Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FRST Logs - Please help... [Solved]


  • This topic is locked This topic is locked

#1
RegularDude

RegularDude

    Member

  • Member
  • PipPip
  • 15 posts

I have a system that seems to be running alright, but I know the EU may have gotten roped into one of those "remote support" scams. He called some number and needed a "Cisco level 11 anti-hacking specialist" to remote in, but he's not sure if he ever let the guy in. So I ran a FRST check just to be safe. May I have some help looking at them? I've attached the FRST and Addition logs.

EDIT: By the way, I've already undone the immunization and uninstalled Spybot S&D.

 

======================================

======================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-04-2016
Ran by Administrator (administrator) on WINDOWS-J3FVPIM (26-04-2016 12:38:21)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(© 2015 Microsoft Corporation) C:\Users\Administrator\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_system_customer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_customer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_host_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_medium_customer.exe
(Farbar) C:\Users\Administrator\Desktop\frst.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [3106936 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [BingSvc] => C:\Users\Administrator\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-04] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-04-25] (Lavasoft)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2016-04-26]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9A41BE4A-9FAC-4030-9C3D-D5EA360F81B9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> DefaultScope {9514D0B2-F57E-41D0-B422-751E5B2136C5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> {6EA2C39B-F705-4703-B5E6-05B81E5DFAFB} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> {9514D0B2-F57E-41D0-B422-751E5B2136C5} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3102950768-1916709398-1516765199-500 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Bing®
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing®
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2GDF&PC=SK2G&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @citrixonline.com/appdetectorplugin -> C:\Users\Administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-04-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-4bc75dd7e05f4feb\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-4bc75dd7e05f4feb\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3102950768-1916709398-1516765199-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\searchplugins\bing-lavasoft.xml [2016-04-25]
FF Extension: Bing Search - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\Extensions\[email protected] [2016-02-04]
FF Extension: Generous Deal - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\Extensions\{81d89d30-981c-4cc9-8717-ec03edd19746}.xpi [2016-04-25] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-02-18]
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Call of Duty Black Ops 3) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkjbkgacgmdjnihnkpnkhadjfpjcaleg [2016-03-19]
CHR HKU\S-1-5-21-3102950768-1916709398-1516765199-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe [610528 2016-04-26] (Citrix Systems, Inc.)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-25] (Lavasoft Limited)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [907384 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\ADMINI~1\AppData\Local\Temp\7zS31D1\hpslpsvc64.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2015-12-10] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-02-01] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-02-01] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-01] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-05-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [368720 2016-02-01] (360.cn)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-12-05] (AVG Technologies)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2015-12-10] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-26 12:38 - 2016-04-26 12:39 - 00018987 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-04-26 12:36 - 2016-04-26 12:38 - 00000000 ____D C:\FRST
2016-04-26 12:35 - 2016-04-26 11:21 - 02376192 _____ (Farbar) C:\Users\Administrator\Desktop\frst.exe
2016-04-26 12:31 - 2016-04-26 12:31 - 00001584 _____ C:\Users\Administrator\Desktop\GoToAssist Customer.lnk
2016-04-26 12:31 - 2016-04-26 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2016-04-26 12:31 - 2016-04-26 12:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix
2016-04-26 12:31 - 2016-04-26 12:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-25 12:45 - 2016-04-25 12:45 - 00269128 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-25 10:44 - 2016-04-25 10:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-25 10:44 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-25 10:37 - 2016-04-25 12:52 - 00001399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-25 10:37 - 2016-04-25 12:52 - 00001387 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-25 10:37 - 2016-04-25 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-25 10:37 - 2016-04-25 10:37 - 00058816 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-25 10:37 - 2016-04-25 10:37 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-04-25 10:36 - 2016-04-25 12:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-25 10:36 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\windows\system32\sdnclean64.exe
2016-04-25 10:35 - 2016-04-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-25 10:34 - 2016-04-25 10:34 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-04-19 13:22 - 2016-04-26 12:22 - 00001126 _____ C:\Users\Administrator\Desktop\nativelog.txt
2016-04-19 13:22 - 2016-04-19 13:23 - 00000000 ____D C:\Users\Administrator\Desktop\game
2016-04-19 13:22 - 2016-04-19 13:22 - 00000000 ____D C:\Users\Administrator\Desktop\runtime
2016-04-19 12:30 - 2016-04-25 10:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-04-19 11:36 - 2016-04-19 12:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Rescue Applet
2016-04-18 21:42 - 2016-04-18 21:42 - 01247112 _____ (Mojang) C:\Users\Administrator\Desktop\Minecraft (10).exe
2016-04-18 21:42 - 2016-04-18 21:42 - 00000000 ____D C:\Users\Administrator\Downloads\tools
2016-04-18 18:25 - 2016-04-18 18:26 - 02314240 _____ C:\Users\Administrator\Downloads\MinecraftInstaller.msi
2016-04-15 03:09 - 2016-03-31 14:25 - 00394952 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-15 03:09 - 2016-03-31 13:41 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-15 03:09 - 2016-03-30 19:54 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-15 03:09 - 2016-03-30 19:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-04-15 03:09 - 2016-03-30 19:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-04-15 03:09 - 2016-03-30 19:31 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-15 03:09 - 2016-03-30 19:28 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-15 03:09 - 2016-03-30 19:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-04-15 03:09 - 2016-03-30 19:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-04-15 03:09 - 2016-03-30 19:27 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-04-15 03:09 - 2016-03-30 19:27 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-04-15 03:09 - 2016-03-30 19:25 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-15 03:09 - 2016-03-30 19:22 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-04-15 03:09 - 2016-03-30 19:21 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-04-15 03:09 - 2016-03-30 19:19 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-04-15 03:09 - 2016-03-30 19:17 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-15 03:09 - 2016-03-30 19:17 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-04-15 03:09 - 2016-03-30 19:17 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-04-15 03:09 - 2016-03-30 19:17 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-04-15 03:09 - 2016-03-30 19:11 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-04-15 03:09 - 2016-03-30 19:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-04-15 03:09 - 2016-03-30 19:03 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-15 03:09 - 2016-03-30 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-04-15 03:09 - 2016-03-30 19:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 03:09 - 2016-03-30 18:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-04-15 03:09 - 2016-03-30 18:57 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-04-15 03:09 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-15 03:09 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-15 03:09 - 2016-03-30 18:53 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-15 03:09 - 2016-03-30 18:53 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-04-15 03:09 - 2016-03-30 18:52 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-04-15 03:09 - 2016-03-30 18:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-04-15 03:09 - 2016-03-30 18:52 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-04-15 03:09 - 2016-03-30 18:52 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-04-15 03:09 - 2016-03-30 18:51 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-15 03:09 - 2016-03-30 18:48 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-04-15 03:09 - 2016-03-30 18:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-04-15 03:09 - 2016-03-30 18:46 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-15 03:09 - 2016-03-30 18:45 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-04-15 03:09 - 2016-03-30 18:43 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-15 03:09 - 2016-03-30 18:43 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-15 03:09 - 2016-03-30 18:42 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-15 03:09 - 2016-03-30 18:42 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-04-15 03:09 - 2016-03-30 18:39 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-15 03:09 - 2016-03-30 18:38 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-04-15 03:09 - 2016-03-30 18:34 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-15 03:09 - 2016-03-30 18:33 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-04-15 03:09 - 2016-03-30 18:31 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-04-15 03:09 - 2016-03-30 18:31 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-04-15 03:09 - 2016-03-30 18:30 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-15 03:09 - 2016-03-30 18:30 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-15 03:09 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-15 03:09 - 2016-03-30 18:29 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-04-15 03:09 - 2016-03-30 18:24 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-15 03:09 - 2016-03-30 18:23 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-15 03:09 - 2016-03-30 18:23 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-15 03:09 - 2016-03-30 18:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-04-15 03:09 - 2016-03-30 18:21 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-15 03:09 - 2016-03-30 18:18 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-15 03:09 - 2016-03-30 18:06 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-15 03:09 - 2016-03-30 18:05 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-15 03:09 - 2016-03-30 18:02 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-15 03:09 - 2016-03-30 18:00 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 10:06 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-13 10:06 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-13 10:06 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-13 10:06 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-13 10:06 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-04-13 10:06 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-13 10:06 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-13 10:06 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-04-13 10:06 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-04-13 10:06 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-04-13 10:06 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 10:06 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-04-13 10:06 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-04-13 10:06 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-04-13 10:06 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-04-13 10:06 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-04-13 10:06 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-04-13 10:06 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-04-13 10:06 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-04-13 10:06 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-04-13 10:06 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-04-13 10:06 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-04-13 10:06 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-04-13 10:06 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-04-13 10:06 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-04-13 10:06 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-04-13 10:06 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-04-13 10:06 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-04-13 10:06 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-04-13 10:06 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-04-13 10:06 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-04-13 10:06 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-04-13 10:06 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-04-13 10:06 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 10:06 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 10:06 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 10:06 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-04-13 10:06 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-04-13 10:06 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-04-13 10:06 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-04-13 10:06 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-04-13 10:06 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-04-13 10:06 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 10:06 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 10:06 - 2016-03-16 13:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-13 10:06 - 2016-03-16 13:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-13 10:06 - 2016-03-16 13:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-13 10:06 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 10:06 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-04-13 10:06 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 10:06 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-04-13 10:05 - 2016-04-04 13:14 - 00038120 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 10:05 - 2016-04-04 13:02 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 10:05 - 2016-04-02 08:08 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 10:05 - 2016-03-23 09:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 10:05 - 2016-03-17 13:04 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 10:05 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 10:05 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 10:05 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 10:05 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-04-13 10:05 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-03-30 23:30 - 2016-03-30 23:30 - 00000000 ____D C:\Users\Public\Documents\AlawarWrapper
2016-03-30 23:30 - 2016-03-30 23:30 - 00000000 ____D C:\ProgramData\AlawarWrapper
2016-03-30 13:28 - 2016-03-30 13:28 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-30 13:28 - 2016-03-30 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-30 13:27 - 2016-03-30 13:28 - 00000000 ____D C:\Program Files\iTunes
2016-03-30 13:27 - 2016-03-30 13:27 - 00000000 ____D C:\Program Files\iPod
2016-03-30 13:27 - 2016-03-30 13:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-30 13:26 - 2016-03-30 13:26 - 00000000 ____D C:\windows\System32\Tasks\Apple
2016-03-30 13:26 - 2016-03-30 13:26 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-30 13:25 - 2016-03-30 13:25 - 00000000 ____D C:\Program Files\Bonjour
2016-03-30 13:25 - 2016-03-30 13:25 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-30 13:23 - 2016-03-30 13:23 - 169713992 _____ (Apple Inc.) C:\Users\Administrator\Downloads\iTunes6464Setup (1).exe
2016-03-29 19:24 - 2016-03-29 19:24 - 00006774 _____ C:\Users\Administrator\Documents\cc_20160329_192410.reg
2016-03-29 13:25 - 2016-04-25 11:29 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-29 13:24 - 2016-03-29 13:24 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-29 13:24 - 2016-03-29 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-29 13:24 - 2016-03-29 13:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-29 13:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-03-29 13:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-03-29 13:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-03-29 13:20 - 2016-03-29 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-29 13:20 - 2016-03-29 13:20 - 00000000 ____D C:\Program Files\7-Zip
2016-03-29 13:19 - 2016-03-29 13:20 - 00057356 _____ C:\Users\Administrator\Documents\cc_20160329_131942.reg
2016-03-29 13:18 - 2016-03-29 13:18 - 00002820 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-03-29 13:18 - 2016-03-29 13:18 - 00000983 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-29 13:18 - 2016-03-29 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-29 13:13 - 2016-03-29 13:13 - 06868672 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup516.exe
2016-03-29 13:12 - 2016-03-29 13:12 - 01371668 _____ (Igor Pavlov) C:\Users\Administrator\Downloads\7z1514-x64.exe
2016-03-29 13:11 - 2016-03-29 13:11 - 22851472 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-29 12:58 - 2016-03-29 13:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-29 12:58 - 2016-03-29 12:58 - 00002055 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-29 12:58 - 2016-03-29 12:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-29 11:42 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-03-29 11:42 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-03-29 11:42 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-03-29 11:42 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-03-29 11:42 - 2016-02-01 14:08 - 00114624 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-03-29 11:42 - 2016-02-01 13:59 - 03243008 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-03-29 11:42 - 2016-02-01 13:59 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-03-29 11:42 - 2016-02-01 13:59 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-03-29 11:42 - 2016-02-01 13:56 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-03-29 11:42 - 2016-02-01 13:56 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-03-29 11:42 - 2016-02-01 13:49 - 02364928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-03-29 11:42 - 2016-02-01 13:49 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-03-29 11:42 - 2016-02-01 13:49 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-03-29 11:42 - 2016-02-01 13:45 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-03-29 11:42 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-03-29 11:42 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-03-29 11:42 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-03-29 11:42 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-03-29 11:39 - 2015-12-16 13:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-03-29 11:39 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-03-29 11:39 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-03-29 11:39 - 2015-12-16 13:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-03-29 11:39 - 2015-12-16 13:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-03-29 11:39 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-03-29 11:39 - 2015-12-16 13:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-03-29 11:39 - 2015-12-16 13:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-03-29 11:33 - 2016-03-29 11:33 - 00000000 ____D C:\c568631cd916dba732f5f71a1b1b
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-26 12:34 - 2015-12-22 20:05 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\360WD
2016-04-26 12:34 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-26 12:19 - 2015-08-29 12:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\.minecraft
2016-04-25 18:09 - 2016-01-09 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-25 13:43 - 2014-11-19 13:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-04-25 12:54 - 2009-07-13 23:45 - 00023040 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 12:54 - 2009-07-13 23:45 - 00023040 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 12:53 - 2009-07-14 00:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-25 12:53 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-04-25 12:52 - 2014-11-16 00:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-25 12:49 - 2015-12-22 19:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-04-25 11:26 - 2016-01-31 13:26 - 00000000 __SHD C:\$360Section
2016-04-25 11:26 - 2015-12-22 20:06 - 00000000 ____D C:\ProgramData\360Quarant
2016-04-25 10:35 - 2015-12-21 00:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Lavasoft
2016-04-25 10:34 - 2015-12-21 00:07 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2016-04-25 10:34 - 2015-12-21 00:07 - 00345360 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2016-04-25 10:33 - 2015-12-21 00:06 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-25 10:14 - 2015-12-22 20:29 - 00000000 ____D C:\ProgramData\ProductData
2016-04-25 10:13 - 2014-11-15 23:14 - 00000000 ____D C:\Users\Administrator
2016-04-25 10:12 - 2014-11-16 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-25 10:12 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2016-04-21 20:30 - 2014-05-05 22:01 - 00453288 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-20 11:58 - 2015-12-22 20:05 - 00000000 _RSHD C:\360SANDBOX
2016-04-20 11:50 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2016-04-19 13:06 - 2015-01-21 22:09 - 00001138 _____ C:\Users\Administrator\Downloads\nativelog.txt
2016-04-19 12:20 - 2015-12-22 20:06 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\360safe
2016-04-18 21:42 - 2015-01-21 22:09 - 00000000 ____D C:\Users\Administrator\Downloads\game
2016-04-16 03:55 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2016-04-14 03:26 - 2014-12-10 04:21 - 00000000 ____D C:\windows\system32\appraiser
2016-04-14 03:07 - 2014-05-06 00:55 - 00000000 ____D C:\windows\system32\MRT
2016-04-14 03:02 - 2014-05-06 00:55 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-11 16:29 - 2014-11-16 00:12 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 16:29 - 2014-11-16 00:12 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 16:27 - 2014-12-06 19:40 - 00000000 ____D C:\windows\Minidump
2016-04-11 15:15 - 2015-12-29 13:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-08 07:57 - 2016-02-04 18:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2016-04-08 07:54 - 2014-11-16 00:09 - 00000000 ___RD C:\Users\Public\Desktop\Antivirus & Antispyware Tools
2016-03-30 22:31 - 2015-03-13 01:19 - 00002012 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-03-30 13:27 - 2015-01-10 21:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-30 13:26 - 2015-04-16 16:00 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-29 15:47 - 2015-05-28 05:24 - 00007587 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-03-29 13:18 - 2014-11-16 00:11 - 00000000 ____D C:\Program Files\CCleaner
2016-03-29 13:05 - 2015-05-11 14:15 - 00003888 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-29 13:01 - 2015-02-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2016-03-29 12:58 - 2014-11-16 00:21 - 00000000 ____D C:\ProgramData\Adobe
2016-03-29 12:54 - 2015-12-22 20:29 - 00000000 ____D C:\Users\Administrator\IObit Uninstaller
2016-03-29 12:44 - 2014-11-16 00:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-03-29 12:41 - 2014-11-16 00:22 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-29 12:40 - 2014-11-16 00:11 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-03-29 12:39 - 2014-12-01 17:53 - 00000000 ____D C:\Program Files\paint.net
2016-03-27 10:22 - 2009-07-13 21:34 - 00000430 _____ C:\windows\win.ini
 
==================== Files in the root of some directories =======
 
2015-11-21 05:22 - 2015-11-21 05:22 - 0005120 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-28 05:24 - 2016-03-29 15:47 - 0007587 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-12-21 00:11 - 2015-12-22 16:54 - 0023099 _____ () C:\Users\Administrator\AppData\Local\ZedgeLog.txt
2015-07-02 15:43 - 2015-07-24 10:25 - 0000906 _____ () C:\Users\Administrator\AppData\Local\_settings.ini
2015-02-26 14:01 - 2015-02-26 14:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-02 09:20 - 2015-06-03 09:20 - 0000032 ____R () C:\ProgramData\hash.dat
2015-02-19 17:48 - 2015-02-19 17:48 - 0045595 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-19 17:48 - 2015-02-19 17:48 - 0000288 _____ () C:\ProgramData\HELP_DECRYPT.URL
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-25 13:35
 
==================== End of FRST.txt ============================
 
 
========================================
========================================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Administrator (2016-04-26 12:40:37)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-16 04:14:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3102950768-1916709398-1516765199-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3102950768-1916709398-1516765199-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3102950768-1916709398-1516765199-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.2.0.1098 - 360 Security Center)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
FUJIFILM MyFinePix Studio 4.1 (HKLM-x32\...\MyFinePix Studio_is1) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\{DFE68F5B-7344-3954-A9E5-449AF9278FB4}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.6.0.948 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.6.0.948 - Citrix Online)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Mahjongg Mania (HKLM-x32\...\Mahjongg Mania) (Version: 1.00.10.07.16 - Selectsoft Publishing)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Unity Web Player (HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Web Companion (HKLM-x32\...\{8fa53e11-6632-4c55-9412-cf39a6725ecd}) (Version: 2.3.1411.2698 - Lavasoft)
World of Mahjongg 1,000,000 (HKLM-x32\...\World of Mahjongg 1,000,000) (Version: 1.00.08.27.08 - Selectsoft Publishing)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yin-Yang Mahjongg (HKLM-x32\...\Yin-Yang Mahjongg) (Version: 1.00.10.07.16 - Selectsoft Publishing)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {035B4CEF-BCA9-428E-A053-48592571D3A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {09F7152F-6208-4E2B-BB9B-8887B3265B8C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {0E5B532F-5CD4-4E25-AA0A-D325188E6187} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {19FEED1D-3356-4E54-8CC9-09F2D5E5C8FD} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2879B316-4DFA-49F7-BE89-01D748FCC100} - System32\Tasks\{52E18FAE-E51E-4A3C-930C-C8DC361A3241} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.0.60.102/en/abandoninstall?page=tsMain
Task: {4B6832EA-133E-44BD-AE3C-F2E89701DAD2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {5A877178-88BF-4076-9DCA-CCC41101B6F0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {8AC64203-FE8B-40C7-8B26-8DE0BBD36B64} - System32\Tasks\googleupdatetaskmachinecore1d12d0d5d746dca => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8DF6658D-3AAD-47BB-B63B-4F57539721E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {9B7277FF-A519-41B8-A0E8-DA613899CF26} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-21] (Adobe Systems Incorporated)
Task: {9E6B2026-56A6-4629-84FF-62EA57B6CC9C} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&lang=en
Task: {D7D3EA13-C792-444C-A015-5E1918204A24} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FE208205-364F-476C-BBCB-1C63E20EEBDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window hxxp:/toolbar.avg.com/
Task: C:\windows\Tasks\XboxStatTask.job => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-22 20:05 - 2016-02-01 01:20 - 00614480 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-04-25 10:34 - 2016-04-25 10:34 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2015-12-22 20:05 - 2016-02-01 01:20 - 00088184 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00295696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-04-25 10:34 - 2016-04-25 10:34 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-04-25 10:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-25 10:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-25 10:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-25 10:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\.DEFAULT\...\dlappzonenorth.com -> www.dlappzonenorth.com
IE trusted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\dlappzonenorth.com -> www.dlappzonenorth.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-04-26 12:41 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{8D2E535F-F986-49BC-8446-486F00BDE4D2}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{82ADF36D-2BA8-4881-809C-536D875A290D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{7C9CCFA7-71B6-454B-8879-7A960A04AAAE}C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C28D2056-6EBB-4086-B768-37EF2D4B3D06}C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C1F016DB-E35C-4AF2-BAAC-F05815FED1CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7067DB5E-C03A-492F-9E2B-3B222510D3DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11B35B7E-5518-4E02-9BAB-3582256949B0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{263C9298-8BD4-443F-8FD9-BF7AB3E95813}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6287D70C-A0B1-4696-A107-7CC347042963}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5852F8CF-5BE2-4A2B-9F40-A7D1C3C23FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4B8BCE6F-A447-4773-9D19-67A61DE950F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8D7EE0E3-BB89-4A06-819D-3F267996CC4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FA3CDD0B-600C-48D9-8F98-D481539E9705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9A0E9F30-803A-4AD3-9D1F-69317BD31D8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3255B84B-A812-45DE-9EFA-37DEC4E55D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{81939920-53C6-432B-978E-508981DBE035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{02D162BA-2C15-4D67-9DF8-99B2AA40F8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{29676E4C-C437-4B99-AF57-E20C7F7FD9BD}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{A2A50D2B-EAA4-46D6-868E-0FC795E2B6B6}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{27809215-36D3-4BDE-9430-3FE5DD3F9BBA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E3D8832-D476-4E4A-85FE-31318C859E80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{681D4F37-C8A6-4BBE-98AA-D3A1F5C5F16E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4BAE5BC8-64E5-4B60-9C88-3A0FEBDC2E0C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5E63735F-6CBF-41EE-8598-31E2841755C1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8C990317-C395-48DB-B295-E2758DB973CC}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS61F1\HPDiagnosticCoreUI.exe
FirewallRules: [{24F57D6F-501C-4B81-85C4-2EFB6631AA1D}] => (Allow) C:\Users\Administrator\AppData\Local\Temp\7zS61F1\HPDiagnosticCoreUI.exe
FirewallRules: [{0E05FACC-276D-44CA-99B7-E5D5435D39B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7415F8F8-16B9-4E05-8EA5-2679C0BC0EE5}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{1F67CBCD-9CB1-4349-B90F-3C8780BEB0BB}C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [TCP Query User{744FEAC2-68DD-40D0-87E3-44829291FD30}C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{50472F2F-68E5-4009-9804-1FADF6F86BE9}C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\administrator\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{45B809B9-1287-4D6D-B392-FD95B0C43877}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{10383D8A-9CFD-4A30-AE6B-B5E63887F616}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
30-03-2016 13:26:22 Installed iTunes
02-04-2016 08:59:42 Windows Update
06-04-2016 08:59:23 Windows Update
09-04-2016 19:08:29 Windows Update
14-04-2016 03:00:15 Windows Update
15-04-2016 03:00:13 Windows Update
16-04-2016 03:00:11 Windows Update
19-04-2016 08:53:02 Windows Update
22-04-2016 12:10:55 Windows Update
25-04-2016 10:01:21 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2016 12:49:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Itibiti.exe, version: 2.0.1747.0, time stamp: 0x51d46fa5
Faulting module name: Flash32_20_0_0_228.ocx, version: 20.0.0.228, time stamp: 0x565123f2
Exception code: 0xc0000005
Fault offset: 0x006d042a
Faulting process id: 0xcf4
Faulting application start time: 0xItibiti.exe0
Faulting application path: Itibiti.exe1
Faulting module path: Itibiti.exe2
Report Id: Itibiti.exe3
 
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/25/2016 12:46:29 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (04/25/2016 12:46:28 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (04/26/2016 12:36:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (04/26/2016 12:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 12:30:38 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 12:30:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/26/2016 07:34:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 07:34:55 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 07:34:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 07:34:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 07:34:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (04/26/2016 07:34:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 65%
Total physical RAM: 3036.98 MB
Available physical RAM: 1048.33 MB
Total Virtual: 6072.16 MB
Available Virtual: 3978.6 MB
 
==================== Drives ================================
 
Drive c: (Ayy Lmao) (Fixed) (Total:465.27 GB) (Free:324.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1EC6595)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by RegularDude, 26 April 2016 - 12:00 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would recommend that you uninstall this programme unless you want to keep it :

Citrix Online Launcher

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-04-25] (Lavasoft)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\searchplugins\bing-lavasoft.xml [2016-04-25]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-25] (Lavasoft Limited)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-25] ()
2016-04-25 10:35 - 2016-04-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-25 10:34 - 2016-04-25 10:34 - 00000000 ____D C:\Program Files (x86)\Lavasoft
Task: {9E6B2026-56A6-4629-84FF-62EA57B6CC9C} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window hxxp:/toolbar.avg.com/
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\webcompanion.com -> hxxp://webcompanion.com
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.txt"
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
RegularDude

RegularDude

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thank you, GeekU

 

==============================

==============================

Fix result of Farbar Recovery Scan Tool (x64) Version:25-04-2016
Ran by Administrator (2016-04-26 15:23:59) Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1477392 2016-04-25] (Lavasoft)
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\windows\system32\LavasoftTcpService64.dll [425744 2016-04-25] (Lavasoft Limited)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\searchplugins\bing-lavasoft.xml [2016-04-25]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-04-25] (Lavasoft Limited)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-04-25] ()
2016-04-25 10:35 - 2016-04-25 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-25 10:34 - 2016-04-25 10:34 - 00000000 ____D C:\Program Files (x86)\Lavasoft
Task: {9E6B2026-56A6-4629-84FF-62EA57B6CC9C} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: C:\windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window hxxp:/toolbar.avg.com/
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3102950768-1916709398-1516765199-500\...\webcompanion.com -> hxxp://webcompanion.com
CMD: del /F /Q /S "C:\HELP_DECRYPT.HTML"
CMD: del /F /Q /S "C:\HELP_DECRYPT.PNG"
CMD: del /F /Q /S "C:\HELP_DECRYPT.URL"
CMD: del /F /Q /S "C:\HELP_DECRYPT.txt"
C:\Program Files (x86)\Lavasoft
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value not found.
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value not found.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame => key not found. 
"C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\searchplugins\bing-lavasoft.xml" => not found.
LavasoftTcpService => service not found.
WCAssistantService => service not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft" => not found.
"C:\Program Files (x86)\Lavasoft" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E6B2026-56A6-4629-84FF-62EA57B6CC9C} => key not found. 
C:\windows\System32\Tasks\Open Chrome => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome => key not found. 
C:\windows\Tasks\Open Chrome.job => not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key not found. 
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => key not found. 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.HTML" =========
 
Could Not Find C:\HELP_DECRYPT.HTML
 
========= End of CMD: =========
 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.PNG" =========
 
Could Not Find C:\HELP_DECRYPT.PNG
 
========= End of CMD: =========
 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.URL" =========
 
Could Not Find C:\HELP_DECRYPT.URL
 
========= End of CMD: =========
 
 
=========  del /F /Q /S "C:\HELP_DECRYPT.txt" =========
 
Could Not Find C:\HELP_DECRYPT.txt
 
========= End of CMD: =========
 
"C:\Program Files (x86)\Lavasoft" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3102950768-1916709398-1516765199-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::44b8:72fc:1521:c1ce%11
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.{9A41BE4A-9FAC-4030-9C3D-D5EA360F81B9}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8c02:245f:12b0:3f57:fef5
   Link-local IPv6 Address . . . . . : fe80::245f:12b0:3f57:fef5%14
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::44b8:72fc:1521:c1ce%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5cf2:8c02:245f:12b0:3f57:fef5
   Link-local IPv6 Address . . . . . : fe80::245f:12b0:3f57:fef5%14
   Default Gateway . . . . . . . . . : ::
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {84E8D773-9797-4FEE-B45F-2C9A1EB31718}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 15:26:43 ====
 
=============================
=============================
# AdwCleaner v5.113 - Logfile created 26/04/2016 at 15:31:45
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Administrator - WINDOWS-J3FVPIM
# Running from : C:\Users\Administrator\Desktop\Adwc.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\lavasoft\web companion
[#] Folder Deleted : C:\ProgramData\Application Data\lavasoft\web companion
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\lavasoft\web companion
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\windows\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\windows\SysWOW64\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\windows\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\windows\SysNative\LavasoftTcpServiceOff.ini
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dogpile.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zw4dlek6.default\prefs.js] Deleted : user_pref("browser.newtabpage.url", "hxxp://www.bing.com/?pc=COSP&ptag=D042516-A9E3DEF10F02D400289F&form=CONMHP&conlogo=CT3332025");
 
*************************
 
:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4899 bytes] - [26/04/2016 15:31:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [4649 bytes] - [26/04/2016 15:29:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5045 bytes] ##########
 

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are there any apparent problems now ?
  • 0

#5
RegularDude

RegularDude

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Are there any apparent problems now ?

Nope! Looks and feels great!


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#7
RegularDude

RegularDude

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Done!

Thank you for your help!! 

JavaRa...I haven't heard of that one. Hmm. I'm looking it up, and I guess it wouldn't be useful on a system that depends on a legacy Java build? Some banking systems have a Java tie-in that has to be running an old version. You update Java, it breaks. Them's the rules sometimes. :/


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
IN that case maybe just activate it when you need it :)
  • 0

#9
RegularDude

RegularDude

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

IN that case maybe just activate it when you need it :)

Good call! Thanks!


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP