 2015-10-11 07:41 - 00010240 _____ () C:\Program Files (x86)\sushileads\NpUpdaterService.exe
2015-10-11 07:41 - 2015-10-11 07:41 - 00006144 _____ () C:\Program Files (x86)\sushileads\AppResources.dll
2015-11-21 15:39 - 2015-11-21 15:39 - 00718336 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp
2015-10-23 16:07 - 2016-01-26 21:47 - 00661192 _____ () C:\Program Files (x86)\Checked List\updateCheckedList.exe
2015-10-23 13:16 - 2016-01-26 21:46 - 00661192 _____ () C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe
2015-12-17 22:02 - 2015-12-16 02:21 - 04845408 _____ () C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe
2016-01-23 12:46 - 2016-01-23 12:46 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-26 17:23 - 2016-01-26 22:18 - 00329576 _____ () C:\Program Files\shopperz270120160220\Cayrie64.DLL
2016-01-26 22:18 - 2015-12-01 12:35 - 00391168 _____ () C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe
2016-01-10 07:53 - 2016-01-10 07:53 - 01043456 _____ () C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe
2015-10-23 15:41 - 2015-07-31 11:33 - 00893072 _____ () C:\Program Files (x86)\Optimizer Pro 3.99\OptProReminder.exe
2015-10-23 15:53 - 2013-06-26 16:16 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2015-10-11 07:41 - 2015-10-11 07:41 - 00381440 _____ () C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
2016-01-26 22:20 - 2016-01-26 22:20 - 00012288 _____ () C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe
2015-12-02 10:08 - 2015-12-02 10:08 - 01197088 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2015-12-16 00:03 - 2015-12-16 00:03 - 49475088 _____ () C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe
2016-01-26 21:39 - 2016-01-26 04:48 - 03955888 _____ () C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe
2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-01-26 17:22 - 2016-01-26 22:18 - 00291176 _____ () C:\Program Files\shopperz270120160220\Nurdaj.exe
2016-01-26 17:23 - 2016-01-26 22:18 - 00435560 _____ () C:\Program Files\shopperz270120160220\Duahmi.exe
2016-01-26 17:23 - 2016-01-26 22:18 - 00467304 _____ () C:\Program Files\shopperz270120160220\Duahmi64.exe
2016-01-26 17:22 - 2016-01-26 22:18 - 01497448 _____ () C:\Program Files\shopperz270120160220\csrcc.exe
2015-11-21 15:38 - 2016-01-24 00:04 - 00608379 _____ () C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\vnso6545.tmp
2015-05-01 05:19 - 2015-05-01 05:19 - 02225152 _____ () c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll
2015-05-01 05:20 - 2015-05-01 05:20 - 02297344 _____ () c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-17 22:02 - 2015-11-28 02:45 - 00083456 _____ () C:\Users\Liyah241\AppData\Roaming\WinNetSvc\Interface.dll
2012-12-31 06:42 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-12-17 21:50 - 2015-12-17 21:50 - 00012800 _____ () C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll
2015-12-17 21:50 - 2015-12-17 21:50 - 00011264 _____ () C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\{AD241CE3-1DF4-FADD-DFF8-AC358D9A8116}.dat
2015-12-17 21:50 - 2015-12-17 21:50 - 00028160 _____ () C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll
2014-12-15 20:01 - 2012-05-29 23:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2016-01-26 17:23 - 2016-01-26 22:18 - 00292200 _____ () C:\Program Files\shopperz270120160220\Cayrie.DLL
2016-03-22 19:58 - 2016-03-22 19:58 - 00011264 _____ () C:\Users\Liyah241\AppData\Local\Temp\nsy7F8B.tmp\System.dll
2016-03-22 19:58 - 2016-03-22 19:58 - 00117248 _____ () C:\Users\Liyah241\AppData\Local\Temp\nsy7F8B.tmp\IpConfig.dll
2015-10-11 07:41 - 2015-10-11 07:41 - 00005632 _____ () C:\Program Files (x86)\sushileads\ScheduledTask.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0922-f039-11e5-be95-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0923-f039-11e5-be95-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0924-f039-11e5-be95-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{414d0925-f039-11e5-be95-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{6903347f-c4b0-11e5-be93-d89d677bbb11} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{69033480-c4b0-11e5-be93-d89d677bbb11} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7dd-f098-11e5-be98-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7de-f098-11e5-be98-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7df-f098-11e5-be98-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b2dfc7e0-f098-11e5-be98-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b2-f09e-11e5-be99-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b3-f09e-11e5-be99-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b4-f09e-11e5-be99-2016d8a9583c} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{b3f901b7-f09e-11e5-be99-2016d8a9583c} [31]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{ce0bbe85-c4b6-11e5-be94-d89d677bbb11} [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{ce0bbe86-c4b6-11e5-be94-d89d677bbb11} [31]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-11-21 15:35 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1008-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{04921156-F5CA-4A7E-AFB8-8ACD58D19EC6}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{45BCB7BF-0DC1-4772-81AC-D7A86D9CAB1D}] => (Allow) C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{D7273131-9ED7-4132-AF18-A96F12591EA5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0FD2F110-1AB1-4A6E-848B-3B9B2C9E552D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{B64AFBC1-7E46-4B02-B864-1AA01B059FB2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5398BA8E-38D5-418B-8783-5CD7E2ED7FDD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1FE7B777-457D-4238-9360-A1F31F44F1D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DDFAEC5F-470C-4E5F-A155-16A0989F8319}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B1B03AE4-837B-4190-A2FF-D27826303C73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42EE0529-A343-4AF0-8986-073C3B248A4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{05EF2D9E-8D75-40F2-B052-2865B1DC0D14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D58582AF-22E5-4C02-B344-27C8199D947D}] => (Allow) LPort=1900
FirewallRules: [{5BD7BD99-EDCD-4755-AAEF-AB70F3F31B7C}] => (Allow) LPort=2869
FirewallRules: [{0758B42B-2DD6-4329-8DF8-FAECA7B668B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7ADDD6CF-165C-421A-A5E5-AD47E0C9840B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{C82D7AA4-08BB-4E3D-A408-82F01613DE89}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E121D7BA-7935-4DE3-A8F7-042ABDABF33A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{488A31B8-CB97-4F8A-B4D6-697D6A171764}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E740A7CC-6119-44AD-A924-5DB954A358D3}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{786F9F67-53ED-4E7B-B74A-C28A8BC0769F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{ADAFB897-C726-403E-A448-D32C1016B2EC}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{540021B5-F612-4C32-8512-4AFF485924CF}] => (Allow) C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe
 
==================== Restore Points =========================
 
17-03-2015 16:59:22 Windows Update
22-03-2015 12:30:00 Windows Modules Installer
22-03-2015 12:31:18 Windows Modules Installer
24-03-2015 18:13:09 HPSF Applying updates
30-04-2015 23:38:12 Windows Update
05-05-2015 16:23:03 Windows Update
23-10-2015 16:16:29 Windows Update
22-03-2016 18:59:30 Removed AllPCOptimizer.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/22/2016 08:51:58 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:46:02 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:41:04 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:31:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:21:03 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:11:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:01:10 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 08:00:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wimboldon.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 33ec
 
Start Time: 01d184af1d267270
 
Termination Time: 2105
 
Application Path: C:\Windows\Wimboldon.exe
 
Report Id: 59106e82-f0a3-11e5-be99-2016d8a9583c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/22/2016 07:51:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/22/2016 07:46:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
 
System errors:
=============
Error: (03/22/2016 07:27:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Double Spaced Firewall service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 07:27:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PlumoWeb service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 07:27:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lewry service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 07:27:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 07:27:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (03/22/2016 07:16:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (03/22/2016 06:44:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Double Spaced Firewall service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 06:44:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PlumoWeb service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 06:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lewry service failed to start due to the following error: 
%%2
 
Error: (03/22/2016 06:44:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BrsHelper service failed to start due to the following error: 
%%2
 
 
CodeIntegrity:
===================================
  Date: 2015-10-23 16:06:30.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 16:04:37.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 16:02:19.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:59:33.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:57.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:13.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:11.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 3682.26 MB
Available physical RAM: 2058.8 MB
Total Virtual: 4322.26 MB
Available Virtual: 2351.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:273.59 GB) (Free:205.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.9 GB) (Free:14.87 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi Lorenzo Baltazar Perez,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Please wait while I analyze your log.


  • 0

#3
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi Lorenzo Baltazar Perez,

Remove unwanted programs

Please uninstall the following unwanted programs:

BBUyofast
Body Text Feathering
BrowserAir
BugDigger
Checked List
cheuap4alll
Chrome Voice Control
ClickFOrSalee
Consumer Input
Consumer Input (remove only)
Consumer Input Update Helper
deAlo4REaL
DNS Unlocker version 1.4
Easyttosshhop
FinanceAlert
Follow Extension
GamesDesktop 025.005010219
Idle Crawler
IncrementInstance
jogotempo 3.4
KNCTR
Memory Key Detect
Note-up
Note-UP
One10_PC_Cleaner
Optimizer Pro v3.2
PC Optimizer
Pinner for Pinterest
PlayGem 1.0
Plurk Smile
PrincueCooupon
QQuicckshuoP
QueennCOuPoN
SaverAddeOn
Search Module 2.5.0.12
Search Protect
SearchModule
shopperz
shoppilation
SmartWeb
SpaceSoundPro
SpaceSoundPro Service
Super Optimizer v3.2
SushiLeads
SustainerPlus
SwiftSearch 1.10.0.25
System Healer
topbuyerr
TrailerTime - TrailerTime for Desktop
W3Schools Hider
Weather Wizard 1.0
WinWiki
Zzoooomit


Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
  • Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
  • Enter control panel in the search box, then tap or click Control Panel.
  • Under View by:, select Large Icons, then tap or click Programs and features.
  • Tap or click the program, then tap or click Uninstall.
  • Follow the instructions on screen.

    Repeat the above steps for all the other programs to remove.
    Reboot the machine once all programs has been uninstalled.
Reinstall Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
  • Download 'Google Chrome by Google' and save it to your desktop.
  • You can choose to export bookmarks if you have any. Do so by following 'this' guide.
  • If you signed in to Google Chrome, visit 'Google Sync' and click Reset sync > OK. Skip this step otherwise.
  • Close all instances of Google Chrome.
  • Now we need to uninstall Chrome.
  • Note: When asked about user data or settings you must remove this also so please check the box.
  • Restart your computer after uninstalling Chrome.
  • Right click the Chrome set up file you downloaded earlier to your Desktop and click Run as Administrator to start the installation and follow the prompts.
  • After installation, you can safely import the HTML bookmark backup(s) you made earlier and 'sync your settings' again.
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CreateRestorePoint:
CloseProcesses:

CMD: fltmc detach bsdriver c: bsdriver

HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44032 2016-01-23] ()
HKLM-x32\...\Run: [gmsd_us_51] => [X]
HKLM-x32\...\Run: [gmsd_us_85] => [X]
HKLM-x32\...\Run: [gmsd_us_100] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [gmsd_us_349] => [X]
HKLM-x32\...\Run: [PlayGem] => C:\Program Files (x86)\PlayGem\PlayGem.exe [3195904 2015-06-03] (PlayGem)
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [popup] => "C:\windows\System32\MyTrayApp.exe"
HKLM-x32\...\Run: [TrailerTime] => C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe [49475088 2015-12-16] ()
HKLM-x32\...\Run: [gmsd_us_005010219] => C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe [3955888 2016-01-26] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat [164 2016-01-23] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-10-11] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [283648 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SearchModule] => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [391168 2015-12-01] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Winoneexe] => C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe [12288 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\MountPoints2: {ae32ec1a-535e-11e2-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
Startup: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-17]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}: [NameServer] 104.197.191.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,&vp=ch&prd=set_ie
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> OldSearch URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M31B147BA-977A-4994-A48D-0C90C7D61DDC&SearchSource=58&CUI=&UM=8&UP=SP36C2E74D-6022-4F05-B86C-FE828B025E6D&D=012316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {07217568-B3BA-4655-866E-9BDE000A7BE8} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {12739F39-9A8C-4A07-9DEE-9A9C4170F529} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=MC4A718D5-8355-475D-A0E3-0B42B994A080&SearchSource=58&CUI=&UM=8&UP=SP50EC8EA0-3617-4E14-AEAD-7384EDAD9240&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev64.dll [2016-01-26] ()
BHO: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.x64.dll [2015-05-14] ()
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.x64.dll [2015-05-06] ()
BHO: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.x64.dll [2015-05-14] ()
BHO-x32: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev.dll [2016-01-26] ()
BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2015-10-02] (Checked List)
BHO-x32: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.dll [2015-05-14] ()
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO-x32: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.dll [2015-05-06] ()
BHO-x32: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.dll [2015-05-14] ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2225152 2015-05-01] () [File not signed]
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [2297344 2015-05-01] () [File not signed]
R3 8F898A85-C4D3-441E-a6A4-8FF2923283FA; C:\Program Files\shopperz270120160220\Nurdaj.exe [291176 2016-01-26] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz270120160220\csrcc.exe [1497448 2016-01-26] ()
R2 NetTcpHandler; C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
R2 QUZNjUc; C:\ProgramData\hKafruOyr\QUZNjUc.exe [2931200 2015-10-23] (Valid Applications) [File not signed]
R2 qymumylo; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp [247808 2015-11-21] () [File not signed]
R2 rcores; C:\WINDOWS\rcore.exe [4686336 2014-12-29] () [File not signed]
R2 shopperz270120160220 Updater; C:\Program Files\shopperz270120160220\Icaorku.exe [159080 2016-01-26] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2447872 2016-01-24] (Search Module Ltd.) [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
R2 typikeni; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp [718336 2015-11-21] () [File not signed]
R2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [661192 2016-01-26] ()
R2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [661192 2016-01-26] ()
R2 WinNetSvc; C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () [File not signed]
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1739776 2015-10-15] (WWatcher)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R2 cybemove; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs [X]
S2 Lewry; "C:\Users\Liyah241\AppData\Roaming\BejmaDua\Zegbarvh.exe" -cms [X]
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S2 zigipyro; C:\Users\Liyah241\AppData\Local\02459A70-1453552013-D265-7A86-42E8B3913FF8\qnsbFBBF.tmp [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-01-26] ()
R3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23208 2016-03-22] (Corporation) [File not signed]
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [43776 2016-01-24] ()
R1 {22b230b8-6e08-4687-afa6-31e3b13fe333}w64; C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys [48784 2015-01-21] (StdLib)
R1 {2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64; C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys [48784 2015-12-17] (StdLib)
R1 {2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64; C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys [48784 2015-03-22] (StdLib)
R1 {59074063-010c-49cd-9e33-7f8e3a63291d}w64; C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys [48784 2015-01-14] (StdLib)
R1 {6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64; C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys [48784 2015-01-26] (StdLib)
R1 {7076b5a4-952b-427a-a724-78a34643efb0}w64; C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys [48784 2015-01-11] (StdLib)
R1 {8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64; C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys [48744 2016-01-26] (StdLib)
R1 {f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64; C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys [48784 2015-01-15] (StdLib)
R1 {f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64; C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys [48784 2015-10-23] (StdLib)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2016-03-22 18:56 - 2016-03-22 19:34 - 00003740 _____ C:\WINDOWS\System32\Tasks\SecurityApps2
2016-03-22 20:43 - 2015-10-23 15:38 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-03-22 19:50 - 2015-10-23 15:47 - 00003266 _____ C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2016-03-22 19:49 - 2015-10-23 15:47 - 00003260 _____ C:\WINDOWS\System32\Tasks\Super Optimizer Schedule
2016-03-22 19:30 - 2016-01-23 13:49 - 00000000 ____D C:\Users\Liyah241\AppData\Local\TrailerTime
2016-03-22 19:29 - 2016-01-26 22:18 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-03-22 19:29 - 2015-12-17 21:52 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\SmartWeb
2016-03-22 19:28 - 2016-01-26 20:48 - 00000296 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-03-22 19:28 - 2015-10-23 15:37 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-03-22 19:28 - 2015-03-24 18:09 - 00001714 _____ C:\WINDOWS\Tasks\NVDVJDI.job
2016-03-22 19:28 - 2015-03-24 17:58 - 00001714 _____ C:\WINDOWS\Tasks\QXEBESK.job
2016-03-22 19:02 - 2016-01-23 13:18 - 00000000 ____D C:\ProgramData\DataFile
2016-03-22 07:26 - 2016-01-23 13:23 - 00000000 ____D C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\NVDVJDI
2015-03-24 18:09 - 2015-03-24 18:09 - 1856000 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe
2015-01-01 20:41 - 2015-01-01 20:41 - 2052584 _____ (CinPlus2.6dV01.01) C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\QXEBESK
2015-03-24 17:58 - 2015-03-24 17:58 - 1933824 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {11F9950B-E7C0-4EDB-BC20-9B4F10657E5F} - System32\Tasks\NVDVJDI => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {1ED05F36-703D-4F12-9CC1-E75BB2289821} - System32\Tasks\DNSBRIDGEPORT => C:\Program Files (x86)\DNS Unlocker\dnsbridgeport.exe [2015-11-04] () <==== ATTENTION
Task: {26837C61-9A95-449B-A03B-97C86E539D6B} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {295B5A7E-4BE6-4DD3-B610-32933E1C64ED} - System32\Tasks\Runner for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {2CF78AB4-9F3C-4452-844E-D7520FE94AA2} - System32\Tasks\impo => C:\Windows\bs1.exe [2015-08-07] ()
Task: {320B8E21-9640-4748-B7EE-BD572F65FCAF} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe [2015-12-06] (Microsoft) <==== ATTENTION
Task: {43F28202-2529-47C8-80FD-A720B57BBD09} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {51F80982-67AA-4214-BBB6-45FF6922D521} - System32\Tasks\Systemhi => C:\Windows\SysInfo.exe [2016-01-23] ()
Task: {5CCCE2F9-6773-422E-B35B-B842E8F3AA34} - System32\Tasks\Mudgin => C:\Program Files\shopperz270120160220\Pyhbo.bat [2016-01-26] () <==== ATTENTION
Task: {68A44B4E-300D-488E-A886-0FF1B2516BB8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {6BA988DD-0C5B-4C24-AA05-34B3DFE76619} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updatehelper.exe [2016-01-24] () <==== ATTENTION
Task: {6CCAF12A-CB64-4984-B398-44977B9FFF36} - System32\Tasks\Follow Extension => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll",#1 <==== ATTENTION
Task: {6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6D15F10C-3D66-4366-8BFE-38BBB3D2D841} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {6D236BA3-35AE-47D9-926D-1D6B18D9AFAA} - System32\Tasks\import => C:\Windows\Mint.exe [2015-12-24] (Microsoft)
Task: {6F37D558-1769-40F2-9B44-CCD4BF31EE96} - System32\Tasks\win => C:\Windows\win.exe
Task: {732CAE4E-D1C9-4537-8230-B3B263B6F120} - System32\Tasks\bvxvbxxvaa => C:\Users\Liyah241\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe [2016-01-14] () <==== ATTENTION
Task: {75BFCBC2-3C41-471B-AC93-99A7291EB17D} - System32\Tasks\IBUpd => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {790B0F82-FBF7-4A65-87FB-48A8B5719AE7} - System32\Tasks\QXEBESK => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {805BE1B9-C515-4804-82CE-79F282314AFC} - System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8277B1D0-5859-4939-B659-0B55517F6AAF} - System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: {8B6732DD-5A8B-4C92-859B-1D6A32F67ED2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-17] ()
Task: {8FD38911-4C73-437D-B5E3-FC9008166069} - System32\Tasks\IBUpd2 => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {98532C13-55F6-4DA8-AF76-A624A333BFEA} - System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMA (the data entry has 7520 more characters).
Task: {A88DE84D-2355-4692-B7A7-0E6F1F3619C4} - System32\Tasks\RSPro => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [2015-12-01] () <==== ATTENTION
Task: {AB673388-6C32-46B6-BC8A-4C4C07820CD6} - System32\Tasks\YFPFTQOXE => C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe [2015-03-23] () <==== ATTENTION
Task: {B2F8936D-EB49-420D-A0BD-60A8BC86C796} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-17] ()
Task: {B3EFC9BB-E9AD-4A41-9C24-653A4A377256} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {B6651D93-7630-4794-9B30-92DB1EF2D422} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {BCD1DD1A-1331-4187-B4B8-4F3D55F84D64} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {C9B6A09B-47FA-4321-A384-73A5CD7DA441} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2016-01-10] ()
Task: {CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC} - System32\Tasks\Googleuptodate => C:\Windows\Wimboldon.exe [2015-12-24] (Microsoft) <==== ATTENTION
Task: {D33187A9-BA8C-4544-94E7-D2F21BDA6EC9} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe <==== ATTENTION
Task: {E2B92397-DCDE-4E70-B627-70306F7E7807} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {E72D99D0-8495-46D9-A54F-115AE55ABD94} - System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => pcalua.exe -a "C:\Program Files\WajaWebEnhancer\WWE_uninstall.exe"
Task: {EA241A42-EC85-4779-8BAC-585A6F9D08FC} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {EE4BF2FC-5016-49E2-9DF8-D253AFA1338A} - System32\Tasks\Optscan => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe [2014-10-23] () <==== ATTENTION
Task: {F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43} - System32\Tasks\Follow Extension2 => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll",#1 <==== ATTENTION
Task: {F3A1CB2A-B15E-4981-9C73-A65E24CFB758} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {F7AC100A-2518-4999-9E56-F5D0836B61E2} - System32\Tasks\Lanwifi => C:\Windows\amdave64Win.exe [2016-01-23] ()
Task: {F951DD44-C111-4DE3-AE28-5431AF203BEF} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {FDB6B95A-0EE1-42AD-9292-CB4D1C79B024} - System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NVDVJDI.job => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Optscan.job => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QXEBESK.job => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
FirewallRules: [{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{C82D7AA4-08BB-4E3D-A408-82F01613DE89}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{488A31B8-CB97-4F8A-B4D6-697D6A171764}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E740A7CC-6119-44AD-A924-5DB954A358D3}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{786F9F67-53ED-4E7B-B74A-C28A8BC0769F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{ADAFB897-C726-403E-A448-D32C1016B2EC}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{540021B5-F612-4C32-8512-4AFF485924CF}] => (Allow) C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe

C:\Program Files\BubbleSound
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\PlayGem
C:\Program Files (x86)\Note-up
C:\Users\Liyah241\AppData\Local\SmartWeb
C:\Users\Liyah241\AppData\Roaming\TrailerTime
C:\Program Files (x86)\gmsd_us_005010219
C:\Program Files (x86)\SpaceSondPro_v53.12311
C:\Program Files (x86)\Optimizer Pro 3.99
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\Itibiti Soft Phone
C:\Program Files (x86)\sushileads
C:\ProgramData\DataFile
C:\Users\Liyah241\AppData\Local\SearchModule
C:\Users\Liyah241\AppData\Local\winone
C:\Program Files (x86)\SearchProtect
C:\Program Files\shopperz270120160220
C:\Program Files (x86)\Easyttosshhop
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\QQuicckshuoP
C:\Program Files (x86)\deAlo4REaL
C:\Program Files (x86)\Checked List
C:\Program Files\shopperz
c:\Program Files (x86)\IncrementInstance
c:\Program Files (x86)\SustainerPlus
C:\Users\Liyah241\AppData\Roaming\NetService
C:\ProgramData\hKafruOyr
C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8
C:\Program Files\Common Files\Goobzo
C:\Users\Liyah241\AppData\Roaming\WinNetSvc
C:\Program Files (x86)\WinWiki
C:\PROGRA~2\YTDOWN~1
C:\Users\Liyah241\AppData\Roaming\BejmaDua
C:\Program Files (x86)\PlumoWeb
C:\Program Files (x86)\DNS Unlocker
C:\Program Files (x86)\SystemHealer
C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0
C:\Users\Liyah241\AppData\Local\Follow Extension
C:\Program Files (x86)\MyPC Backup
C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
C:\Users\Liyah241\AppData\Local\BrowserAir
C:\ProgramData\SearchModule
C:\Program Files (x86)\SwiftSearch_1.10.0.25
C:\Program Files (x86)\PC Optimizer
C:\Program Files\WajaWebEnhancer
c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}

C:\WINDOWS\rcore.exe
C:\WINDOWS\system32\drivers\bsdriver.sys
C:\Windows\System32\DRIVERS\sdfhgdf.sys
C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys
C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys
C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys
C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys
C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys
C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys
C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys
C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys
C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys
C:\WINDOWS\system32\drivers\SPPD.sys
C:\WINDOWS\system32\drivers\wpnfd_1_10_0_4.sys
C:\Windows\bs1.exe
C:\Windows\winupd.exe
C:\Windows\SysInfo.exe
C:\Windows\Mint.exe
C:\Windows\win.exe
C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe
C:\Windows\Wimboldon.exe
C:\Windows\hsysinfo.exe
C:\Windows\amdave64Win.exe

CMD: netsh winsock reset
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ip reset c:\resetlog.txt

CMD: sfc /scanfile=C:\Windows\system32\dnsapi.dll
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • Any issue with uninstallation?
  • FRST fixlog
  • FRST log
  • FRST Addition log

  • 0

#4
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

No issues during the uninstall of programs.

 

 

Fix Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-24 11:04:57) Run:1
Running from F:\
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
CMD: fltmc detach bsdriver c: bsdriver
 
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44032 2016-01-23] ()
HKLM-x32\...\Run: [gmsd_us_51] => [X]
HKLM-x32\...\Run: [gmsd_us_85] => [X]
HKLM-x32\...\Run: [gmsd_us_100] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [gmsd_us_349] => [X]
HKLM-x32\...\Run: [PlayGem] => C:\Program Files (x86)\PlayGem\PlayGem.exe [3195904 2015-06-03] (PlayGem)
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [popup] => "C:\windows\System32\MyTrayApp.exe"
HKLM-x32\...\Run: [TrailerTime] => C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe [49475088 2015-12-16] ()
HKLM-x32\...\Run: [gmsd_us_005010219] => C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe [3955888 2016-01-26] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat [164 2016-01-23] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-10-11] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [283648 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SearchModule] => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [391168 2015-12-01] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Winoneexe] => C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe [12288 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\MountPoints2: {ae32ec1a-535e-11e2-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
Startup: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-17]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}: [NameServer] 104.197.191.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,&vp=ch&prd=set_ie
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> OldSearch URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M31B147BA-977A-4994-A48D-0C90C7D61DDC&SearchSource=58&CUI=&UM=8&UP=SP36C2E74D-6022-4F05-B86C-FE828B025E6D&D=012316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {07217568-B3BA-4655-866E-9BDE000A7BE8} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {12739F39-9A8C-4A07-9DEE-9A9C4170F529} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=MC4A718D5-8355-475D-A0E3-0B42B994A080&SearchSource=58&CUI=&UM=8&UP=SP50EC8EA0-3617-4E14-AEAD-7384EDAD9240&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev64.dll [2016-01-26] ()
BHO: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.x64.dll [2015-05-14] ()
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.x64.dll [2015-05-06] ()
BHO: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.x64.dll [2015-05-14] ()
BHO-x32: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev.dll [2016-01-26] ()
BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2015-10-02] (Checked List)
BHO-x32: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.dll [2015-05-14] ()
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO-x32: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.dll [2015-05-06] ()
BHO-x32: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.dll [2015-05-14] ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2225152 2015-05-01] () [File not signed]
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [2297344 2015-05-01] () [File not signed]
R3 8F898A85-C4D3-441E-a6A4-8FF2923283FA; C:\Program Files\shopperz270120160220\Nurdaj.exe [291176 2016-01-26] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz270120160220\csrcc.exe [1497448 2016-01-26] ()
R2 NetTcpHandler; C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
R2 QUZNjUc; C:\ProgramData\hKafruOyr\QUZNjUc.exe [2931200 2015-10-23] (Valid Applications) [File not signed]
R2 qymumylo; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp [247808 2015-11-21] () [File not signed]
R2 rcores; C:\WINDOWS\rcore.exe [4686336 2014-12-29] () [File not signed]
R2 shopperz270120160220 Updater; C:\Program Files\shopperz270120160220\Icaorku.exe [159080 2016-01-26] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2447872 2016-01-24] (Search Module Ltd.) [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
R2 typikeni; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp [718336 2015-11-21] () [File not signed]
R2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [661192 2016-01-26] ()
R2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [661192 2016-01-26] ()
R2 WinNetSvc; C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () [File not signed]
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1739776 2015-10-15] (WWatcher)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R2 cybemove; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs [X]
S2 Lewry; "C:\Users\Liyah241\AppData\Roaming\BejmaDua\Zegbarvh.exe" -cms [X]
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S2 zigipyro; C:\Users\Liyah241\AppData\Local\02459A70-1453552013-D265-7A86-42E8B3913FF8\qnsbFBBF.tmp [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-01-26] ()
R3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23208 2016-03-22] (Corporation) [File not signed]
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [43776 2016-01-24] ()
R1 {22b230b8-6e08-4687-afa6-31e3b13fe333}w64; C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys [48784 2015-01-21] (StdLib)
R1 {2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64; C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys [48784 2015-12-17] (StdLib)
R1 {2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64; C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys [48784 2015-03-22] (StdLib)
R1 {59074063-010c-49cd-9e33-7f8e3a63291d}w64; C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys [48784 2015-01-14] (StdLib)
R1 {6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64; C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys [48784 2015-01-26] (StdLib)
R1 {7076b5a4-952b-427a-a724-78a34643efb0}w64; C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys [48784 2015-01-11] (StdLib)
R1 {8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64; C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys [48744 2016-01-26] (StdLib)
R1 {f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64; C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys [48784 2015-01-15] (StdLib)
R1 {f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64; C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys [48784 2015-10-23] (StdLib)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2016-03-22 18:56 - 2016-03-22 19:34 - 00003740 _____ C:\WINDOWS\System32\Tasks\SecurityApps2
2016-03-22 20:43 - 2015-10-23 15:38 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-03-22 19:50 - 2015-10-23 15:47 - 00003266 _____ C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2016-03-22 19:49 - 2015-10-23 15:47 - 00003260 _____ C:\WINDOWS\System32\Tasks\Super Optimizer Schedule
2016-03-22 19:30 - 2016-01-23 13:49 - 00000000 ____D C:\Users\Liyah241\AppData\Local\TrailerTime
2016-03-22 19:29 - 2016-01-26 22:18 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-03-22 19:29 - 2015-12-17 21:52 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\SmartWeb
2016-03-22 19:28 - 2016-01-26 20:48 - 00000296 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-03-22 19:28 - 2015-10-23 15:37 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-03-22 19:28 - 2015-03-24 18:09 - 00001714 _____ C:\WINDOWS\Tasks\NVDVJDI.job
2016-03-22 19:28 - 2015-03-24 17:58 - 00001714 _____ C:\WINDOWS\Tasks\QXEBESK.job
2016-03-22 19:02 - 2016-01-23 13:18 - 00000000 ____D C:\ProgramData\DataFile
2016-03-22 07:26 - 2016-01-23 13:23 - 00000000 ____D C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\NVDVJDI
2015-03-24 18:09 - 2015-03-24 18:09 - 1856000 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe
2015-01-01 20:41 - 2015-01-01 20:41 - 2052584 _____ (CinPlus2.6dV01.01) C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\QXEBESK
2015-03-24 17:58 - 2015-03-24 17:58 - 1933824 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {11F9950B-E7C0-4EDB-BC20-9B4F10657E5F} - System32\Tasks\NVDVJDI => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {1ED05F36-703D-4F12-9CC1-E75BB2289821} - System32\Tasks\DNSBRIDGEPORT => C:\Program Files (x86)\DNS Unlocker\dnsbridgeport.exe [2015-11-04] () <==== ATTENTION
Task: {26837C61-9A95-449B-A03B-97C86E539D6B} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {295B5A7E-4BE6-4DD3-B610-32933E1C64ED} - System32\Tasks\Runner for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {2CF78AB4-9F3C-4452-844E-D7520FE94AA2} - System32\Tasks\impo => C:\Windows\bs1.exe [2015-08-07] ()
Task: {320B8E21-9640-4748-B7EE-BD572F65FCAF} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe [2015-12-06] (Microsoft) <==== ATTENTION
Task: {43F28202-2529-47C8-80FD-A720B57BBD09} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {51F80982-67AA-4214-BBB6-45FF6922D521} - System32\Tasks\Systemhi => C:\Windows\SysInfo.exe [2016-01-23] ()
Task: {5CCCE2F9-6773-422E-B35B-B842E8F3AA34} - System32\Tasks\Mudgin => C:\Program Files\shopperz270120160220\Pyhbo.bat [2016-01-26] () <==== ATTENTION
Task: {68A44B4E-300D-488E-A886-0FF1B2516BB8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {6BA988DD-0C5B-4C24-AA05-34B3DFE76619} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updatehelper.exe [2016-01-24] () <==== ATTENTION
Task: {6CCAF12A-CB64-4984-B398-44977B9FFF36} - System32\Tasks\Follow Extension => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll",#1 <==== ATTENTION
Task: {6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6D15F10C-3D66-4366-8BFE-38BBB3D2D841} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {6D236BA3-35AE-47D9-926D-1D6B18D9AFAA} - System32\Tasks\import => C:\Windows\Mint.exe [2015-12-24] (Microsoft)
Task: {6F37D558-1769-40F2-9B44-CCD4BF31EE96} - System32\Tasks\win => C:\Windows\win.exe
Task: {732CAE4E-D1C9-4537-8230-B3B263B6F120} - System32\Tasks\bvxvbxxvaa => C:\Users\Liyah241\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe [2016-01-14] () <==== ATTENTION
Task: {75BFCBC2-3C41-471B-AC93-99A7291EB17D} - System32\Tasks\IBUpd => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {790B0F82-FBF7-4A65-87FB-48A8B5719AE7} - System32\Tasks\QXEBESK => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {805BE1B9-C515-4804-82CE-79F282314AFC} - System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8277B1D0-5859-4939-B659-0B55517F6AAF} - System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: {8B6732DD-5A8B-4C92-859B-1D6A32F67ED2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-17] ()
Task: {8FD38911-4C73-437D-B5E3-FC9008166069} - System32\Tasks\IBUpd2 => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {98532C13-55F6-4DA8-AF76-A624A333BFEA} - System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMA (the data entry has 7520 more characters).
Task: {A88DE84D-2355-4692-B7A7-0E6F1F3619C4} - System32\Tasks\RSPro => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [2015-12-01] () <==== ATTENTION
Task: {AB673388-6C32-46B6-BC8A-4C4C07820CD6} - System32\Tasks\YFPFTQOXE => C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe [2015-03-23] () <==== ATTENTION
Task: {B2F8936D-EB49-420D-A0BD-60A8BC86C796} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-17] ()
Task: {B3EFC9BB-E9AD-4A41-9C24-653A4A377256} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {B6651D93-7630-4794-9B30-92DB1EF2D422} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {BCD1DD1A-1331-4187-B4B8-4F3D55F84D64} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {C9B6A09B-47FA-4321-A384-73A5CD7DA441} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2016-01-10] ()
Task: {CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC} - System32\Tasks\Googleuptodate => C:\Windows\Wimboldon.exe [2015-12-24] (Microsoft) <==== ATTENTION
Task: {D33187A9-BA8C-4544-94E7-D2F21BDA6EC9} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe <==== ATTENTION
Task: {E2B92397-DCDE-4E70-B627-70306F7E7807} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {E72D99D0-8495-46D9-A54F-115AE55ABD94} - System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => pcalua.exe -a "C:\Program Files\WajaWebEnhancer\WWE_uninstall.exe"
Task: {EA241A42-EC85-4779-8BAC-585A6F9D08FC} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {EE4BF2FC-5016-49E2-9DF8-D253AFA1338A} - System32\Tasks\Optscan => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe [2014-10-23] () <==== ATTENTION
Task: {F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43} - System32\Tasks\Follow Extension2 => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll",#1 <==== ATTENTION
Task: {F3A1CB2A-B15E-4981-9C73-A65E24CFB758} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {F7AC100A-2518-4999-9E56-F5D0836B61E2} - System32\Tasks\Lanwifi => C:\Windows\amdave64Win.exe [2016-01-23] ()
Task: {F951DD44-C111-4DE3-AE28-5431AF203BEF} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {FDB6B95A-0EE1-42AD-9292-CB4D1C79B024} - System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NVDVJDI.job => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Optscan.job => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QXEBESK.job => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
FirewallRules: [{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{C82D7AA4-08BB-4E3D-A408-82F01613DE89}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{488A31B8-CB97-4F8A-B4D6-697D6A171764}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E740A7CC-6119-44AD-A924-5DB954A358D3}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{786F9F67-53ED-4E7B-B74A-C28A8BC0769F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{ADAFB897-C726-403E-A448-D32C1016B2EC}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{540021B5-F612-4C32-8512-4AFF485924CF}] => (Allow) C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe
 
C:\Program Files\BubbleSound
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\PlayGem
C:\Program Files (x86)\Note-up
C:\Users\Liyah241\AppData\Local\SmartWeb
C:\Users\Liyah241\AppData\Roaming\TrailerTime
C:\Program Files (x86)\gmsd_us_005010219
C:\Program Files (x86)\SpaceSondPro_v53.12311
C:\Program Files (x86)\Optimizer Pro 3.99
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\Itibiti Soft Phone
C:\Program Files (x86)\sushileads
C:\ProgramData\DataFile
C:\Users\Liyah241\AppData\Local\SearchModule
C:\Users\Liyah241\AppData\Local\winone
C:\Program Files (x86)\SearchProtect
C:\Program Files\shopperz270120160220
C:\Program Files (x86)\Easyttosshhop
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\QQuicckshuoP
C:\Program Files (x86)\deAlo4REaL
C:\Program Files (x86)\Checked List
C:\Program Files\shopperz
c:\Program Files (x86)\IncrementInstance
c:\Program Files (x86)\SustainerPlus
C:\Users\Liyah241\AppData\Roaming\NetService
C:\ProgramData\hKafruOyr
C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8
C:\Program Files\Common Files\Goobzo
C:\Users\Liyah241\AppData\Roaming\WinNetSvc
C:\Program Files (x86)\WinWiki
C:\PROGRA~2\YTDOWN~1
C:\Users\Liyah241\AppData\Roaming\BejmaDua
C:\Program Files (x86)\PlumoWeb
C:\Program Files (x86)\DNS Unlocker
C:\Program Files (x86)\SystemHealer
C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0
C:\Users\Liyah241\AppData\Local\Follow Extension
C:\Program Files (x86)\MyPC Backup
C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
C:\Users\Liyah241\AppData\Local\BrowserAir
C:\ProgramData\SearchModule
C:\Program Files (x86)\SwiftSearch_1.10.0.25
C:\Program Files (x86)\PC Optimizer
C:\Program Files\WajaWebEnhancer
c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}
 
C:\WINDOWS\rcore.exe
C:\WINDOWS\system32\drivers\bsdriver.sys
C:\Windows\System32\DRIVERS\sdfhgdf.sys
C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys
C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys
C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys
C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys
C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys
C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys
C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys
C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys
C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys
C:\WINDOWS\system32\drivers\SPPD.sys
C:\WINDOWS\system32\drivers\wpnfd_1_10_0_4.sys
C:\Windows\bs1.exe
C:\Windows\winupd.exe
C:\Windows\SysInfo.exe
C:\Windows\Mint.exe
C:\Windows\win.exe
C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe
C:\Windows\Wimboldon.exe
C:\Windows\hsysinfo.exe
C:\Windows\amdave64Win.exe
 
CMD: netsh winsock reset
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ip reset c:\resetlog.txt
 
CMD: sfc /scanfile=C:\Windows\system32\dnsapi.dll
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
=========  fltmc detach bsdriver c: bsdriver =========
 
 
========= End of CMD: =========
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SystemFix => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_51 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_85 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_100 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_349 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PlayGem => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Note-up => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\popup => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrailerTime => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010219 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\IOPROTECT => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Super Optimizer => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SushiLeadsApplication => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Windi => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SearchModule => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Winoneexe => value not found.
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae32ec1a-535e-11e2-be71-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{ae32ec1a-535e-11e2-be71-806e6f6e6963} => key not found. 
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data not found.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => not found.
C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 => key not found. 
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => key not found. 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}\\NameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found. 
HKCR\CLSID\OldSearch => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07217568-B3BA-4655-866E-9BDE000A7BE8} => key not found. 
HKCR\CLSID\{07217568-B3BA-4655-866E-9BDE000A7BE8} => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12739F39-9A8C-4A07-9DEE-9A9C4170F529} => key not found. 
HKCR\CLSID\{12739F39-9A8C-4A07-9DEE-9A9C4170F529} => key not found. 
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A593BFF-095B-4B68-8250-CA75C19EFF6F} => key not found. 
HKCR\CLSID\{6A593BFF-095B-4B68-8250-CA75C19EFF6F} => key not found. 
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found. 
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found. 
HKCR\CLSID\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found. 
HKCR\CLSID\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found. 
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found. 
HKCR\CLSID\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found. 
HKCR\CLSID\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found. 
HKCR\Wow6432Node\CLSID\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} => key not found. 
HKCR\Wow6432Node\CLSID\{7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found. 
HKCR\Wow6432Node\CLSID\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found. 
HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found. 
HKCR\Wow6432Node\CLSID\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found. 
HKCR\Wow6432Node\CLSID\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => value not found.
C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi => not found.
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Mozilla\Firefox\Extensions\\[email protected] => value not found.
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi => not found.
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12] => not found
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
580a4029 => service not found.
6135ae48 => service not found.
8F898A85-C4D3-441E-a6A4-8FF2923283FA => service not found.
CltMngSvc => service not found.
consumerinput_update => service not found.
consumerinput_updatem => service not found.
csrcc => service not found.
NetTcpHandler => service not found.
QUZNjUc => service not found.
qymumylo => service not found.
rcores => service not found.
shopperz270120160220 Updater => service not found.
SMUpd => service not found.
SushiLeadsUpdaterService => service not found.
typikeni => service not found.
Update Checked List => service not found.
Util Checked List => service not found.
WinNetSvc => service not found.
WWatcherProxy => service not found.
BrsHelper => service removed successfully
cybemove => service not found.
Lewry => service removed successfully
Update PlumoWeb => service not found.
WdNisSvc => service removed successfully
WinDefend => service removed successfully
zigipyro => service not found.
bsdriver => Unable to stop service.
bsdriver => service could not remove
sdfhgdf => service removed successfully
SMUpdd => service not found.
{22b230b8-6e08-4687-afa6-31e3b13fe333}w64 => service not found.
{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64 => service not found.
{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64 => service not found.
{59074063-010c-49cd-9e33-7f8e3a63291d}w64 => service not found.
{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64 => service not found.
{7076b5a4-952b-427a-a724-78a34643efb0}w64 => service not found.
{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64 => service not found.
{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64 => service not found.
{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64 => service not found.
SPPD => service not found.
wpnfd_1_10_0_4 => service not found.
"C:\WINDOWS\System32\Tasks\SecurityApps2" => not found.
"C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job" => not found.
"C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule" => not found.
"C:\WINDOWS\System32\Tasks\Super Optimizer Schedule" => not found.
"C:\Users\Liyah241\AppData\Local\TrailerTime" => not found.
C:\WINDOWS\system32\Drivers\sdfhgdf.sys => moved successfully
"C:\Users\Liyah241\AppData\LocalLow\SmartWeb" => not found.
"C:\WINDOWS\Tasks\System HealerStartUp.job" => not found.
"C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job" => not found.
C:\WINDOWS\Tasks\NVDVJDI.job => moved successfully
C:\WINDOWS\Tasks\QXEBESK.job => moved successfully
"C:\ProgramData\DataFile" => not found.
"C:\Users\Liyah241\AppData\Local\bvxvbxxvaa" => not found.
C:\Users\Liyah241\AppData\Roaming\NVDVJDI => moved successfully
"C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe" => not found.
"C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe" => not found.
C:\Users\Liyah241\AppData\Roaming\QXEBESK => moved successfully
"C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11F9950B-E7C0-4EDB-BC20-9B4F10657E5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F9950B-E7C0-4EDB-BC20-9B4F10657E5F}" => key removed successfully
C:\WINDOWS\System32\Tasks\NVDVJDI => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVDVJDI" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1ED05F36-703D-4F12-9CC1-E75BB2289821}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ED05F36-703D-4F12-9CC1-E75BB2289821}" => key removed successfully
C:\WINDOWS\System32\Tasks\DNSBRIDGEPORT => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSBRIDGEPORT => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26837C61-9A95-449B-A03B-97C86E539D6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26837C61-9A95-449B-A03B-97C86E539D6B}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Run Delay => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{295B5A7E-4BE6-4DD3-B610-32933E1C64ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{295B5A7E-4BE6-4DD3-B610-32933E1C64ED}" => key removed successfully
C:\WINDOWS\System32\Tasks\Runner for IC => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner for IC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CF78AB4-9F3C-4452-844E-D7520FE94AA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF78AB4-9F3C-4452-844E-D7520FE94AA2}" => key removed successfully
C:\WINDOWS\System32\Tasks\impo => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{320B8E21-9640-4748-B7EE-BD572F65FCAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320B8E21-9640-4748-B7EE-BD572F65FCAF}" => key removed successfully
C:\WINDOWS\System32\Tasks\MyDailyBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43F28202-2529-47C8-80FD-A720B57BBD09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43F28202-2529-47C8-80FD-A720B57BBD09}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Updater for IC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F80982-67AA-4214-BBB6-45FF6922D521}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F80982-67AA-4214-BBB6-45FF6922D521}" => key removed successfully
C:\WINDOWS\System32\Tasks\Systemhi => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Systemhi => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CCCE2F9-6773-422E-B35B-B842E8F3AA34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CCCE2F9-6773-422E-B35B-B842E8F3AA34}" => key removed successfully
C:\WINDOWS\System32\Tasks\Mudgin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mudgin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68A44B4E-300D-488E-A886-0FF1B2516BB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A44B4E-300D-488E-A886-0FF1B2516BB8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BA988DD-0C5B-4C24-AA05-34B3DFE76619}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA988DD-0C5B-4C24-AA05-34B3DFE76619}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMWUpd => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CCAF12A-CB64-4984-B398-44977B9FFF36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CCAF12A-CB64-4984-B398-44977B9FFF36}" => key removed successfully
C:\WINDOWS\System32\Tasks\Follow Extension => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Follow Extension" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D15F10C-3D66-4366-8BFE-38BBB3D2D841} => key not found. 
C:\WINDOWS\System32\Tasks\SushiLeads => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D236BA3-35AE-47D9-926D-1D6B18D9AFAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D236BA3-35AE-47D9-926D-1D6B18D9AFAA}" => key removed successfully
C:\WINDOWS\System32\Tasks\import => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\import" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F37D558-1769-40F2-9B44-CCD4BF31EE96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F37D558-1769-40F2-9B44-CCD4BF31EE96}" => key removed successfully
C:\WINDOWS\System32\Tasks\win => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{732CAE4E-D1C9-4537-8230-B3B263B6F120}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{732CAE4E-D1C9-4537-8230-B3B263B6F120}" => key removed successfully
C:\WINDOWS\System32\Tasks\bvxvbxxvaa => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaa => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75BFCBC2-3C41-471B-AC93-99A7291EB17D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75BFCBC2-3C41-471B-AC93-99A7291EB17D}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{790B0F82-FBF7-4A65-87FB-48A8B5719AE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{790B0F82-FBF7-4A65-87FB-48A8B5719AE7}" => key removed successfully
C:\WINDOWS\System32\Tasks\QXEBESK => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QXEBESK" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{805BE1B9-C515-4804-82CE-79F282314AFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{805BE1B9-C515-4804-82CE-79F282314AFC}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8277B1D0-5859-4939-B659-0B55517F6AAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8277B1D0-5859-4939-B659-0B55517F6AAF}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B6732DD-5A8B-4C92-859B-1D6A32F67ED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6732DD-5A8B-4C92-859B-1D6A32F67ED2}" => key removed successfully
C:\WINDOWS\System32\Tasks\System Healer Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FD38911-4C73-437D-B5E3-FC9008166069}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD38911-4C73-437D-B5E3-FC9008166069}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98532C13-55F6-4DA8-AF76-A624A333BFEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98532C13-55F6-4DA8-AF76-A624A333BFEA}" => key removed successfully
C:\WINDOWS\System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A88DE84D-2355-4692-B7A7-0E6F1F3619C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A88DE84D-2355-4692-B7A7-0E6F1F3619C4}" => key removed successfully
C:\WINDOWS\System32\Tasks\RSPro => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RSPro => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB673388-6C32-46B6-BC8A-4C4C07820CD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB673388-6C32-46B6-BC8A-4C4C07820CD6}" => key removed successfully
C:\WINDOWS\System32\Tasks\YFPFTQOXE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YFPFTQOXE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2F8936D-EB49-420D-A0BD-60A8BC86C796}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F8936D-EB49-420D-A0BD-60A8BC86C796}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3EFC9BB-E9AD-4A41-9C24-653A4A377256}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3EFC9BB-E9AD-4A41-9C24-653A4A377256}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6651D93-7630-4794-9B30-92DB1EF2D422}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6651D93-7630-4794-9B30-92DB1EF2D422}" => key removed successfully
C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD1DD1A-1331-4187-B4B8-4F3D55F84D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD1DD1A-1331-4187-B4B8-4F3D55F84D64}" => key removed successfully
C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9B6A09B-47FA-4321-A384-73A5CD7DA441}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9B6A09B-47FA-4321-A384-73A5CD7DA441}" => key removed successfully
C:\WINDOWS\System32\Tasks\SecurityApps2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC}" => key removed successfully
C:\WINDOWS\System32\Tasks\Googleuptodate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Googleuptodate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D33187A9-BA8C-4544-94E7-D2F21BDA6EC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33187A9-BA8C-4544-94E7-D2F21BDA6EC9}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2B92397-DCDE-4E70-B627-70306F7E7807}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2B92397-DCDE-4E70-B627-70306F7E7807}" => key removed successfully
C:\WINDOWS\System32\Tasks\Super Optimizer Schedule => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E72D99D0-8495-46D9-A54F-115AE55ABD94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72D99D0-8495-46D9-A54F-115AE55ABD94}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A008C39A-B232-473F-A068-6EAA465446D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA241A42-EC85-4779-8BAC-585A6F9D08FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA241A42-EC85-4779-8BAC-585A6F9D08FC}" => key removed successfully
C:\WINDOWS\System32\Tasks\System HealerPeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE4BF2FC-5016-49E2-9DF8-D253AFA1338A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE4BF2FC-5016-49E2-9DF8-D253AFA1338A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Optscan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optscan => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43}" => key removed successfully
C:\WINDOWS\System32\Tasks\Follow Extension2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Follow Extension2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3A1CB2A-B15E-4981-9C73-A65E24CFB758}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A1CB2A-B15E-4981-9C73-A65E24CFB758}" => key removed successfully
C:\WINDOWS\System32\Tasks\System HealerStartUp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7AC100A-2518-4999-9E56-F5D0836B61E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7AC100A-2518-4999-9E56-F5D0836B61E2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Lanwifi => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lanwifi => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F951DD44-C111-4DE3-AE28-5431AF203BEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F951DD44-C111-4DE3-AE28-5431AF203BEF}" => key removed successfully
C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDB6B95A-0EE1-42AD-9292-CB4D1C79B024}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB6B95A-0EE1-42AD-9292-CB4D1C79B024}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => key not found. 
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => not found.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => not found.
C:\WINDOWS\Tasks\NVDVJDI.job => not found.
C:\WINDOWS\Tasks\Optscan.job => not found.
C:\WINDOWS\Tasks\QXEBESK.job => not found.
C:\WINDOWS\Tasks\System HealerPeriod.job => not found.
C:\WINDOWS\Tasks\System HealerStartUp.job => not found.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => not found.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C82D7AA4-08BB-4E3D-A408-82F01613DE89} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{488A31B8-CB97-4F8A-B4D6-697D6A171764} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E740A7CC-6119-44AD-A924-5DB954A358D3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{786F9F67-53ED-4E7B-B74A-C28A8BC0769F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADAFB897-C726-403E-A448-D32C1016B2EC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{540021B5-F612-4C32-8512-4AFF485924CF} => value not found.
"C:\Program Files\BubbleSound" => not found.
"C:\Program Files\SpaceSoundPro" => not found.
"C:\Program Files (x86)\YTDownloader" => not found.
"C:\Program Files (x86)\PlayGem" => not found.
"C:\Program Files (x86)\Note-up" => not found.
"C:\Users\Liyah241\AppData\Local\SmartWeb" => not found.
"C:\Users\Liyah241\AppData\Roaming\TrailerTime" => not found.
"C:\Program Files (x86)\gmsd_us_005010219" => not found.
"C:\Program Files (x86)\SpaceSondPro_v53.12311" => not found.
"C:\Program Files (x86)\Optimizer Pro 3.99" => not found.
"C:\Program Files (x86)\Super Optimizer" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
"C:\Program Files (x86)\sushileads" => not found.
"C:\ProgramData\DataFile" => not found.
"C:\Users\Liyah241\AppData\Local\SearchModule" => not found.
"C:\Users\Liyah241\AppData\Local\winone" => not found.
"C:\Program Files (x86)\SearchProtect" => not found.
C:\Program Files\shopperz270120160220 => moved successfully
"C:\Program Files (x86)\Easyttosshhop" => not found.
"C:\Program Files (x86)\Consumer Input" => not found.
"C:\Program Files (x86)\QQuicckshuoP" => not found.
"C:\Program Files (x86)\deAlo4REaL" => not found.
"C:\Program Files (x86)\Checked List" => not found.
"C:\Program Files\shopperz" => not found.
c:\Program Files (x86)\IncrementInstance => moved successfully
"c:\Program Files (x86)\SustainerPlus" => not found.
"C:\Users\Liyah241\AppData\Roaming\NetService" => not found.
"C:\ProgramData\hKafruOyr" => not found.
C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8 => moved successfully
"C:\Program Files\Common Files\Goobzo" => not found.
C:\Users\Liyah241\AppData\Roaming\WinNetSvc => moved successfully
"C:\Program Files (x86)\WinWiki" => not found.
"C:\PROGRA~2\YTDOWN~1" => not found.
"C:\Users\Liyah241\AppData\Roaming\BejmaDua" => not found.
"C:\Program Files (x86)\PlumoWeb" => not found.
"C:\Program Files (x86)\DNS Unlocker" => not found.
"C:\Program Files (x86)\SystemHealer" => not found.
"C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0" => not found.
"C:\Users\Liyah241\AppData\Local\Follow Extension" => not found.
"C:\Program Files (x86)\MyPC Backup" => not found.
"C:\Users\Liyah241\AppData\Local\bvxvbxxvaa" => not found.
"C:\Users\Liyah241\AppData\Local\BrowserAir" => not found.
"C:\ProgramData\SearchModule" => not found.
"C:\Program Files (x86)\SwiftSearch_1.10.0.25" => not found.
"C:\Program Files (x86)\PC Optimizer" => not found.
"C:\Program Files\WajaWebEnhancer" => not found.
"c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}" => not found.
"C:\WINDOWS\rcore.exe" => not found.
C:\WINDOWS\system32\drivers\bsdriver.sys => moved successfully
"C:\Windows\System32\DRIVERS\sdfhgdf.sys" => not found.
"C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys" => not found.
"C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys" => not found.
"C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys" => not found.
"C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys" => not found.
"C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys" => not found.
"C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys" => not found.
"C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys" => not found.
"C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys" => not found.
"C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys" => not found.
C:\WINDOWS\system32\drivers\SPPD.sys => moved successfully
"C:\WINDOWS\system32\drivers\wpnfd_1_10_0_4.sys" => not found.
"C:\Windows\bs1.exe" => not found.
"C:\Windows\winupd.exe" => not found.
"C:\Windows\SysInfo.exe" => not found.
"C:\Windows\Mint.exe" => not found.
"C:\Windows\win.exe" => not found.
"C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe" => not found.
"C:\Windows\Wimboldon.exe" => not found.
"C:\Windows\hsysinfo.exe" => not found.
"C:\Windows\amdave64Win.exe" => not found.
 
=========  netsh winsock reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {1CDCBFBD-C9A0-4F3E-BC0B-E79EB02680F2}.
Unable to cancel {7C1A3CC1-CFBA-46FC-B69E-1BAC3E1C3EAB}.
Unable to cancel {599B5384-31CD-4133-842B-06509F886C1B}.
Unable to cancel {9225D877-69D6-48FC-BBE2-9021AABAEDF8}.
Unable to cancel {A8BB7C94-8BB1-4A6F-AD1B-EEE7150673C3}.
Unable to cancel {D2246A0D-5F16-4FE0-BADA-3C8B09D53746}.
Unable to cancel {549993F6-6A99-43E5-8515-C1E4AAB6D2CF}.
Unable to cancel {05523E28-6063-4A63-98E2-59E74796A905}.
Unable to cancel {E08E55C7-6724-42C1-A25C-A48EB8DEC20F}.
Unable to cancel {B24A5157-9223-4597-8608-03070C672BFE}.
Unable to cancel {357AAA4D-A02F-4B76-956A-74AAF798FCCC}.
Unable to cancel {4D2EFB34-1E68-45C1-87B2-E81438AA053F}.
Unable to cancel {E11CCAB2-EC2A-495B-9A8F-262B20D23D4D}.
Unable to cancel {0D28305A-838D-4F9F-8815-E5BA932DC726}.
Unable to cancel {500185D8-4CE9-49FB-9ACB-A78F31D34D89}.
Unable to cancel {62611DA1-AC1B-4813-BC65-07AEF7E59E3D}.
Unable to cancel {E16FD99D-FCAE-4896-AECF-E288AFEE9B31}.
Unable to cancel {35D9BE43-7F86-4940-922E-9D58340AC147}.
Unable to cancel {7A45E85E-4C99-46FC-9F47-3107CA51E9AA}.
Unable to cancel {4212CC39-B3DF-4886-AAB1-F6F09EAC5F32}.
Unable to cancel {913FEC32-49BB-4551-93D0-048EEE47C546}.
Unable to cancel {DB20FA05-ACDC-414E-8E04-FE075A1D40F8}.
Unable to cancel {32549869-5A11-4107-8C61-735864DFF3D5}.
Unable to cancel {EC260A65-E2C4-4C70-ACC7-1F012C9A47B0}.
Unable to cancel {23A86A94-4FCC-42D6-9D24-143FC8044F1D}.
Unable to cancel {F66AB985-D1D0-4098-A206-F0B683FB1685}.
Unable to cancel {9B719126-8CEC-4216-9313-C952A4786463}.
Unable to cancel {335E020B-5F02-4BDA-AB99-5C137D5176CC}.
Unable to cancel {FDAE275E-8F6E-4480-AC02-B01A01DA0377}.
Unable to cancel {A9ACA835-5125-47FF-A8F0-D131C95F096C}.
Unable to cancel {72D06CE2-A9A9-4637-A1D9-759E668B24BE}.
Unable to cancel {B1E16B5E-AED5-42EB-BBF8-932DAA6D74F7}.
Unable to cancel {437AA846-E033-4380-A5F0-2CC375CF559F}.
Unable to cancel {5794F57B-645F-49BF-80EC-26C7752E12C5}.
Unable to cancel {B21EE32B-D1C3-4CB8-ADFA-E7DC0A312D06}.
Unable to cancel {F1697646-E483-41B9-B649-133B228F3B7B}.
Unable to cancel {C2DD2FE2-8747-40D3-A00F-0D0E94DC1D15}.
Unable to cancel {843A5D02-8DB4-4F99-B5CD-B20B01EF1F15}.
Unable to cancel {3A0C4324-063C-4609-A740-AAA1F288FB21}.
Unable to cancel {FCBA4409-371C-4F8D-B63C-C22BCFD289EF}.
Unable to cancel {FD8534C7-2365-4D32-ACC8-3C6AE6093E25}.
Unable to cancel {BD770EB8-A793-42C7-A53A-3A88515EAF17}.
Unable to cancel {F7879BAF-3BEF-4E0D-BB5C-DBEE3EAA926B}.
Unable to cancel {124FCB0D-D122-4254-BB53-ABDDDB1D1579}.
Unable to cancel {3956ED4B-A436-4679-9095-2974E7690365}.
Unable to cancel {09C1DE5E-FB23-4493-B67C-C0386AF0AB58}.
Unable to cancel {8398E7AB-172D-46C3-9D63-DA2116151CEC}.
Unable to cancel {E22CB929-59FE-4F15-9F59-9302C9969D5E}.
Unable to cancel {B7E32D4A-7751-4386-B320-DD0AB1A8C6BC}.
Unable to cancel {38F020B3-132D-44A4-AE9F-396DD82CD415}.
Unable to cancel {D023EDCB-CDB0-42D6-B704-11F50E68CD3E}.
Unable to cancel {2BD14DAB-0BB1-4760-8112-4DC2AA9003CB}.
Unable to cancel {17B9D721-F5A5-4EE2-827B-CD4BC676D43A}.
Unable to cancel {64425171-99FF-49A7-84AB-1AD734EC8F70}.
Unable to cancel {6C1BACEC-C7DC-47E9-BB76-42909C21363E}.
Unable to cancel {F304CAE5-8D83-4588-A453-A21FE33F5AD2}.
Unable to cancel {1E5282CA-D2BF-4A52-9369-DB4BDFF24316}.
Unable to cancel {EFD0DDBD-8EA8-480F-AAF9-EC8658925D51}.
Unable to cancel {8BE66B78-4922-4798-9139-B0A4DEC95062}.
Unable to cancel {3DC78152-ACA3-447B-B719-B957B58DAFFF}.
Unable to cancel {E689E9D2-FC4B-4E3C-B4F1-508907D5D758}.
{754DABD0-4D51-46FD-9FCB-FFAD86DBCB51} canceled.
{F0EC06EE-B43E-4330-A965-0B5089C0D4B2} canceled.
{51FDD84C-8F12-4DBA-AE5A-C1D223552461} canceled.
{159F0948-AACB-4B43-8AA6-F9E258095231} canceled.
{588E156A-85C8-476B-A4F9-12F87ED23D65} canceled.
{8318DAD2-F77C-4B5C-A3F0-5F3ABEBD3914} canceled.
{D567E069-F542-4B61-ADCF-129AB6357186} canceled.
{02D513B4-8DFD-4802-9925-B0CB00A00210} canceled.
{AD4A5D73-178B-4D12-8F67-8AA81526B8FE} canceled.
{952D7DE3-1695-4854-8541-4243B858B7A0} canceled.
{6DE8D6D6-09FF-4908-B20C-F7ED7FA537ED} canceled.
{CFF1DD42-A65C-49E5-B6CC-56C27B8AAF29} canceled.
{FA9B2F59-ABA1-4B6F-8884-B7E2DEC75AFD} canceled.
{A4E8D2FB-E49D-4BEE-AE49-9BBF429E201E} canceled.
{7D8788ED-D5A0-48A5-B686-BBD2F4B8C3C6} canceled.
{7BDFC9A9-283A-47BA-AEA6-D56A99D3271D} canceled.
{353DFC56-FA30-4C60-9610-02D89DDBC56A} canceled.
{F00B84BB-9D01-4934-A6AE-F1A1AE1E2C4B} canceled.
{793848E7-080B-4E5D-A1A9-8CA97FE2B095} canceled.
19 out of 80 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 13 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection* 13 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Resetting , failed.
Access is denied.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
 
 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d   
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t . 
 
 
 
========= End of CMD: =========
 
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 
 
 
 
 
 T h e r e   i s   a   s y s t e m   r e p a i r   p e n d i n g   w h i c h   r e q u i r e s   r e b o o t   t o   c o m p l e t e .     R e s t a r t   
 
 
 W i n d o w s   a n d   r u n   s f c   a g a i n . 
 
 
 
========= End of CMD: =========
 
EmptyTemp: => 2.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:12:53 ====
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Liyah241 (administrator) on DIVAS-PC (24-03-2016 11:21:47)
Running from F:\
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Facebook Inc.) C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-13] (LeapFrog Enterprises, Inc.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Facebook Update] => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-23] (Facebook Inc.)
IFEO\sethc.exe: [Debugger] C:\Windows\System32\msconfig.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> DefaultScope {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = 
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {B26DCD28-5C71-41A8-9267-16D15DE69EAE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-01-23] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-26] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-2316278512-3877362351-3516534219-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2016-03-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-02-24] [not signed]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-13] (LeapFrog Enterprises, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-02-08] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-24] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSvia64.sys [513184 2013-04-19] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\ENG64.SYS [126192 2013-02-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\EX64.SYS [2087664 2013-02-24] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-12-30] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-22 19:38 - 2016-03-24 10:52 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 19:38 - 2016-03-22 19:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 19:37 - 2016-03-24 11:21 - 00000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-24 11:24 - 2013-11-29 20:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-24 11:20 - 2013-02-28 22:22 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\Skype
2016-03-24 11:18 - 2015-10-23 15:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-24 11:15 - 2015-01-15 17:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-24 11:15 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-24 11:11 - 2013-02-24 22:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2316278512-3877362351-3516534219-1005
2016-03-24 11:06 - 2016-01-23 12:56 - 00000000 ____D C:\ProgramData\{21e2c4a6-00c8-0}
2016-03-24 11:06 - 2016-01-23 12:56 - 00000000 ____D C:\ProgramData\{1e010a4c-70c8-1}
2016-03-24 11:06 - 2013-12-09 12:32 - 00001172 _____ C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 11:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-03-24 10:52 - 2014-10-22 23:40 - 00002237 _____ C:\Users\Liyah241\Desktop\HP Support Assistant.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002659 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002629 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002627 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2016-03-24 10:52 - 2013-12-09 01:19 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-24 10:52 - 2013-12-08 23:25 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orion File Recovery Software.lnk
2016-03-24 10:52 - 2013-12-08 23:25 - 00001108 _____ C:\Users\Public\Desktop\Orion File Recovery Software.lnk
2016-03-24 10:52 - 2013-11-29 20:32 - 00001988 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-24 10:52 - 2013-11-29 20:30 - 00000944 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2016-03-24 10:52 - 2013-07-04 03:38 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-24 10:52 - 2013-07-04 03:35 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-24 10:52 - 2013-02-28 22:21 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-24 10:52 - 2013-02-24 21:53 - 00002082 _____ C:\Users\Public\Desktop\HP Games.lnk
2016-03-24 10:52 - 2013-02-24 21:53 - 00002070 _____ C:\Users\Public\Desktop\eBay.lnk
2016-03-24 10:52 - 2013-02-24 21:52 - 00002160 _____ C:\Users\Public\Desktop\Walmart Photo Center.lnk
2016-03-24 10:52 - 2012-12-31 06:57 - 00002515 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-03-24 10:52 - 2012-12-31 06:39 - 00001355 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-03-24 10:52 - 2012-08-17 11:12 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-03-24 10:52 - 2012-08-17 11:12 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-03-24 10:30 - 2013-07-23 19:25 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job
2016-03-23 19:30 - 2013-07-23 19:25 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job
2016-03-22 21:01 - 2016-01-26 20:48 - 00000000 ____D C:\ProgramData\36dc8b28-35d5-0
2016-03-22 21:01 - 2016-01-26 20:48 - 00000000 ____D C:\ProgramData\36dc8b28-31b1-1
2016-03-22 21:01 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\Company
2016-03-22 21:00 - 2015-05-01 05:20 - 00000000 ____D C:\ProgramData\1887373585
2016-03-22 21:00 - 2015-05-01 05:18 - 00000000 ____D C:\ProgramData\2355320829
2016-03-22 21:00 - 2015-03-23 15:33 - 00000000 ____D C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0
2016-03-22 21:00 - 2015-03-17 16:57 - 00000000 ____D C:\ProgramData\cheap-o
2016-03-22 19:42 - 2013-12-09 00:58 - 00006424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 19:09 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 19:03 - 2015-05-01 05:25 - 00000814 _____ C:\Users\Liyah241\AppData\Local\Temp-log.txt
2016-03-22 07:34 - 2013-12-09 01:10 - 00000000 ____D C:\Users\Liyah241
2016-03-22 07:24 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-22 07:21 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
 
==================== Files in the root of some directories =======
 
2015-05-01 05:25 - 2016-03-22 19:03 - 0000814 _____ () C:\Users\Liyah241\AppData\Local\Temp-log.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll
[2014-10-29 15:28] - [2014-10-29 15:28] - 0494592 ____A (Microsoft Corporation) ED11721103CE93DF7C3D8D171476A29F
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-23 16:16
 
==================== End of FRST.txt ============================
 
FRST Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-24 11:24:31)
Running from F:\
Windows 8.1 (X64) (2013-12-09 08:34:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
AAliyah (S-1-5-21-2316278512-3877362351-3516534219-1002 - Administrator - Enabled) => C:\Users\AAliyah
aavar_000 (S-1-5-21-2316278512-3877362351-3516534219-1003 - Administrator - Enabled) => C:\Users\aavar_000
Administrator (S-1-5-21-2316278512-3877362351-3516534219-500 - Administrator - Disabled)
Amanda (S-1-5-21-2316278512-3877362351-3516534219-1008 - Limited - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2316278512-3877362351-3516534219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2316278512-3877362351-3516534219-1007 - Limited - Enabled)
Liyah241 (S-1-5-21-2316278512-3877362351-3516534219-1005 - Administrator - Enabled) => C:\Users\Liyah241
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.1.18456 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Orion File Recovery Software (HKLM-x32\...\Orion) (Version:  - NCH Software)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FA68CB1-F70F-497D-A7EA-70CCFD049024} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1565E572-5707-4574-A166-82304ACDF0DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {19DBB75F-F185-4BE8-B5B7-26D953F04CDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {272E4711-0CE2-4CA7-9882-F36D01E5EB00} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {454644C7-933F-42B3-BFD9-A3DB8BD5274E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {4813F88F-ABA2-4467-B7B0-EBC483988773} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4F4922F9-801E-4DE8-8C5A-3CD868EA6CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-05-05] (Hewlett-Packard)
Task: {4FBADFDA-B9BA-4AAB-B9A4-B760FD138308} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {56A7D303-FA5B-41F8-B35B-FFFF291BC163} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {5A1B0BCE-2EFA-48B5-A163-08A6CFE62604} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {612A3083-C806-46DF-B39F-E21B9C91848A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {77E2BEB9-0430-4A88-BCDB-D174072DB76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A0A5988-6A65-462E-A292-68A6B6870F87} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {92FC8ABE-4409-4EEA-82D2-FC89A5C0669C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {97884243-269F-4FF1-8971-B74350DE530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {A08391D7-A1C3-446A-BA04-FEEB678698A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-26] (Microsoft Corporation)
Task: {ACE2EFD5-6E21-4DDA-8A8B-C4DEA67F7FC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {B48233E2-EBDD-4E3D-A372-16C96E91DE07} - \SushiLeads -> No File <==== ATTENTION
Task: {BEE85776-F774-4BDF-A094-A03253C81B95} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {D2B88BE8-AB29-44BB-95EB-EF2A8CFDA298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {D9077C6D-1581-4391-90F3-6803A9E67B89} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {ED0320A2-FD63-45A8-9CAC-A641B5B23FED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {FB8A7251-4D78-4055-82E3-BA05A0D18C27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-15 20:03 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-23 12:46 - 2016-01-23 12:46 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-15 20:01 - 2012-05-29 23:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2012-12-31 06:42 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-11-21 15:35 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
17-03-2015 16:59:22 Windows Update
22-03-2015 12:30:00 Windows Modules Installer
22-03-2015 12:31:18 Windows Modules Installer
24-03-2015 18:13:09 HPSF Applying updates
30-04-2015 23:38:12 Windows Update
05-05-2015 16:23:03 Windows Update
23-10-2015 16:16:29 Windows Update
22-03-2016 18:59:30 Removed AllPCOptimizer.
24-03-2016 11:05:02 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2016 11:20:52 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 11:05:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1f3d68c0-c198-432f-8ccc-2a922122f9a8}
 
Error: (03/24/2016 11:01:04 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 10:55:11 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 10:43:09 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 10:30:05 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 07:43:09 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 07:30:05 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 04:43:10 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/24/2016 04:30:05 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
 
System errors:
=============
Error: (03/24/2016 11:15:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (03/24/2016 11:06:12 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/24/2016 11:05:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error: 
%%2147944103
 
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/24/2016 11:05:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-23 16:06:30.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 16:04:37.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 16:02:19.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:59:33.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:57.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:13.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:11.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 3682.26 MB
Available physical RAM: 2640.11 MB
Total Virtual: 4322.26 MB
Available Virtual: 3221.66 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:273.59 GB) (Free:207.6 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.9 GB) (Free:14.87 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#5
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi Lorenzo Baltazar Perez,
 
A few things to note:
  • You're running FRST64.exe from a removable Drive. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.
  • You are still on Chrome Dev build, did you follow my previous instruction to reinstall Chrome?
  • Both your Windows Defender and Norton Internet Security has been disabled, did you purposely disabled it yourself? If not, please enable back the Anti-virus that you're using.
Remove unwanted programs

Please uninstall the following unwanted programs:

Itibiti RTC

Note: If any of the programs are not listed, proceed to the next one and work through the list.

To do this:
  • Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
  • Enter control panel in the search box, then tap or click Control Panel.
  • Under View by:, select Large Icons, then tap or click Programs and features.
  • Tap or click the program, then tap or click Uninstall.
  • Follow the instructions on screen.

    Repeat the above steps for all the other programs to remove.
    Reboot the machine once all programs has been uninstalled.
Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit to your Desktop
  • Double-click the icon to start the tool.
  • It will ask you where to extract it. Extracting to the Desktop will be fine. Then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next".
  • In the next window, make sure that Drivers, Sectors, and System are checked. Then click "Scan".
  • If no threats are found just close the program
  • If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  • Or if you are sure any entries should be kept, just untick them. A list of infected files will be listed.
  • The Clean up procedure will be Scheduled for process.
  • When complete, the pop-up window will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  • Open the MBAR folder, which is located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"



FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> DefaultScope {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = 
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
Task: {B48233E2-EBDD-4E3D-A372-16C96E91DE07} - \SushiLeads -> No File <==== ATTENTION

sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • Any issue with uninstallation?
  • Malwarebytes Anti-rootkit log
  • FRST fixlog
  • AdwCleaner scan log
  • How is your system running now?

  • 0

#6
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Chrome is not showing up in programs to uninstall.  I tried using the chrome clean up tool but that found nothing as well.  I installed Chrome, rebooted, uninstalled, rebooted but still there seems to be remnants of the Dev Build somewhere.  I uninstalled Norton and a McAfee scanner as it seems that if the PC sees another AV it disables Defender.  Even after this I was unable to get Defender to start.  I ran sfc/scannow and it produced a CBS.lof file which I will post separately along with the debug file the chrome removal tool produced.  The system is running much better.  I will add a AV (ESET Smart Security, or Avast or AVG) later if we can't get defender to work..

 

Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-26 00:37:02) Run:2
Running from C:\Users\Liyah241\Desktop
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> DefaultScope {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = 
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
Task: {B48233E2-EBDD-4E3D-A372-16C96E91DE07} - \SushiLeads -> No File <==== ATTENTION
 
sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
bsdriver => service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B48233E2-EBDD-4E3D-A372-16C96E91DE07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B48233E2-EBDD-4E3D-A372-16C96E91DE07}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. 
sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll => Error: No automatic fix found for this entry.
EmptyTemp: => 25.7 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 00:39:24 ====
 
 
MBAR Log:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.03.26.02
  rootkit: v2016.03.12.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
Liyah241 :: DIVAS-PC [administrator]
 
3/25/2016 11:24:09 PM
mbar-log-2016-03-25 (23-24-09).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 474673
Time elapsed: 1 hour(s), 3 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER (Rootkit.Komodia.PUA) -> Delete on reboot. [52082468eeabc076376d4c330202db25]
 
Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BSDRIVER|DisplayName (Rootkit.Komodia.PUA) -> Data: bsdriver -> Delete on reboot. [52082468eeabc076376d4c330202db25]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys (PUP.Optional.Cherimoya) -> Delete on reboot. [fb54ae223aab947a013daf9d657aab19]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
ADW Log:  
 
# AdwCleaner v5.105 - Logfile created 26/03/2016 at 00:44:23
# Updated 21/03/2016 by Xplode
# Database : 2016-03-25.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Liyah241 - DIVAS-PC
# Running from : C:\Users\Liyah241\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\ProgramData\cheap-o
Folder Found : C:\ProgramData\36dc8b28-31b1-1
Folder Found : C:\ProgramData\36dc8b28-35d5-0
Folder Found : C:\ProgramData\offfeersoft
Folder Found : C:\ProgramData\sAVingttoyou
Folder Found : C:\ProgramData\SofftCoUp
Folder Found : C:\ProgramData\{1e010a4c-70c8-1}
Folder Found : C:\ProgramData\{21e2c4a6-00c8-0}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\Users\Liyah241\AppData\Local\FinanceAlert
Folder Found : C:\Users\Liyah241\AppData\Local\globalUpdate
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\Public\Desktop\eBay.lnk
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : Chrome Cleanup Tool logs upload retry
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WeatherApp.exe
Key Found : HKLM\SOFTWARE\32D03B26-CC1A-3941-B96F-FC1849C67FC0
Key Found : HKLM\SOFTWARE\e1b17809-989e-23ad-db81-5fe2e7c998bf
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
Key Found : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Classes\PepperZip
Key Found : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Corez
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\NpApp
Key Found : HKCU\Software\tstamptoken
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\IGS
Key Found : HKLM\SOFTWARE\NetTcpHandler
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\NtSvcHandler
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\seekmx
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2616871-3463-BCEE-5AFA-73773317A381}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : [x64] HKLM\SOFTWARE\seekmx
Key Found : [x64] HKLM\SOFTWARE\YTDownloader
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Conduit
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Corez
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\GlobalUpdate
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\NpApp
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\tstamptoken
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Tutorials
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\PlumoWeb
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\shopperz
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Ge-Force
Key Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
Key Found : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdsrc-a.akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\inst.shoppingate.info
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pricepeep.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markit.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shoppingate.info
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tohotweb.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\trovi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.tohotweb.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.trovi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apiplumowebnet-a.akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\serviceama-a.akamaihd.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thesmartsearch.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-searching.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.thesmartsearch.net
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
Value Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Itibiti.exe]
Value Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
Value Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchModule]
Value Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Super Optimizer]
Value Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SushiLeadsApplication]
Value Found : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [YTDownloader]
 
***** [ Web browsers ] *****
 
[C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [12082 bytes] - [26/03/2016 00:44:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12156 bytes] ##########
 

 


  • 0

#7
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

The CBS Log is 15MB file and it crashes the page if I try to cut and paste.  Let me know if you want it.


  • 0

#8
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi, 

 

You can try to attach to Google drive, mediafire or similar and post the download link here.

 

The attachment here is only accept a maximum of 1MB. 


  • 0

#9
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Try this, I've never done this before.

 

CBS.Log


Edited by Lorenzo Baltazar Perez, 26 March 2016 - 02:49 AM.

  • 0

#10
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Please visit How to Share Google drive document

 

Scroll down to "Share a file or folder publicly" and follow the instruction.

 

Ensure that the setting is "On - Public on the web".


  • 0

Advertisements


#11
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

,


Edited by Lorenzo Baltazar Perez, 26 March 2016 - 02:49 AM.

  • 0

#12
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Alright. Thanks. I have gotten the file now.

 

You can turn off the settings now, and remove the link from your post.


  • 0

#13
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi Lorenzo Baltazar Perez,
 

Chrome is not showing up in programs to uninstall.

 
We'll hold on the Chrome first. I'll review again once I see your new logs.
 

I will add a AV (ESET Smart Security, or Avast or AVG) later if we can't get defender to work.

 
Windows Defender has Anti-virus capability, as such, you probably do not need to install other AV. Multiple AV will cause more harm than good.
Let's try and see if we can start Windows Defender.
 
Windows Defender Service
  • Click Windows key + R.
  • Type services.msc and Press OK.
  • Please ensure the below service must be set to Started and Automatic.

    Windows Defender Service
  • If the above services are not set to Started and Automatic, please right click on that particular service and select properties.
  • On properties window, please change the Start-up type to Automatic and use the Start button to start the service.
  • Click Apply, click OK.
  • Close the Services window
  • Please restart the computer.
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CreateRestorePoint:
CloseProcesses:

CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt
FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • Any issue starting Windows Defender service?
  • FRST fixlog
  • JRT log
  • AdwCleaner log
  • FRST log
  • FRST Addition log

  • 0

#14
Lorenzo Baltazar Perez

Lorenzo Baltazar Perez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Windows Defender does not appear in the Microsoft Services list. I scanned through the Addition log and I saw the Defender is up to date but is disabled, could this be why it doesn't appear in services list?

The laptop is running much faster and no annoying popup appear like before.

 

Fix Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-26 10:03:29) Run:3
Running from C:\Users\Liyah241\Desktop
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
 
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
 
 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   d i d   n o t   f i n d   a n y   i n t e g r i t y   v i o l a t i o n s . 
 
 
 
========= End of CMD: =========
 
EmptyTemp: => 36.9 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:04:18 ====
 
JRT Log:  
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64 
Ran by Liyah241 (Administrator) on Sat 03/26/2016 at 10:07:09.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Failed to delete: C:\ProgramData\Start Menu\Programs\pepperzip (Folder) 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\{1e010a4c-70c8-1} (Folder) 
Successfully deleted: C:\ProgramData\{21e2c4a6-00c8-0} (Folder) 
Successfully deleted: C:\ProgramData\36dc8b28-31b1-1 (Folder) 
Successfully deleted: C:\ProgramData\36dc8b28-35d5-0 (Folder) 
Successfully deleted: C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0 (Folder) 
Successfully deleted: C:\ProgramData\ffd82b5028574b3ca46cf7b87096e8d4 (Folder) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\Liyah241\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Liyah241\AppData\Local\financealert (Folder) 
Successfully deleted: C:\Users\Liyah241\AppData\Local\globalupdate (Folder) 
Successfully deleted: C:\Users\Liyah241\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 
Successfully deleted: C:\Program Files (x86)\globalupdate (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\OPTIMIZERPRO.EXE-072487EA.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\OPTIMIZERPRO.EXE-4277C352.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\SUPEROPTIMIZER.EXE-16B9CC47.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/26/2016 at 10:11:56.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
ADW Cleaner Log:
 
# AdwCleaner v5.105 - Logfile created 26/03/2016 at 10:26:49
# Updated 21/03/2016 by Xplode
# Database : 2016-03-25.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Liyah241 - DIVAS-PC
# Running from : C:\Users\Liyah241\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\cheap-o
[-] Folder Deleted : C:\ProgramData\offfeersoft
[-] Folder Deleted : C:\ProgramData\sAVingttoyou
[-] Folder Deleted : C:\ProgramData\SofftCoUp
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Chrome Cleanup Tool logs upload retry
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WeatherApp.exe
[-] Key Deleted : HKLM\SOFTWARE\32D03B26-CC1A-3941-B96F-FC1849C67FC0
[-] Key Deleted : HKLM\SOFTWARE\e1b17809-989e-23ad-db81-5fe2e7c998bf
[-] Key Deleted : HKCU\Software\Classes\PepperZip
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Corez
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\NpApp
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\IGS
[-] Key Deleted : HKLM\SOFTWARE\NetTcpHandler
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\NtSvcHandler
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\seekmx
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2616871-3463-BCEE-5AFA-73773317A381}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\seekmx
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\PlumoWeb
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\shopperz
[-] Key Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Ge-Force
[-] Key Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdsrc-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\inst.shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pricepeep.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markable.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markable00.re-markable.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tohotweb.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\trovi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.tohotweb.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.trovi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apiplumowebnet-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\playsushi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.eshopcomp.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markable.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\serviceama-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markable00.re-markable.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.re-markit00.re-markit.co
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thesmartsearch.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-searching.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.thesmartsearch.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com
[-] Value Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Itibiti.exe]
[-] Value Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Optimizer Pro]
[-] Value Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SearchModule]
[-] Value Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Super Optimizer]
[-] Value Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [SushiLeadsApplication]
[-] Value Deleted : HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [YTDownloader]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [11219 bytes] - [26/03/2016 10:26:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [12260 bytes] - [26/03/2016 00:44:23]
C:\AdwCleaner\AdwCleaner[S2].txt - [11821 bytes] - [26/03/2016 10:23:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11441 bytes] ##########
 
 
FRST Log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Liyah241 (administrator) on DIVAS-PC (26-03-2016 10:30:29)
Running from C:\Users\Liyah241\Desktop
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-13] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Facebook Update] => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-23] (Facebook Inc.)
IFEO\sethc.exe: [Debugger] C:\Windows\System32\msconfig.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {B26DCD28-5C71-41A8-9267-16D15DE69EAE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-25] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-25] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-2316278512-3877362351-3516534219-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR Profile: C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-25]
CHR Extension: (Google Docs) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-25]
CHR Extension: (Google Drive) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-25]
CHR Extension: (YouTube) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-25]
CHR Extension: (Google Sheets) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-25]
CHR Extension: (Google Docs Offline) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-25]
CHR Extension: (Gmail) - C:\Users\Liyah241\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-13] (LeapFrog Enterprises, Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-12-30] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-26 10:30 - 2016-03-26 10:31 - 00014226 _____ C:\Users\Liyah241\Desktop\FRST.txt
2016-03-26 10:15 - 2016-03-26 10:15 - 00000861 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2016-03-26 10:11 - 2016-03-26 10:11 - 00001816 _____ C:\Users\Liyah241\Desktop\JRT.txt
2016-03-26 10:06 - 2016-03-26 10:00 - 01610352 _____ (Malwarebytes) C:\Users\Liyah241\Desktop\JRT.exe
2016-03-26 10:03 - 2016-03-26 10:04 - 00000933 _____ C:\Users\Liyah241\Desktop\Fixlog.txt
2016-03-26 00:43 - 2016-03-26 10:26 - 00000000 ____D C:\AdwCleaner
2016-03-25 23:23 - 2016-03-26 00:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-25 23:22 - 2016-03-26 00:31 - 00000000 ____D C:\Users\Liyah241\Desktop\mbar
2016-03-25 23:22 - 2016-03-25 22:06 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Liyah241\Desktop\mbar-1.09.3.1001.exe
2016-03-25 23:17 - 2016-03-26 10:28 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLiyah241.job
2016-03-25 23:17 - 2016-03-26 10:22 - 00003182 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLiyah241
2016-03-25 23:12 - 2016-03-25 23:17 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-25 23:12 - 2016-03-25 23:12 - 00000000 ____D C:\Users\Liyah241\AppData\Local\Deployment
2016-03-25 23:12 - 2016-03-25 23:12 - 00000000 ____D C:\Users\Liyah241\AppData\Local\Apps\2.0
2016-03-25 22:56 - 2016-03-25 22:56 - 00000000 ____D C:\Program Files\Windows Defender
2016-03-25 22:56 - 2016-03-25 22:56 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-03-25 22:07 - 2016-03-25 22:07 - 01530368 _____ C:\Users\Liyah241\Desktop\AdwCleaner.exe
2016-03-22 19:38 - 2016-03-25 23:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 19:38 - 2016-03-25 23:22 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 19:38 - 2016-03-24 10:52 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 19:37 - 2016-03-26 10:30 - 00000000 ____D C:\FRST
2016-03-22 19:32 - 2016-03-22 19:31 - 02374144 _____ (Farbar) C:\Users\Liyah241\Desktop\FRST64.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-26 10:30 - 2013-07-23 19:25 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job
2016-03-26 10:28 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-26 10:28 - 2013-02-28 22:22 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\Skype
2016-03-26 10:24 - 2013-11-29 20:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-26 01:34 - 2012-08-17 11:00 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-03-26 01:31 - 2012-08-03 17:02 - 00000000 ____D C:\SWSetup
2016-03-26 01:29 - 2012-12-31 06:04 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-03-26 01:25 - 2013-10-23 15:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-26 01:16 - 2013-03-09 11:53 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-26 00:56 - 2013-02-24 22:00 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2316278512-3877362351-3516534219-1005
2016-03-26 00:54 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-25 23:24 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-25 23:20 - 2014-12-15 20:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-25 23:13 - 2015-10-23 16:00 - 00000000 ____D C:\Users\Liyah241\AppData\Local\Google
2016-03-25 23:11 - 2013-02-24 21:53 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{155B1251-E32B-4616-A99B-604ECA372EB7}
2016-03-25 22:03 - 2012-12-31 06:55 - 00000000 ____D C:\ProgramData\Norton
2016-03-25 22:02 - 2015-10-23 15:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-25 22:02 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-25 22:02 - 2012-07-26 01:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-25 19:30 - 2013-07-23 19:25 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job
2016-03-24 12:37 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-24 11:15 - 2015-01-15 17:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-24 11:06 - 2013-12-09 12:32 - 00001172 _____ C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 11:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-03-24 10:52 - 2014-10-22 23:40 - 00002237 _____ C:\Users\Liyah241\Desktop\HP Support Assistant.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002659 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002629 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002627 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2016-03-24 10:52 - 2013-12-09 01:19 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-24 10:52 - 2013-12-08 23:25 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orion File Recovery Software.lnk
2016-03-24 10:52 - 2013-12-08 23:25 - 00001108 _____ C:\Users\Public\Desktop\Orion File Recovery Software.lnk
2016-03-24 10:52 - 2013-11-29 20:30 - 00000944 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2016-03-24 10:52 - 2013-07-04 03:38 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-24 10:52 - 2013-07-04 03:35 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-24 10:52 - 2013-02-28 22:21 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-24 10:52 - 2013-02-24 21:53 - 00002082 _____ C:\Users\Public\Desktop\HP Games.lnk
2016-03-24 10:52 - 2013-02-24 21:52 - 00002160 _____ C:\Users\Public\Desktop\Walmart Photo Center.lnk
2016-03-24 10:52 - 2012-12-31 06:39 - 00001355 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-03-24 10:52 - 2012-08-17 11:12 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-03-24 10:52 - 2012-08-17 11:12 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-03-22 21:00 - 2015-05-01 05:20 - 00000000 ____D C:\ProgramData\1887373585
2016-03-22 21:00 - 2015-05-01 05:18 - 00000000 ____D C:\ProgramData\2355320829
2016-03-22 19:42 - 2013-12-09 00:58 - 00006424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 19:03 - 2015-05-01 05:25 - 00000814 _____ C:\Users\Liyah241\AppData\Local\Temp-log.txt
2016-03-22 07:34 - 2013-12-09 01:10 - 00000000 ____D C:\Users\Liyah241
2016-03-22 07:21 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
 
==================== Files in the root of some directories =======
 
2015-05-01 05:25 - 2016-03-22 19:03 - 0000814 _____ () C:\Users\Liyah241\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\Liyah241\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-26 10:01
 
==================== End of FRST.txt ============================
 
 
Addition Log:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-26 10:32:49)
Running from C:\Users\Liyah241\Desktop
Windows 8.1 (X64) (2013-12-09 08:34:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
AAliyah (S-1-5-21-2316278512-3877362351-3516534219-1002 - Administrator - Enabled) => C:\Users\AAliyah
aavar_000 (S-1-5-21-2316278512-3877362351-3516534219-1003 - Administrator - Enabled) => C:\Users\aavar_000
Administrator (S-1-5-21-2316278512-3877362351-3516534219-500 - Administrator - Disabled)
Amanda (S-1-5-21-2316278512-3877362351-3516534219-1008 - Limited - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2316278512-3877362351-3516534219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2316278512-3877362351-3516534219-1007 - Limited - Enabled)
Liyah241 (S-1-5-21-2316278512-3877362351-3516534219-1005 - Administrator - Enabled) => C:\Users\Liyah241
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.1.18456 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Orion File Recovery Software (HKLM-x32\...\Orion) (Version:  - NCH Software)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version:  - LeapFrog)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FA68CB1-F70F-497D-A7EA-70CCFD049024} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {1565E572-5707-4574-A166-82304ACDF0DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-26] (Microsoft Corporation)
Task: {19DBB75F-F185-4BE8-B5B7-26D953F04CDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {3D022529-2CCC-4B36-A19C-C30EF025A2B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Service Update Utility => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Service\ServiceUpdater.exe [2015-05-20] (Hewlett-Packard Company)
Task: {3E08CA70-2043-43E5-9F35-5CDA33ED55C1} - System32\Tasks\HPCeeScheduleForLiyah241 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4F4922F9-801E-4DE8-8C5A-3CD868EA6CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2016-03-15] (Hewlett-Packard)
Task: {4FB648B4-9F7C-49C7-97D0-7305A8321918} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {4FBADFDA-B9BA-4AAB-B9A4-B760FD138308} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5A1B0BCE-2EFA-48B5-A163-08A6CFE62604} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {612A3083-C806-46DF-B39F-E21B9C91848A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {6DA04470-437E-417A-A8CA-2161A0B6D92C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {77E2BEB9-0430-4A88-BCDB-D174072DB76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {85C2DB54-532A-4EB6-956D-D70AB7D37334} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {92FC8ABE-4409-4EEA-82D2-FC89A5C0669C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {97884243-269F-4FF1-8971-B74350DE530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-02-22] (HP Inc.)
Task: {A08391D7-A1C3-446A-BA04-FEEB678698A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-25] (Microsoft Corporation)
Task: {BD310AFE-257B-421D-A238-947D16F71B1C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {BEE85776-F774-4BDF-A094-A03253C81B95} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {C805535E-5252-4B02-9CE2-7BF5828D3D67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {D2B88BE8-AB29-44BB-95EB-EF2A8CFDA298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {D9077C6D-1581-4391-90F3-6803A9E67B89} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {ED0320A2-FD63-45A8-9CAC-A641B5B23FED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-02-22] (HP Inc.)
Task: {F5BD4F9B-67DA-40A3-B825-9B1645F0763E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {FB8A7251-4D78-4055-82E3-BA05A0D18C27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForLiyah241.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-15 20:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-23 12:46 - 2016-01-23 12:46 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-31 06:42 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-03-25 22:09 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B38BB2BC-BE5D-4BDD-AE42-D5940E36D422}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
 
==================== Restore Points =========================
 
24-03-2016 11:05:02 Restore Point Created by FRST
25-03-2016 22:10:25 Removed Itibiti RTC
26-03-2016 00:30:02 Malwarebytes Anti-Rootkit Restore Point
26-03-2016 00:37:15 Restore Point Created by FRST
26-03-2016 01:26:51 HPSF Applying updates
26-03-2016 01:31:24 Removed HP Quick Launch
26-03-2016 01:32:45 Installed HP Quick Launch
26-03-2016 10:03:30 Restore Point Created by FRST
26-03-2016 10:07:19 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2016 10:03:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {37828aa7-1b69-4328-a68e-6a30a95495da}
 
Error: (03/26/2016 01:32:19 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: divas-pc)
Description: Application or service 'HPWMISVC' could not be restarted.
 
Error: (03/26/2016 12:37:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bc8bc6ee-714b-4d22-84eb-f1be27ee751b}
 
Error: (03/25/2016 10:58:59 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/25/2016 10:30:05 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/25/2016 10:17:29 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/25/2016 10:06:09 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/25/2016 08:29:33 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/25/2016 07:30:05 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
Error: (03/25/2016 05:29:33 PM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
 
 
System errors:
=============
Error: (03/26/2016 10:28:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error: 
%%1275
 
Error: (03/26/2016 10:27:18 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/26/2016 10:26:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LeapFrog Connect Device Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/26/2016 10:26:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-10-23 16:06:30.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 16:04:37.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 16:02:19.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:59:33.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:57.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:13.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-23 15:58:11.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 26%
Total physical RAM: 3682.26 MB
Available physical RAM: 2706.63 MB
Total Virtual: 4322.26 MB
Available Virtual: 3270.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:273.59 GB) (Free:208.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#15
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi Lorenzo Baltazar Perez,
 
Glad to hear that your machine is running better than before. Just have to take care of a couple more things.
First, let's try to see if we can Windows Defender back.


zrguS2W.pngTweaking Registry Backup
  • Please download Tweaking.com Registry Backup, choose mBVfJrI.pngand save the file to your desktop.
  • Right-click on zrguS2W.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Install the tool by following the prompt.
  • Once installed, double-click on the Tweaking.com Registry Backup icon.
  • The tool should automatically open to the Backup Registry tab. If not, click the Backup Registry tab.
  • Press Backup Now.
  • Once complete, the tool will tell you that Successful */* Files Backed Up.
  • You have now successfully backed up your Registry.
Registry Fix

Please download the following file and save them to your Desktop:

WinDefend.reg

Once downloaded, double-click on the WinDefend.reg file on your Desktop.
A prompt appears asking if you want to merge the information contained in the file into the Registry
Click Yes to confirm to merge to your Registry

NOTE: This fix has been designed specifically for this user - If you are not this user please do not use this file.
 
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.



Start
CreateRestorePoint:
CloseProcesses:

C:\ProgramData\Start Menu\Programs\pepperzip

Emptytemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


JHlUMFt.png Re-scan with Malwarebytes Anti-Malware
  • Launch Malwarebytes from your Desktop
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
 
In your next reply, please include the following:
  • Please try to see if you are able to locate Windows Defender Service now. And enable it if you can locate it.
  • FRST fixlog
  • Malwarebytes log
  • ESET log
  • Any other issue you're facing now

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP