Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is infected (I guess, if I knew exactly what was wrong I coul


  • This topic is locked This topic is locked

#1
hammerman25

hammerman25

    Member

  • Member
  • PipPip
  • 66 posts

A couple of weeks a go I let my friend use my computer (I bet you hear that one all the time) anyway, when I came back to check on him he using Explorer (I use Chrome) and was on a site called FUBAR. Social site or dating site or something along those lines. After he left I saw that he had 'incognito' mode on. I don't know where else he went. So, for a while after that everything seemed OK and I shut it down to go to work, but when I came back Screen 2 (the one I use) wouldn't work. (it was on but no picture) I couldn't get my PC to identify it. I finally figured that out and have screen 2 working now but my computer is very slow. I have to refresh the web pages 2 or 3 times just to get them to load. I also have a new search window that I can't figure out how to remove. That is about it. Thank you in advance for your time and help.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016

Ran by e (administrator) on STATESECMONITOR (12-05-2016 12:50:45)
Running from C:\Users\e\Downloads
Loaded Profiles: e (Available Profiles: e)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\e\Downloads\FRST64 (2).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Nike+ Connect] => "C:\Users\e\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe [985312 2016-04-07] ()
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6A1D41FA-DC74-4930-BACA-22F167ADDC1F}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10176__160503__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {6563BC40-1541-40F0-BEA7-0D4671A951E7} URL = 
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10176__160503__yaie&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://yahoo.com/
FF NewTab: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\e\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-01-11] (Zoom Video Communications, Inc.)
FF SearchPlugin: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\searchplugins\bing-lavasoft.xml [2016-05-03]
FF Extension: Avira Browser Safety - C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\[email protected] [2015-08-05] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\e\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Track My Package) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnjfmapefliaemndnellojlcpobojplh [2016-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-22]
CHR Extension: (Gmail) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [451936 2011-11-22] (Ralink Technology, Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [305376 2016-04-07] (Startup Service)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 12:50 - 2016-05-12 12:50 - 00001169 _____ C:\Users\e\Desktop\FRST64 (1).exe - Shortcut.lnk
2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64.exe
2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64 (2).exe
2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64 (1).exe
2016-05-12 12:43 - 2016-05-12 12:43 - 02381312 _____ (Farbar) C:\Users\e\Downloads\FRST64 (2).exe
2016-05-12 12:37 - 2016-05-12 12:38 - 02381312 _____ (Farbar) C:\Users\e\Downloads\FRST64 (1).exe
2016-05-10 07:01 - 2016-05-10 07:01 - 00000000 ___RD C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-05-03 19:34 - 2016-05-03 18:44 - 00450103 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup
2016-05-03 18:48 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-03 18:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-05-03 18:44 - 2016-01-16 07:52 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup
2016-05-03 18:36 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00004064 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task
2016-05-03 18:36 - 2016-05-03 18:36 - 00003294 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task
2016-05-03 18:36 - 2016-05-03 18:36 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-03 18:36 - 2016-05-03 18:36 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-05-03 18:36 - 2016-05-03 18:36 - 00001028 _____ C:\Users\Public\Desktop\WebDiscover Browser.lnk
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Users\e\AppData\Local\Chromium
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2016-05-03 18:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-05-03 18:34 - 2016-05-03 18:34 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-03 18:31 - 2016-05-03 18:32 - 00215168 _____ C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe
2016-05-02 23:37 - 2016-05-02 23:37 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iTunes
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iPod
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files\Bonjour
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-02 23:08 - 2016-05-02 23:19 - 169713992 _____ (Apple Inc.) C:\Users\e\Downloads\iTunes6464Setup.exe
2016-05-02 01:31 - 2016-05-02 01:31 - 32168632 _____ C:\Users\e\Downloads\kolik_x264_001.avi
2016-05-02 01:07 - 2016-05-02 01:07 - 02232432 _____ C:\Users\e\Downloads\MVI_0178.AVI
2016-04-29 14:35 - 2016-04-29 14:35 - 00121093 _____ C:\Users\e\Downloads\1018466651-20120511-133914-.pdf
2016-04-29 12:16 - 2016-04-29 12:16 - 01331443 _____ C:\Users\e\Downloads\1032686392-20160321-161616-.pdf
2016-04-29 12:14 - 2016-04-29 12:14 - 00067362 _____ C:\Users\e\Downloads\1033029940-20160420-122818-.pdf
2016-04-27 02:39 - 2016-04-27 02:39 - 00000000 ___DC C:\Users\e\AppData\Local\MigWiz
2016-04-25 19:56 - 2016-04-25 19:56 - 00000000 ____D C:\Users\e\AppData\Local\Apple Inc
2016-04-25 19:52 - 2016-04-25 19:52 - 00000000 ____D C:\Users\e\Downloads\iphone
2016-04-25 12:28 - 2016-04-25 12:28 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-25 12:26 - 2016-04-25 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-04-24 22:55 - 2016-04-24 22:55 - 00000000 _____ C:\Recovery.txt
2016-04-23 17:19 - 2016-04-23 18:37 - 00000000 ____D C:\Program Files\Reimage
2016-04-23 17:17 - 2016-04-23 17:17 - 00768248 _____ (Reimage®) C:\Users\e\Downloads\ReimageRepair.exe
2016-04-23 14:29 - 2016-04-23 14:29 - 00377409 _____ C:\Users\e\Downloads\EandT.htm
2016-04-22 22:01 - 2016-05-03 15:37 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-22 22:01 - 2016-05-03 15:37 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-22 21:47 - 2016-05-12 12:49 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-22 21:47 - 2016-05-12 05:49 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 21:47 - 2016-05-11 05:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-22 21:47 - 2016-05-11 05:44 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-22 21:43 - 2016-05-12 12:51 - 00031023 _____ C:\Users\e\Downloads\FRST.txt
2016-04-14 00:54 - 2016-03-21 21:04 - 35077421 _____ C:\Users\e\Downloads\Loaf Pinchers at Tin Dog Saloon 3-21-2016.m4a
2016-04-13 11:33 - 2016-04-13 11:33 - 03890755 _____ C:\Users\e\Downloads\IMG_4049 (1).MOV
2016-04-13 11:32 - 2016-04-13 11:33 - 03890755 _____ C:\Users\e\Downloads\IMG_4049.MOV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 12:50 - 2016-02-06 17:14 - 00000000 ____D C:\FRST
2016-05-12 12:50 - 2015-03-04 07:41 - 00139776 ___SH C:\Users\e\Desktop\Thumbs.db
2016-05-12 12:49 - 2015-02-23 19:11 - 19935744 ___SH C:\Users\e\Downloads\Thumbs.db
2016-05-12 12:34 - 2015-11-07 16:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-12 07:23 - 2015-02-23 18:26 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52D1E520-8463-4173-977F-6BA65D81C2E3}
2016-05-10 08:07 - 2013-02-17 23:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957965229-2164351736-1395244876-1001
2016-05-10 07:06 - 2012-11-18 19:33 - 00000000 ____D C:\ProgramData\WinClon
2016-05-10 07:04 - 2014-11-21 03:44 - 00005384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-10 06:58 - 2015-02-22 21:49 - 00000000 ____D C:\Users\e
2016-05-10 06:58 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-10 06:57 - 2013-06-24 01:14 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-05-07 11:49 - 2013-11-20 08:54 - 00000000 ____D C:\Users\e\Downloads\Nudes
2016-05-04 12:44 - 2013-02-19 03:04 - 00007604 _____ C:\Users\e\AppData\Local\resmon.resmoncfg
2016-05-03 19:31 - 2013-03-09 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-03 15:32 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-03 14:52 - 2015-08-04 06:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-03 14:51 - 2015-08-04 06:46 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-03 14:51 - 2015-08-04 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-03 14:51 - 2015-08-04 06:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-02 23:37 - 2013-03-04 03:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-02 23:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-02 23:33 - 2013-03-04 03:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-29 02:05 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-29 01:13 - 2015-02-22 21:42 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-28 20:53 - 2015-06-05 07:08 - 01271296 ___SH C:\Users\e\Documents\Thumbs.db
2016-04-28 20:37 - 2014-11-05 16:31 - 00000000 ____D C:\Users\e\Downloads\ideas
2016-04-27 14:52 - 2013-11-23 16:26 - 00000000 ____D C:\Users\e\Downloads\Paintings
2016-04-26 16:16 - 2013-12-14 09:36 - 00000000 ____D C:\Users\e\AppData\Local\Windows Live
2016-04-26 07:46 - 2016-03-03 14:58 - 00000000 ____D C:\Users\e\Downloads\phone
2016-04-26 00:39 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-25 23:18 - 2013-09-16 02:59 - 00000000 ____D C:\Users\e\Downloads\Mom and pop_files
2016-04-25 19:56 - 2013-03-04 03:38 - 00000000 ____D C:\Users\e\AppData\Roaming\Apple Computer
2016-04-23 19:00 - 2013-03-02 20:00 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-23 18:59 - 2015-08-18 16:40 - 00001253 _____ C:\Users\e\Desktop\JRT.txt
2016-04-23 17:27 - 2013-03-09 18:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-04-22 22:00 - 2013-03-06 17:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-22 21:47 - 2015-02-26 16:00 - 00000000 ____D C:\Users\e\AppData\Local\Deployment
2016-04-22 21:34 - 2015-11-07 16:39 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-22 20:58 - 2016-04-06 17:41 - 00001680 _____ C:\SSDXFlashLog.zip
2016-04-22 20:51 - 2016-03-15 09:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-04-22 20:51 - 2015-08-18 15:59 - 00000000 ____D C:\AdwCleaner
2016-04-22 20:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing
2016-04-22 20:49 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-22 20:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-04-22 20:30 - 2013-02-22 11:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
 
==================== Files in the root of some directories =======
 
2013-04-27 10:35 - 2015-01-25 18:39 - 0000542 _____ () C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-04-27 08:02 - 2013-04-27 08:02 - 0000026 _____ () C:\Users\e\AppData\Roaming\ClipGet-UpdatePerformed.txt
2015-02-08 01:53 - 2015-08-25 16:27 - 0005120 _____ () C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-19 03:04 - 2016-05-04 12:44 - 0007604 _____ () C:\Users\e\AppData\Local\resmon.resmoncfg
2014-08-01 08:02 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-18 19:38 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-10 08:08
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016
Ran by e (administrator) on STATESECMONITOR (12-05-2016 12:50:45)
Running from C:\Users\e\Downloads
Loaded Profiles: e (Available Profiles: e)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Farbar) C:\Users\e\Downloads\FRST64 (2).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Nike+ Connect] => "C:\Users\e\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe [985312 2016-04-07] ()
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6A1D41FA-DC74-4930-BACA-22F167ADDC1F}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10176__160503__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {6563BC40-1541-40F0-BEA7-0D4671A951E7} URL = 
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10176__160503__yaie&p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://yahoo.com/
FF NewTab: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\e\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-01-11] (Zoom Video Communications, Inc.)
FF SearchPlugin: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\searchplugins\bing-lavasoft.xml [2016-05-03]
FF Extension: Avira Browser Safety - C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\[email protected] [2015-08-05] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\e\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]
CHR Extension: (Google Docs) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]
CHR Extension: (Google Drive) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Track My Package) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnjfmapefliaemndnellojlcpobojplh [2016-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-22]
CHR Extension: (Gmail) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [451936 2011-11-22] (Ralink Technology, Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [305376 2016-04-07] (Startup Service)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 12:50 - 2016-05-12 12:50 - 00001169 _____ C:\Users\e\Desktop\FRST64 (1).exe - Shortcut.lnk
2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64.exe
2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64 (2).exe
2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64 (1).exe
2016-05-12 12:43 - 2016-05-12 12:43 - 02381312 _____ (Farbar) C:\Users\e\Downloads\FRST64 (2).exe
2016-05-12 12:37 - 2016-05-12 12:38 - 02381312 _____ (Farbar) C:\Users\e\Downloads\FRST64 (1).exe
2016-05-10 07:01 - 2016-05-10 07:01 - 00000000 ___RD C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-05-03 19:34 - 2016-05-03 18:44 - 00450103 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup
2016-05-03 18:48 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-03 18:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-05-03 18:44 - 2016-01-16 07:52 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup
2016-05-03 18:36 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00004064 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task
2016-05-03 18:36 - 2016-05-03 18:36 - 00003294 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task
2016-05-03 18:36 - 2016-05-03 18:36 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-03 18:36 - 2016-05-03 18:36 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-05-03 18:36 - 2016-05-03 18:36 - 00001028 _____ C:\Users\Public\Desktop\WebDiscover Browser.lnk
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Users\e\AppData\Local\Chromium
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2016-05-03 18:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-05-03 18:34 - 2016-05-03 18:34 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-05-03 18:31 - 2016-05-03 18:32 - 00215168 _____ C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe
2016-05-02 23:37 - 2016-05-02 23:37 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iTunes
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iPod
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files\Bonjour
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-02 23:08 - 2016-05-02 23:19 - 169713992 _____ (Apple Inc.) C:\Users\e\Downloads\iTunes6464Setup.exe
2016-05-02 01:31 - 2016-05-02 01:31 - 32168632 _____ C:\Users\e\Downloads\kolik_x264_001.avi
2016-05-02 01:07 - 2016-05-02 01:07 - 02232432 _____ C:\Users\e\Downloads\MVI_0178.AVI
2016-04-29 14:35 - 2016-04-29 14:35 - 00121093 _____ C:\Users\e\Downloads\1018466651-20120511-133914-.pdf
2016-04-29 12:16 - 2016-04-29 12:16 - 01331443 _____ C:\Users\e\Downloads\1032686392-20160321-161616-.pdf
2016-04-29 12:14 - 2016-04-29 12:14 - 00067362 _____ C:\Users\e\Downloads\1033029940-20160420-122818-.pdf
2016-04-27 02:39 - 2016-04-27 02:39 - 00000000 ___DC C:\Users\e\AppData\Local\MigWiz
2016-04-25 19:56 - 2016-04-25 19:56 - 00000000 ____D C:\Users\e\AppData\Local\Apple Inc
2016-04-25 19:52 - 2016-04-25 19:52 - 00000000 ____D C:\Users\e\Downloads\iphone
2016-04-25 12:28 - 2016-04-25 12:28 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-25 12:26 - 2016-04-25 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-04-24 22:55 - 2016-04-24 22:55 - 00000000 _____ C:\Recovery.txt
2016-04-23 17:19 - 2016-04-23 18:37 - 00000000 ____D C:\Program Files\Reimage
2016-04-23 17:17 - 2016-04-23 17:17 - 00768248 _____ (Reimage®) C:\Users\e\Downloads\ReimageRepair.exe
2016-04-23 14:29 - 2016-04-23 14:29 - 00377409 _____ C:\Users\e\Downloads\EandT.htm
2016-04-22 22:01 - 2016-05-03 15:37 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-22 22:01 - 2016-05-03 15:37 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-22 21:47 - 2016-05-12 12:49 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-22 21:47 - 2016-05-12 05:49 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 21:47 - 2016-05-11 05:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-22 21:47 - 2016-05-11 05:44 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-22 21:43 - 2016-05-12 12:51 - 00031023 _____ C:\Users\e\Downloads\FRST.txt
2016-04-14 00:54 - 2016-03-21 21:04 - 35077421 _____ C:\Users\e\Downloads\Loaf Pinchers at Tin Dog Saloon 3-21-2016.m4a
2016-04-13 11:33 - 2016-04-13 11:33 - 03890755 _____ C:\Users\e\Downloads\IMG_4049 (1).MOV
2016-04-13 11:32 - 2016-04-13 11:33 - 03890755 _____ C:\Users\e\Downloads\IMG_4049.MOV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-12 12:50 - 2016-02-06 17:14 - 00000000 ____D C:\FRST
2016-05-12 12:50 - 2015-03-04 07:41 - 00139776 ___SH C:\Users\e\Desktop\Thumbs.db
2016-05-12 12:49 - 2015-02-23 19:11 - 19935744 ___SH C:\Users\e\Downloads\Thumbs.db
2016-05-12 12:34 - 2015-11-07 16:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-12 07:23 - 2015-02-23 18:26 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52D1E520-8463-4173-977F-6BA65D81C2E3}
2016-05-10 08:07 - 2013-02-17 23:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957965229-2164351736-1395244876-1001
2016-05-10 07:06 - 2012-11-18 19:33 - 00000000 ____D C:\ProgramData\WinClon
2016-05-10 07:04 - 2014-11-21 03:44 - 00005384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-10 06:58 - 2015-02-22 21:49 - 00000000 ____D C:\Users\e
2016-05-10 06:58 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-10 06:57 - 2013-06-24 01:14 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-05-07 11:49 - 2013-11-20 08:54 - 00000000 ____D C:\Users\e\Downloads\Nudes
2016-05-04 12:44 - 2013-02-19 03:04 - 00007604 _____ C:\Users\e\AppData\Local\resmon.resmoncfg
2016-05-03 19:31 - 2013-03-09 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-03 15:32 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-03 14:52 - 2015-08-04 06:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-03 14:51 - 2015-08-04 06:46 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-03 14:51 - 2015-08-04 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-03 14:51 - 2015-08-04 06:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-02 23:37 - 2013-03-04 03:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-02 23:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-02 23:33 - 2013-03-04 03:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-29 02:05 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-29 01:13 - 2015-02-22 21:42 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-28 20:53 - 2015-06-05 07:08 - 01271296 ___SH C:\Users\e\Documents\Thumbs.db
2016-04-28 20:37 - 2014-11-05 16:31 - 00000000 ____D C:\Users\e\Downloads\ideas
2016-04-27 14:52 - 2013-11-23 16:26 - 00000000 ____D C:\Users\e\Downloads\Paintings
2016-04-26 16:16 - 2013-12-14 09:36 - 00000000 ____D C:\Users\e\AppData\Local\Windows Live
2016-04-26 07:46 - 2016-03-03 14:58 - 00000000 ____D C:\Users\e\Downloads\phone
2016-04-26 00:39 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-25 23:18 - 2013-09-16 02:59 - 00000000 ____D C:\Users\e\Downloads\Mom and pop_files
2016-04-25 19:56 - 2013-03-04 03:38 - 00000000 ____D C:\Users\e\AppData\Roaming\Apple Computer
2016-04-23 19:00 - 2013-03-02 20:00 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-23 18:59 - 2015-08-18 16:40 - 00001253 _____ C:\Users\e\Desktop\JRT.txt
2016-04-23 17:27 - 2013-03-09 18:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-04-22 22:00 - 2013-03-06 17:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-22 21:47 - 2015-02-26 16:00 - 00000000 ____D C:\Users\e\AppData\Local\Deployment
2016-04-22 21:34 - 2015-11-07 16:39 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-22 20:58 - 2016-04-06 17:41 - 00001680 _____ C:\SSDXFlashLog.zip
2016-04-22 20:51 - 2016-03-15 09:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-04-22 20:51 - 2015-08-18 15:59 - 00000000 ____D C:\AdwCleaner
2016-04-22 20:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing
2016-04-22 20:49 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-22 20:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-04-22 20:30 - 2013-02-22 11:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
 
==================== Files in the root of some directories =======
 
2013-04-27 10:35 - 2015-01-25 18:39 - 0000542 _____ () C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-04-27 08:02 - 2013-04-27 08:02 - 0000026 _____ () C:\Users\e\AppData\Roaming\ClipGet-UpdatePerformed.txt
2015-02-08 01:53 - 2015-08-25 16:27 - 0005120 _____ () C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-19 03:04 - 2016-05-04 12:44 - 0007604 _____ () C:\Users\e\AppData\Local\resmon.resmoncfg
2014-08-01 08:02 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-18 19:38 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-10 08:08
 
==================== End of FRST.txt ============================
 
Thanks again.

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello hammerman25 and :welcome:
 
My name is Bruce1270 and I will be helping you with your malware problem.  

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    It looks like you posted the FRST log twice instead of the addition log. :)

    The addition log can be found at C:\FRST\logs.

    Please copy and paste the additon.txt log in your reply.

    Thanks

  • 0

#3
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Sorry about pasting the FIX log twice and thanks for the help.
 
Addition.txt -
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by e (2016-05-12 12:52:05)
Running from C:\Users\e\Downloads
Windows 8.1 (X64) (2015-02-23 04:26:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957965229-2164351736-1395244876-500 - Administrator - Disabled)
e (S-1-5-21-1957965229-2164351736-1395244876-1001 - Administrator - Enabled) => C:\Users\e
Guest (S-1-5-21-1957965229-2164351736-1395244876-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1957965229-2164351736-1395244876-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Belkin N750 Dual Band Wireless USB Adapter (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGet 3.7 (HKLM-x32\...\ClipGet_is1) (Version:  - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2408.0 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GestureControl (HKLM-x32\...\{00F2E61A-3A04-4B8C-A828-8E2596F7EFF5}) (Version: 3.0.9 - Extreme Reality Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Help Desk (HKLM\...\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}) (Version: 1.0.8 - Samsung Electronics CO., LTD.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{ECEA43C7-A861-498F-9B3E-5480C6C03E7F}) (Version: 12.1.122 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.2 - Samsung Electronics CO., LTD.)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage) <==== ATTENTION
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Support Center (HKLM\...\{ED8871B5-56A0-45AC-B8C6-B0DD85352664}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Unity Web Player (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User Guide (HKLM-x32\...\{1610D72A-3656-4842-A1A7-1208B4EB168F}) (Version: 1.7.00 - Samsung Electronics CO., LTD.)
VSDC Free Video Editor version 3.1.0.354 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WebDiscover Browser 2.145.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 2.145.2 - WebDiscover Media)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01DFD857-8B3F-42E4-A1CD-38263E63365A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {136F3C33-711D-4DC5-8BE9-A55941D8F9C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1678740F-0BEC-4AE5-A008-AD10F944EDE0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-12-16] (SEC)
Task: {1EF3E615-4D39-426F-AD05-B49A52289F76} - System32\Tasks\WebDiscover Browser Update Task => Chrome.exe --sch-update
Task: {2B906F59-2693-42A8-A048-384437318422} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {45F8C106-DBC5-46C8-A87D-15B391DBA61F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {467268A0-5577-4D95-BC45-BF9ABEDFAEDA} - System32\Tasks\WebDiscover Browser Launch Task => Chrome.exe --sch-launch --docked
Task: {63FF9B7D-0C22-4373-B63C-161FEA8B31AE} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-10-19] (Samsung Electronics CO., LTD.)
Task: {65A84971-2726-48E1-ADCE-7BFA51DC523F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {68AF62B6-8FC9-403C-BAAF-D3C9D403C9EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {6DDD9379-AF9B-41EA-82A8-6E3C432F55D5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {D3C5990E-CE14-4563-A0C8-3AAB6ACB1A38} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {E241A584-AEA9-4DBC-816E-720330FF30FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {E2A15D0C-FC32-40B1-B203-314613D96C8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {ED094695-0779-4821-A653-26AB69DA7529} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\e\Desktop\DCS-932L(31207543).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxps://www.mydlink.com//?mydlink_no=31207543&lang=en_US"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-05-03 18:36 - 2016-04-07 13:01 - 00985312 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-08-10 04:28 - 2012-08-10 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-11-09 02:56 - 2012-11-09 02:56 - 04310648 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-10-19 02:34 - 2012-10-19 02:34 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 01055352 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2016-05-03 18:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-03 18:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-05-03 18:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-03 18:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-03 18:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-03 18:36 - 2016-04-07 12:45 - 00117248 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\chrome_elf.dll
2016-05-03 18:36 - 2016-04-07 13:01 - 42127872 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\chrome.dll
2016-05-03 18:36 - 2016-04-07 13:01 - 00301792 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\installsight.dll
2016-05-03 18:36 - 2016-04-07 13:01 - 45912064 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\chrome_child.dll
2016-05-03 18:36 - 2016-04-07 12:45 - 02067968 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\libglesv2.dll
2016-05-03 18:36 - 2016-04-07 12:45 - 00075264 _____ () C:\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\libegl.dll
2012-11-18 19:40 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 21:34 - 2012-06-07 21:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-18 19:24 - 2012-06-24 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-05-03 15:37 - 2016-04-27 18:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-03 15:37 - 2016-04-27 18:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-05-03 15:37 - 2016-04-27 18:25 - 17536664 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7897 more sites.
 
IE trusted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\123simsen.com -> www.123simsen.com
 
There are 7897 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2016-05-03 19:34 - 00451620 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15519 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\e\Downloads\zoo 1b.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "StrongVaultApp.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "SMessaging"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "iWon Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "iWon_5k Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Logitech Vid"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Nike+ Connect"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "WebDiscoverBrowser"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{09BEAC3D-8D9D-478B-934A-9FE71006BE0A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{BB9C6534-3F4C-4FEC-9966-F90F7CD6126D}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{349E297B-B582-485D-ACF5-A9271F72D7C2}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [TCP Query User{81F3848E-3990-4BB8-BBE5-A952E4993B8B}C:\program files (x86)\warthunder\launcher.exe] => (Allow) C:\program files (x86)\warthunder\launcher.exe
FirewallRules: [UDP Query User{67B7BDF1-7B7A-4876-A57B-0CEC928BB36C}C:\program files (x86)\warthunder\launcher.exe] => (Allow) C:\program files (x86)\warthunder\launcher.exe
FirewallRules: [TCP Query User{FBAD45E1-38D1-4612-A37C-B07EDF5B4B2F}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{2F127871-6C3C-4774-8733-20B9A3A06A85}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{892DF03C-2C60-4CFF-86D4-EF1F49BF6B7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{360D166B-E359-46C2-B1CB-A93E8869FB65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BC6B0A6C-E8D1-4092-9461-49312F1B116E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B19A035C-3B0C-49A4-BFD6-DB6A27192286}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A3FBFD9B-D68D-4084-81AB-8A2D4976611F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{24105C55-DA5F-4FA9-A08B-1ECE14972211}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{04D672F7-F119-4B8C-894D-3F84D2825C8F}C:\program files (x86)\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\warthunder\win64\aces.exe
FirewallRules: [UDP Query User{CB39FBD9-24A0-488B-A146-3EC81CE6277B}C:\program files (x86)\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\warthunder\win64\aces.exe
FirewallRules: [{CA0B08B9-DEF1-454F-94BD-683C144CCFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C96C4115-FB2A-4024-A8BF-35C2F71C0DEF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC257F8F-5CF0-4E80-93E7-B789E7D9C76A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{13003B00-939F-4B4F-AE7B-E8CB12B3A47A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F002497-8510-4F69-8643-F4118C251D5B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DBDAE5E1-7966-4B36-AAC5-4528E9215E11}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
23-04-2016 18:56:47 JRT Pre-Junkware Removal
29-04-2016 06:33:05 Windows Update
02-05-2016 23:34:01 Installed iTunes
03-05-2016 18:44:48 Revo Uninstaller's restore point - Web Companion
05-05-2016 03:38:21 Revo Uninstaller's restore point - KNCTR
12-05-2016 06:11:21 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Logitech HD Webcam C615
Description: Logitech HD Webcam C615
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Logitech
Service: LVUVC64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/12/2016 02:51:15 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/11/2016 07:49:00 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/10/2016 12:36:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/10/2016 07:13:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/10/2016 07:04:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (05/10/2016 07:04:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (05/09/2016 05:47:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/08/2016 10:42:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/08/2016 03:47:11 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/07/2016 08:29:46 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
System errors:
=============
Error: (05/12/2016 05:54:27 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/12/2016 05:53:57 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/11/2016 05:33:24 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/11/2016 05:32:54 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/10/2016 06:58:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (05/10/2016 06:58:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (05/10/2016 06:57:25 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (05/10/2016 06:58:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:47 AM on ‎5/‎10/‎2016 was unexpected.
 
Error: (05/10/2016 03:41:07 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/10/2016 03:40:36 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
CodeIntegrity:
===================================
  Date: 2016-05-10 22:24:09.737
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:09.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:09.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:08.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:08.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:08.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:07.909
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:07.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:07.159
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-10 22:24:06.956
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 44%
Total physical RAM: 3984.14 MB
Available physical RAM: 2195 MB
Total Virtual: 6160.15 MB
Available Virtual: 3427.23 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.16 GB) (Free:322.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hammerman25

Not seeing much but we'll try a little clean up. :)

Step1 - Optional Uninstall

I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program.

To do this:
Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
Enter control panel in the search box, then tap or click Control Panel.
Under View by:, select Large Icons, then tap or click Programs and features.
In the list of installed programs locate and click on Spybot - search & destroy.
Click uninstall.
Say Yes to uninstall and completely remove spybot.
Spybot_uninstall_zpsbz5067sr.jpg
Click on Open Immunizer
Click on Undo Immunization
spybot_uninstall2_zpsjyumq6ck.jpg
Allow it to complete removing the immunization
Click on the X top right hand of Immunization box to close.
Click on Next to continue to uninstall spybot.
Click on Uninstall
Restart the sytem.


Step2 - Remove programs

Please uninstall the following unwanted programs:

Reimage Protector

To do this:
Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
Enter control panel in the search box, then tap or click Control Panel.
Under View by:, select Large Icons, then tap or click Programs and features.
In the list of installed programs locate and click on the program to uninstall e.g. Reimage Protector
Click uninstall.


Step3 - FRST fix


I noticed that you run FRST64.exe from Users\e\Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe [985312 2016-04-07] ()
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {6563BC40-1541-40F0-BEA7-0D4671A951E7} URL =
FF Extension: Avira Browser Safety - C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\[email protected] [2015-08-05] [not signed]
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [305376 2016-04-07] (Startup Service)
2016-05-03 18:34 - 2016-05-03 18:34 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-04-23 17:19 - 2016-04-23 18:37 - 00000000 ____D C:\Program Files\Reimage
2016-04-23 17:17 - 2016-04-23 17:17 - 00768248 _____ (Reimage®) C:\Users\e\Downloads\ReimageRepair.exe
Task: {1EF3E615-4D39-426F-AD05-B49A52289F76} - System32\Tasks\WebDiscover Browser Update Task => Chrome.exe --sch-update
Task: {467268A0-5577-4D95-BC45-BF9ABEDFAEDA} - System32\Tasks\WebDiscover Browser Launch Task => Chrome.exe --sch-launch --docked
C:\Program Files\WebDiscoverBrowser
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step4 - run adwCleaner

    I can see you have adwCleaner downloaded already but I would like you to download it again.

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options tick -
    Reset proxy settings
    Reset winsock settings
    Reset TCP/IP settings
    Reset IPSec settings
    Reset Internet Explorer policies
    Reset Chrome policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • Did you uninstall Spybot?
  • Fixlog.txt
  • AdwCleaner[C*].txt
  • How is the computer running now?

  • 0

#5
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Spybot is uninstalled.

 

Fixlog - 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016

Ran by e (2016-05-14 19:05:47) Run:2
Running from C:\Users\e\Desktop
Loaded Profiles: e (Available Profiles: e)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe [985312 2016-04-07] ()
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {6563BC40-1541-40F0-BEA7-0D4671A951E7} URL =
FF Extension: Avira Browser Safety - C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\[email protected] [2015-08-05] [not signed]
S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [305376 2016-04-07] (Startup Service)
2016-05-03 18:34 - 2016-05-03 18:34 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-04-23 17:19 - 2016-04-23 18:37 - 00000000 ____D C:\Program Files\Reimage
2016-04-23 17:17 - 2016-04-23 17:17 - 00768248 _____ (Reimage®) C:\Users\e\Downloads\ReimageRepair.exe
Task: {1EF3E615-4D39-426F-AD05-B49A52289F76} - System32\Tasks\WebDiscover Browser Update Task => Chrome.exe --sch-update
Task: {467268A0-5577-4D95-BC45-BF9ABEDFAEDA} - System32\Tasks\WebDiscover Browser Launch Task => Chrome.exe --sch-launch --docked
C:\Program Files\WebDiscoverBrowser
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe => No running process found
C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe => No running process found
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WebDiscoverBrowser => value removed successfully
"HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6563BC40-1541-40F0-BEA7-0D4671A951E7}" => key removed successfully
HKCR\CLSID\{6563BC40-1541-40F0-BEA7-0D4671A951E7} => key not found. 
C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\[email protected] => moved successfully
wdsvc => service removed successfully
C:\WINDOWS\system32\LavasoftTcpService64.dll => moved successfully
C:\WINDOWS\SysWOW64\LavasoftTcpService.dll => moved successfully
C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini => moved successfully
C:\WINDOWS\system32\LavasoftTcpServiceOff.ini => moved successfully
C:\Program Files\Reimage => moved successfully
C:\Users\e\Downloads\ReimageRepair.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EF3E615-4D39-426F-AD05-B49A52289F76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EF3E615-4D39-426F-AD05-B49A52289F76}" => key removed successfully
C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDiscover Browser Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{467268A0-5577-4D95-BC45-BF9ABEDFAEDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{467268A0-5577-4D95-BC45-BF9ABEDFAEDA}" => key removed successfully
C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDiscover Browser Launch Task" => key removed successfully
C:\Program Files\WebDiscoverBrowser => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {FDFE18AF-6E27-46FC-B434-1374930E108F}.
Unable to cancel {52CEFE61-587E-4396-869F-9DA435313EB1}.
Unable to cancel {F3F71959-434F-4A9C-924F-45E8516D1098}.
Unable to cancel {E433AE4C-6CA5-4DCF-928C-44058930AC04}.
Unable to cancel {E1557824-3441-4152-B11E-B53F86D04690}.
Unable to cancel {D7FC395D-DEA6-474C-8753-60AB11AFC7C1}.
Unable to cancel {02EA893E-3DE1-48E9-A629-4DEE2942A30E}.
Unable to cancel {4414EEDB-8788-4112-8C8F-4E443DA44F21}.
Unable to cancel {F092B0FE-37F2-42AE-9514-9EFB200C1C6F}.
Unable to cancel {C6672646-849B-4A05-828F-5DC4D88C492C}.
Unable to cancel {FE92B4D9-695C-4B69-9732-1B76D93F387D}.
Unable to cancel {1873DF96-936B-4DD8-9444-B720E404D9A9}.
Unable to cancel {1EEB3783-9BDC-400B-B42C-C28617F44B93}.
Unable to cancel {E3F36DBC-9816-4FB5-B887-886DC3272728}.
Unable to cancel {B64D0D3B-F2A0-45F6-97BE-5DBF6438752C}.
Unable to cancel {7B9533E1-BF32-4944-AB38-7A990B26947E}.
Unable to cancel {23F20B2B-CA3E-40E9-8A17-235C877727AC}.
Unable to cancel {F5236AB0-8495-41D3-8E6C-E8EA3E184F4C}.
Unable to cancel {606C57C4-72E2-4A4F-AE6F-6CA3E23833EB}.
Unable to cancel {E76B9B0C-21F2-4762-9404-5D38A7DF56AA}.
Unable to cancel {AAD7AE1B-08C2-4218-8158-C79EB7177E77}.
Unable to cancel {89649AD5-0E5B-4124-9755-777D0013F7E4}.
Unable to cancel {605AC6F7-9344-4DEE-82C4-27A5B7C4367F}.
Unable to cancel {5DF5B43A-203E-4A3D-8093-EBC185D5CF0D}.
Unable to cancel {2DC340DA-7293-449A-AB18-3558BB5059C1}.
Unable to cancel {572D0432-5AAC-47E2-AD32-013CE2D7D157}.
Unable to cancel {5A6B7428-BC2A-4892-8343-5C15F9CEA265}.
Unable to cancel {9300258F-C8F8-4CE1-AE8B-7DEA1F451DF9}.
Unable to cancel {F732D25C-564C-46EA-9D48-4CC5F939BB14}.
Unable to cancel {E5E7ABA4-447D-4F15-8A17-FDA078FF11DA}.
Unable to cancel {13A31C15-AE2B-4135-A3D2-6F1A392CD3DB}.
Unable to cancel {48A7AEDE-600B-4190-9A95-11E2C5F1EB6B}.
Unable to cancel {35880590-C94A-4BBE-AAEC-73FEBB30466E}.
Unable to cancel {05FD447B-47E8-406C-B164-B56BD83EA12C}.
Unable to cancel {01FACE4A-51D2-4013-AC87-0455E39F0BA9}.
Unable to cancel {631AB3DE-4BCF-42F0-B197-57DAB66C481D}.
Unable to cancel {F8BBA9AE-BBC7-4212-A472-60565CD77CE8}.
Unable to cancel {8B7509AE-0E25-4E86-87A5-959276FA0539}.
Unable to cancel {B106C846-7E6B-4642-AB47-0EB8EA15E877}.
Unable to cancel {CD4036B2-CA7F-4ECA-8BCA-4F01923EB50C}.
Unable to cancel {96F74C5E-ACF0-4728-81A6-140697183EBD}.
Unable to cancel {23B1F1C8-9E9C-47BD-A5A5-E70B419686B9}.
Unable to cancel {EF91BEFA-D451-4C1A-998D-0FB5AA835D93}.
Unable to cancel {6CD19884-64DC-485E-877B-1FD64AC0B33A}.
Unable to cancel {5ECB06E2-5C11-4D2F-B631-6B33FA1746F8}.
Unable to cancel {97D04D06-580D-4B2C-BDCA-2CE5E55FAAFE}.
Unable to cancel {5C9922CE-D6A4-468C-A81B-DE578E18E3DC}.
Unable to cancel {82B55B54-553B-4C80-89F9-7CFBF2FA7520}.
Unable to cancel {A6B8605B-89A1-4AD7-9EC1-351505B5739E}.
Unable to cancel {D3B57B65-6049-46EA-9B7E-1EA2D4579F5B}.
Unable to cancel {8C678794-AEBC-401E-835B-24D0B80CCF36}.
Unable to cancel {075D6AC6-97D1-42A9-8E6A-B6530566DE1A}.
Unable to cancel {C19B2832-634C-4709-B8A7-41CC4AD1E402}.
Unable to cancel {F22019E0-CCF6-4148-8260-A3FDC733D531}.
Unable to cancel {C4EFC64C-E5A2-4D77-9B2B-F02A239BD06C}.
Unable to cancel {B8A23258-63A8-4AA5-AF70-0D59A5F7E69E}.
Unable to cancel {BD464998-D50B-4193-87DF-EC1CA3C15380}.
Unable to cancel {6EDE09B9-201F-45BD-B40B-E9D73CF2012C}.
Unable to cancel {6CDF8AC8-BD9C-4DD9-A622-4850BC5E42D8}.
Unable to cancel {057017E4-0B8E-4C54-85ED-A74DE2E89E50}.
Unable to cancel {F40588E7-715E-4D2B-A152-B6131EB786C6}.
Unable to cancel {21FD5EEA-07DD-4B4E-8D26-C15EC8A09AB6}.
Unable to cancel {0541BE27-2761-4E37-86B5-346845E9D4A1}.
Unable to cancel {B8CDD249-6308-4D0A-917A-6718B2DC76C3}.
Unable to cancel {25836283-D5EB-4E35-8EE3-73E4B448F9D0}.
Unable to cancel {225094E2-EED4-4330-9C21-6B27F0FCBEBF}.
Unable to cancel {31EC6FD6-7FB5-4D30-B43F-60C1ED18D12C}.
{77ED107B-9EE6-44C8-9171-4E1527BBC8D3} canceled.
{5890BCB1-3ED7-412B-A2E0-35CB9093EC13} canceled.
{5D0CF029-4254-42C0-AC96-C2B4BE0F93CF} canceled.
{F1970B0A-C63C-4EF1-B04F-BF6812387170} canceled.
{EB7E8EF0-2485-421B-AC94-29670F49DDB1} canceled.
{339AA7A0-EA8A-4AF1-9D63-3EB1B14544B8} canceled.
Unable to cancel {BF350154-D6DE-4D49-87DB-A020AA208477}.
Unable to cancel {15BFCC95-55A5-42C3-A99C-055D800FCFAE}.
Unable to cancel {DCE77EBE-4571-41E9-A2AF-E35EBD878789}.
Unable to cancel {E722C592-E917-4714-89EC-3B4D33D020AF}.
Unable to cancel {22E58663-822D-439F-B1E9-49632E031DF0}.
Unable to cancel {6C4B7471-FDCD-44CC-9ABF-1F9172112D98}.
Unable to cancel {9C358734-EF2C-4085-85BC-8C11CEC1097A}.
Unable to cancel {5DCB6174-215C-4073-922E-1C3D4FD2D9BC}.
Unable to cancel {708C139A-EF6B-4279-A4D0-C936D5C1A5AD}.
Unable to cancel {931549B2-BF71-4971-8432-C7F798F963AC}.
Unable to cancel {D6FB171F-DABE-464A-8CFD-5B76248570C3}.
Unable to cancel {533A4608-EA95-4D5A-8FD8-3A907BBA4B57}.
Unable to cancel {7A4C7A07-A1F9-48E1-950B-D0902FD65707}.
Unable to cancel {64548EA7-9480-4577-8943-5E7B32DC91BF}.
Unable to cancel {DD631F8E-609E-445D-ADAA-6FE4E1770EC3}.
Unable to cancel {2D2BC75A-E0AD-4C1A-A507-35FED00E3117}.
Unable to cancel {BDA8B354-793E-41FB-A497-7E1B6FB895CD}.
Unable to cancel {1207EE09-25B1-4B92-99E2-591D5AF8433F}.
Unable to cancel {51207594-CB3C-4F4B-967A-12F19985F45C}.
Unable to cancel {85F14664-2743-4EDB-AA5C-F169677B383D}.
Unable to cancel {9B3F0305-7AF4-40DE-87F6-1E1D45266D85}.
Unable to cancel {0D9E1566-B55F-451F-B350-47A295AFA085}.
Unable to cancel {53822701-2564-412D-AE9A-B111D8D2AF5D}.
Unable to cancel {5A7A4C9D-B371-4FA5-B73B-725F5EA13F25}.
Unable to cancel {A8F78772-1626-4E57-89A9-62E20418626C}.
Unable to cancel {0A532031-A1EF-438B-ABBA-7B81E267018B}.
Unable to cancel {86F3E1D1-EC28-45BB-AD38-058C8A6F9A25}.
Unable to cancel {8680C884-8BFC-47F6-B02E-28A1E785DAE2}.
Unable to cancel {C966E9B3-DCC5-4FFA-A4A8-4ABDA83C9866}.
Unable to cancel {11B5A701-CAF7-4E9A-A216-A107B61DA959}.
Unable to cancel {7C8555A5-7572-4A19-8642-AAADB7A0CFE6}.
Unable to cancel {ABBD96BA-BC31-42F2-8C61-F8A00C6E1910}.
Unable to cancel {32A50A89-AD45-47E2-9FA1-4B5F707927B1}.
Unable to cancel {1BA80C61-EF2E-47CE-A41E-D659AE9943DC}.
Unable to cancel {48291B06-B7D1-45AC-87B3-32F492792E08}.
Unable to cancel {2EB8325B-5ECC-42C6-97B1-FFD11C6599CE}.
Unable to cancel {DEFCF695-219B-4AF0-9BE7-AC69627A9A42}.
Unable to cancel {60F39295-7DFF-41D4-9B52-88BA99093AE3}.
Unable to cancel {6A891AB3-311C-48A8-BF91-3BB18220739B}.
Unable to cancel {A56DFE73-4D6A-4DD6-9513-913EA0210B00}.
Unable to cancel {8EFD3931-A744-4704-AA64-9EB9A710F306}.
Unable to cancel {A075EA0B-D30B-4425-BD3B-C93F0CA90C83}.
Unable to cancel {A961F4A8-2D13-4970-B1DD-D53D48D88919}.
Unable to cancel {CF2FAD00-02C9-4606-BAF4-3F324ED104A1}.
Unable to cancel {073658EF-6FFE-4AB8-8C29-C1422DE9086C}.
Unable to cancel {4403DE0C-0DFF-46CA-81D8-3FCF11DF0DE4}.
Unable to cancel {EB210E68-E677-4D5B-8ADB-E3F390A16371}.
Unable to cancel {02EEAC30-4891-4357-BD7B-5132B8013803}.
Unable to cancel {19975C3E-654E-4A08-A1FC-02FAC38FCCB5}.
Unable to cancel {4DADAD77-48AF-494D-BB31-2BAF520B3BF1}.
Unable to cancel {7408026E-419D-4D44-9BF3-DD02C63E6AA5}.
Unable to cancel {49556D2F-C0EA-4168-9288-EF8BE852F78C}.
Unable to cancel {58382F59-FAFF-464D-8C50-274B8B7A0135}.
Unable to cancel {8856DD95-A132-4AF1-8B3D-83B8EEEAC6E4}.
Unable to cancel {5567E1BB-25AC-4AAD-B516-0BCE16A1FF16}.
Unable to cancel {4567F702-D708-4315-84D8-17B7CB08C369}.
Unable to cancel {019F33F9-CCA8-47B4-8E3D-1100647C72C4}.
Unable to cancel {2DC49FB2-4960-4D36-AE76-BB29606B91AE}.
Unable to cancel {EC127665-9A5B-4F0A-8A31-335AA07586DC}.
Unable to cancel {19077256-C4BA-4749-A8DF-328A73DAD203}.
Unable to cancel {19A991AC-3F16-43E3-A589-905AC6B219FA}.
Unable to cancel {D236B97D-5B4F-44EB-B69C-838A91456492}.
Unable to cancel {F6860E5A-B879-4702-AD79-AB4FC7886FF1}.
Unable to cancel {FB1A1469-B160-42C9-9210-631205440D8B}.
Unable to cancel {F1C558A5-2E4D-4A2B-8C59-60F5F78A78BB}.
Unable to cancel {1F8FE12F-2980-4FC4-9B26-06C13292D607}.
Unable to cancel {76753F63-C183-4809-AE82-1A2A6014F090}.
Unable to cancel {10927309-6C15-4A16-9DC8-8DC075C029AB}.
Unable to cancel {A7895CBD-5543-436A-B08D-149386F53F6E}.
Unable to cancel {EED69969-9E57-4E3D-B8A5-91F1D75F3C52}.
Unable to cancel {94458E6C-4072-483B-97D0-28647A1AC2B0}.
Unable to cancel {083972E5-A288-425B-B6A6-F0EA60B85486}.
Unable to cancel {361ADBA5-8719-4B0E-9FD0-4D6152516195}.
Unable to cancel {C0393EA2-29A3-4F06-B69A-3E8C295E1E3D}.
Unable to cancel {F54549C3-4F9D-4EFF-8F99-6B9B27F55D93}.
Unable to cancel {BE5AFB10-6115-4794-8D0A-FA688462C2C7}.
Unable to cancel {CB83BD90-F5DA-4D98-ADD3-2EB22F017DBD}.
Unable to cancel {1C9DB72B-964D-41BA-A170-33EA9F4D188F}.
Unable to cancel {E5DA3868-BC65-4D8F-8E0D-A25A6B70C576}.
Unable to cancel {15858818-1C8B-4697-855C-69E80421AA0A}.
Unable to cancel {E1A4F21B-895B-488A-8AD2-775233236F71}.
Unable to cancel {793CBA93-9751-420A-8D0D-AA97969E1100}.
Unable to cancel {958AF622-2309-4F4F-AB7C-9625F4714867}.
Unable to cancel {5C8F0C9A-0834-45ED-999E-FFA30319AC9E}.
Unable to cancel {DA4CAE83-25B5-4DC8-96FF-10FF237AF700}.
Unable to cancel {EE375135-E3BD-46A9-BE2E-4D555E96832A}.
Unable to cancel {DF5627AC-CD3B-40D4-B5B0-A03134851AF3}.
Unable to cancel {0AE03B72-3403-42D8-8D10-D8E7A6DD00E1}.
Unable to cancel {68D541C4-72A8-449B-8D0B-76CC0F38E109}.
Unable to cancel {A86C8298-3855-415C-9F20-84AF7ABE6184}.
Unable to cancel {5ADE013F-4275-4E8B-A27D-614842ECD85E}.
Unable to cancel {807C70CA-6D53-432E-B583-1E15F11CB8CD}.
Unable to cancel {3F82CAB5-F21B-48A6-AACE-6CA136658663}.
Unable to cancel {38E1EC25-8D6C-4FF5-A975-F698EBCE76B0}.
Unable to cancel {599CCE5E-0410-4870-8A3E-518E92AF78FA}.
Unable to cancel {8292B641-EC15-471F-885F-53201F7CBB10}.
Unable to cancel {643BD45F-08DB-4E25-889C-8EA8F333B505}.
Unable to cancel {3E3B176A-5009-40DA-BB55-000E9EB5A541}.
Unable to cancel {41B34E5E-F946-4BA6-9B6F-07F2232256FC}.
Unable to cancel {2897E3BF-D397-4459-8DA2-60AC0AC3A7E7}.
Unable to cancel {013EC270-797B-478C-8294-9C344E0B7FED}.
Unable to cancel {53F6F717-B61D-4F78-AECB-DA2F8ADF6704}.
Unable to cancel {61BC4A5D-413A-4B97-B3BF-D1DFA28C08FE}.
Unable to cancel {A0DB1622-DF73-4277-A3B8-20548B11422B}.
Unable to cancel {FF10C722-8876-459C-975E-77EA7EC342BF}.
Unable to cancel {49D32308-0C8A-4B5C-AB6D-31C72AE3B384}.
Unable to cancel {FE706E22-7A72-4E6F-B7F4-08338F73A352}.
Unable to cancel {D7771D11-54E9-4F66-A889-474396126881}.
Unable to cancel {7648B078-47FE-47D2-A96B-BB0CFAE6A39D}.
Unable to cancel {F3586E86-45ED-4387-A04C-B1521A30E637}.
Unable to cancel {A88906A9-91DA-4020-9793-977E5281D371}.
Unable to cancel {C8FD7001-FE89-4E9A-BEF6-7B9EB0218FD9}.
Unable to cancel {BD392F87-8199-48F1-BDEB-5A1423DC46A3}.
Unable to cancel {9E9D2FDE-1853-44E4-936B-4392A613AB79}.
Unable to cancel {9149B005-6B45-403F-8C3B-99638346B854}.
Unable to cancel {BFBE981C-A32F-46AA-9BD4-597D4423C614}.
Unable to cancel {E1F2B143-F365-462C-A44C-9D96E2EE74A5}.
Unable to cancel {4D33EE22-ED29-46F6-8697-7ACD7887F04F}.
Unable to cancel {5F5DAE6D-656A-4363-B71A-FEF99EA5DB4F}.
Unable to cancel {9AE92D52-2761-4DB6-B4CB-B6AECAA1ABD0}.
Unable to cancel {9FAAEB3B-5B39-48C5-BF98-9801D924AB49}.
Unable to cancel {40A20E0E-E971-4488-A9EB-16439FB166FB}.
Unable to cancel {435AD8D3-43D0-4ABB-BEFB-95C38B2FDA61}.
Unable to cancel {DD315082-C599-4ACB-BC50-BA95BFC52E22}.
Unable to cancel {53CF5092-AF00-4831-A3CF-7C6610C9D37C}.
Unable to cancel {6710D311-A149-4CD0-9430-02F5111D2913}.
Unable to cancel {3EE91EDA-1A7C-4296-AA7D-CD451B9307F0}.
Unable to cancel {BA147756-55EB-4EF5-BB5E-5E7857029A79}.
Unable to cancel {0B4D3207-A26F-4602-92C2-8E7ADB5321A9}.
Unable to cancel {10D7B7CE-CEEA-4ECE-A6F5-F676807347CB}.
Unable to cancel {F6C06812-FB86-480F-8EA8-644E27668770}.
Unable to cancel {9D6D0601-3C01-46FC-A81D-2949BE013296}.
Unable to cancel {84EE453F-EDF5-4B4B-976D-D5253CC75BC7}.
Unable to cancel {F3C7A783-F363-4BD8-ACE5-FF1396ACCAD0}.
Unable to cancel {A41E6921-404D-4021-96F2-3F7DF904E982}.
Unable to cancel {7C598E37-C2E1-41A7-9ACF-759E2B0AE3A9}.
Unable to cancel {DEEA5AEF-AA22-4350-B2D0-326F994414B9}.
Unable to cancel {4C7C489D-E123-45DE-8CBE-0FFE26BCB874}.
Unable to cancel {FC4EF28A-8EB5-426E-AD49-FB7814FDF210}.
Unable to cancel {EF219308-7679-4CB1-820C-67A395FF5C3A}.
Unable to cancel {7B028CAE-01CF-433B-9640-1938AE33E381}.
Unable to cancel {CAF3845E-7FAC-4DC8-BC55-ACE610DB012F}.
Unable to cancel {CD46C102-1FE1-464A-8B14-0439FB891CE2}.
Unable to cancel {05311878-B9E1-4675-B63F-BD5E02281A9A}.
Unable to cancel {A5F3DB83-86C9-4B22-90D3-94609F9C2239}.
Unable to cancel {EE2D5E6E-5B06-4342-B932-78A5C690BE68}.
Unable to cancel {30731B70-A1E5-4F4F-AB5E-5BC49C044713}.
Unable to cancel {2DBEC300-2EFD-4C84-B480-802A7455F082}.
Unable to cancel {9384D21B-1C5D-4FD2-8B81-6C65768A071F}.
Unable to cancel {169C4BDC-BD36-480E-B99E-A3DE4E107C42}.
Unable to cancel {4F72EA37-BEFF-4567-BC98-5DB18D920F06}.
Unable to cancel {73414352-FB1B-45E6-83DB-B88F2AD90A29}.
Unable to cancel {B3F901B5-E6CD-4A7C-8742-A0AAC0A8A2DE}.
Unable to cancel {15C7976E-9684-4133-A0B2-AE5F3D994B08}.
Unable to cancel {650FB75F-69E9-4FA9-B769-AFDDB99226C3}.
Unable to cancel {A744CAD6-C063-4099-B48D-66147A67AA2C}.
Unable to cancel {E426400B-4F0C-4A10-98C8-6875D38010B5}.
Unable to cancel {190F3EC0-51E5-425D-A07D-AC7A02491A01}.
Unable to cancel {7A34C231-34D6-45F1-A7B9-5397BE3B9D59}.
Unable to cancel {895D155B-C910-4918-829E-61215E97678B}.
Unable to cancel {90B2532F-B93B-496C-931D-00EAA01364F9}.
Unable to cancel {C3B6F681-8C7E-456F-8AC4-F7E6E71E9F22}.
Unable to cancel {F835C7C0-C1A0-4CA6-86C3-814D909265FF}.
Unable to cancel {75A46B91-4421-4393-9AE1-F0A5B98F95DA}.
Unable to cancel {E3753718-4D8D-463D-963E-C0251936872E}.
Unable to cancel {6E100223-F7C4-4C7B-8D6C-DD5875E13661}.
Unable to cancel {1C83D660-3BD4-4514-B4B9-D133A540FCB6}.
Unable to cancel {28A49C08-432F-4C99-96CC-29ACF8711E5B}.
Unable to cancel {6593EB15-90DD-4A9A-BFFD-209F120E4C2F}.
Unable to cancel {C483EF9A-8E6E-4852-A860-78511FD9C1AC}.
Unable to cancel {6573A61B-2364-4C76-9E47-92302C5569B4}.
Unable to cancel {8CD469C2-321F-49AB-B165-7B7F208ED470}.
Unable to cancel {FC930873-4271-43B8-B9A5-79331E176CB1}.
Unable to cancel {C43E5E1A-F419-4A4D-B129-859271B58E31}.
Unable to cancel {BD439080-E64B-476E-8FD2-EFC6FF4C95D6}.
Unable to cancel {201A1964-678D-4191-BBCD-F6E5ADC12179}.
Unable to cancel {FEEC8F51-D764-4675-81F4-9C4CBC61DCFE}.
Unable to cancel {97F6C565-337D-4F23-86D9-399751BB9D49}.
Unable to cancel {A548C1C1-404E-4B26-9C57-655051CC9C2D}.
Unable to cancel {861AAEF2-80DF-41EA-A978-AD21F1BC1501}.
Unable to cancel {99FD205C-089C-4899-B5EB-970D0E6B1BBB}.
Unable to cancel {59F038FE-AC99-48DE-AE81-25AADB6B190A}.
Unable to cancel {ABC51BAD-6DF0-4D1C-A0AB-C8CEDA659399}.
Unable to cancel {831CCB92-EAC8-400B-B367-3ECF9C711A84}.
Unable to cancel {381ACC21-E484-47DB-AEFD-80B7C384EED8}.
Unable to cancel {A4097821-64DC-4966-9D1A-784BC10A7A23}.
Unable to cancel {3DC56568-1F42-4C28-9AC5-C7453A1CFFC0}.
Unable to cancel {13E3EDB7-4ED8-4195-A811-B11751737B07}.
Unable to cancel {2B1FB70E-3140-4D38-9774-834178158656}.
Unable to cancel {586D38AD-7B2A-4399-96EB-9C85589B572F}.
Unable to cancel {02550AA1-C0E9-464F-ADBD-20DA6FF761E5}.
Unable to cancel {76142413-0A34-4F0B-93C8-C4494F96150D}.
Unable to cancel {FB925768-FEEE-410C-9D5F-B326FD648F74}.
Unable to cancel {1994C4AC-6447-42F3-A433-D2A9D860D1A0}.
Unable to cancel {0BBD62CA-D655-4C5D-B16B-183D4E81FA79}.
Unable to cancel {AADCFAAA-0A16-4903-A65D-E2401BB8719C}.
Unable to cancel {FD8EE274-75D8-45E4-9247-F188C549E1C3}.
Unable to cancel {BF7B79EA-5257-4BBD-9761-BB1CB3ABE48A}.
Unable to cancel {38157008-B45F-4535-9170-8497CD417E05}.
Unable to cancel {B13DC70A-A0C9-44C3-9EEE-7C1C586942D2}.
Unable to cancel {A3A618B6-F155-488C-B369-142D271CE11A}.
Unable to cancel {903C724A-EB1E-4603-841F-1992F9C4F28E}.
Unable to cancel {C083B91E-58DD-44F5-946D-2139A4BBC1B4}.
Unable to cancel {8E39419C-67E0-46CB-8777-D2C1A914B346}.
Unable to cancel {0C3ED7B0-BBB7-47D7-BD8A-F17AB9700AF3}.
Unable to cancel {98634A44-92A1-477E-A127-B6CDB52CED0B}.
Unable to cancel {37DB0255-A078-4893-9741-2573ABD7A2CD}.
Unable to cancel {17B7F449-0C3C-4BFC-9FB3-57C4D1779DEE}.
Unable to cancel {71CB73EA-CD3C-4E65-A099-32FD61EE6776}.
Unable to cancel {B246D051-2A84-47AA-9E50-6A45EDAF7666}.
Unable to cancel {8B8FC7F0-C06A-483F-87BC-108D00D6107B}.
Unable to cancel {C33C7EFF-92B0-4B40-B0C6-A9EC1F23CF3A}.
Unable to cancel {778DB741-31C5-4752-938A-D2DD170195D9}.
Unable to cancel {76E18FAC-99EF-44A4-9F38-8C5CE0EF7735}.
Unable to cancel {DC600E09-5519-4AAA-9230-3554316F76B9}.
Unable to cancel {6F207412-5B7B-4932-AC84-29C97A69BFA0}.
Unable to cancel {4592FA20-F7F7-4649-AC78-F8CE20F58ABA}.
Unable to cancel {9215BA21-D367-4F57-A131-80E5C3D9C23C}.
Unable to cancel {11555423-B9DB-4538-A19B-CB4A0AC07BE0}.
Unable to cancel {CE507B29-F254-45FE-9D7E-3AB5F4962B93}.
Unable to cancel {C5066C32-7826-484B-A370-E76CC5694254}.
Unable to cancel {A3EE1636-85D0-4D51-9AD8-A4FAE719F0B4}.
Unable to cancel {EF85FA3C-7A07-4F67-AA0E-649761CDE158}.
Unable to cancel {2667983E-1034-4F89-9969-0ED9CD964BEF}.
Unable to cancel {AC52F743-7978-4E25-8320-C14915DC5036}.
Unable to cancel {5E404B46-C438-4097-8B62-3E4B843F1125}.
Unable to cancel {E75BB947-5616-47DC-8D3D-6E7836DCA730}.
Unable to cancel {A1E29748-D5FD-4359-93A1-944786A575B4}.
Unable to cancel {08A02249-5CFE-4CB8-A366-314F83726AFF}.
Unable to cancel {788F264A-4B54-4583-8F11-05F23BA36F41}.
Unable to cancel {D71D604D-59D3-40A2-A7BE-EF0FF0B1B3C1}.
Unable to cancel {DD75894D-E993-4D0A-A893-00C5BCB6FF46}.
Unable to cancel {55686D4E-1FD0-4514-A313-0DBE411DA579}.
Unable to cancel {D0E84A55-87D9-437E-9AAD-B43952041720}.
Unable to cancel {4DD87E57-A7CE-4EC2-860D-876E7073269B}.
Unable to cancel {8B889259-ED7E-4A09-A597-E4464045FD67}.
Unable to cancel {12A38D5D-1669-4241-9EC6-FFB4C2E11D8E}.
Unable to cancel {3B143F60-E835-4791-9C25-B855808DD7E4}.
Unable to cancel {C9D24360-F992-41F3-8950-5C3CDB743105}.
Unable to cancel {C53BDA64-84C8-45F0-A983-0F0EAD95C819}.
Unable to cancel {8B818B65-71AE-4DFB-B55D-F1530ABDD02E}.
Unable to cancel {37073C66-2C40-4C99-A6EC-9E1DF5F21C0D}.
Unable to cancel {836C4166-CD2C-47BC-840B-0FA0296481FF}.
Unable to cancel {28720767-2E55-400E-AD37-55ACBB2D37EF}.
Unable to cancel {6954EE67-5400-4BC1-94F1-43CF05EC6217}.
Unable to cancel {9888D26C-27A4-43EC-BBD1-6E2124B9ABBA}.
Unable to cancel {548ED96C-49D3-4951-B467-45078118A10F}.
Unable to cancel {18BCB76E-D609-4A2F-B654-0080D3A31FCE}.
Unable to cancel {D0354970-16BA-4120-9D0C-77F0BFF9ED22}.
Unable to cancel {2F9DC574-47E6-4D16-90F2-CA3743B24ABB}.
Unable to cancel {0D015475-6E92-415F-B283-4B8D96FEB411}.
Unable to cancel {C0EC9777-71F6-43BD-957E-7B82A4761BCF}.
Unable to cancel {0D0FAA77-78B9-4412-9689-42F084503EBD}.
Unable to cancel {94468C78-E223-4BA6-AF5A-65D0C1A62025}.
Unable to cancel {79EB207A-6367-4DA8-9BE3-FDCC9E85FF98}.
Unable to cancel {808D577E-3D2D-45C0-9E90-819AD6DF9D84}.
Unable to cancel {7E60257F-6937-40ED-895B-F4B66A0BC81A}.
Unable to cancel {C5C0D37F-E427-482D-AC0E-51CD807356FA}.
Unable to cancel {8833E27F-69C2-4EA7-801C-3ED72ADE2786}.
Unable to cancel {E2762980-C745-4BD1-AC03-DE1972D35BB6}.
Unable to cancel {837ED281-1208-4F69-9A95-4A441E8F7A30}.
Unable to cancel {4D844384-DB4E-4E29-BB48-C596FCD72D8C}.
Unable to cancel {8FF46286-0B2F-450D-84C3-D9032E304B25}.
Unable to cancel {B807A786-97A1-48A1-A9AC-4F7BBE6A716B}.
Unable to cancel {86032B88-7B11-4433-BBEB-89450681B28F}.
Unable to cancel {9F78D188-D953-49BB-A624-552F621DB249}.
Unable to cancel {83889A89-FEF6-4FA6-A3F1-EFFF803C06D4}.
Unable to cancel {145B208B-C8C0-4197-8723-CCA8C6EC5975}.
Unable to cancel {5D64888C-D411-4D17-AB99-C1D5907CF83C}.
Unable to cancel {435E928C-1A70-4B49-BD1F-C046B48D3220}.
Unable to cancel {7D267B90-7C4B-4440-A8D1-3F615E7D16B5}.
Unable to cancel {ACE28F94-2D8E-4821-8C7C-0738130FC5CD}.
Unable to cancel {9D43FD95-D9A2-42D9-8322-AF91F967EB53}.
Unable to cancel {27FF0D96-EF35-4A67-A9CF-31C81228EE8F}.
Unable to cancel {AC2B1F96-DC23-40C0-B061-788F286905C3}.
Unable to cancel {8552DA96-DB7C-4124-92CC-74BAA5A16DFF}.
Unable to cancel {DD2F4997-52FC-4EB1-9D3B-303AD7AB484B}.
Unable to cancel {DF36639B-069F-4C20-A8B5-225E75D59E25}.
Unable to cancel {58C6159F-92D0-4084-92E7-11731D2164A9}.
Unable to cancel {98593B9F-9FB7-4984-97C5-4FEC340A1746}.
Unable to cancel {774AA1A0-7B71-4657-BAEA-8D91C0719DE3}.
Unable to cancel {2450F3A1-45A6-41A8-9336-8D5B7CCF8493}.
Unable to cancel {CFD6D8A2-A155-44C8-B9ED-352B75888772}.
Unable to cancel {5EADE8A2-B0D0-48F9-8E5B-284897CA91FC}.
Unable to cancel {13126EA4-E618-4D90-9748-46A196F13E53}.
Unable to cancel {C04165A6-3E03-4FE0-8675-AEADC3C22244}.
Unable to cancel {DDE7F3A6-785B-4577-A5B7-9F55D32A72F9}.
Unable to cancel {201555A7-E8F0-4EAF-9176-35A9E16E71E0}.
Unable to cancel {284163A7-47BE-4A85-B874-C0D0402315C0}.
Unable to cancel {82007CA8-695B-4FCB-8B46-4CCDAFEB03E2}.
Unable to cancel {3A727BA9-17F7-4D61-9E52-58FDF64BDE18}.
Unable to cancel {5DB2FAAA-6E0A-405D-813C-B8CE2556818C}.
Unable to cancel {5A9413AE-7A4F-414B-B635-C1ECABCB8CF7}.
Unable to cancel {D0E5C2AE-7B09-400F-BA91-695358178C0D}.
Unable to cancel {242AD8AE-C8B4-4EDD-98FE-8D553A9A6A2D}.
Unable to cancel {0F3418B1-89FE-47CC-A2AA-B7F10BE500D1}.
Unable to cancel {BE59FBB1-9DB9-45DF-B766-46DC639C9A22}.
Unable to cancel {522801B2-9572-4D35-B0C6-EC0F1364B914}.
Unable to cancel {B77F06B2-5A05-4CC2-A6D3-26471F7CC070}.
Unable to cancel {58CC27B2-ECAF-4FD1-AEC6-048D4E83A4CF}.
Unable to cancel {B883C6B2-3169-4027-B100-D4580566236F}.
Unable to cancel {AD6148B3-94A7-4263-BEA3-92FB217EE11E}.
Unable to cancel {E6EFB0B3-42EE-4118-AFF1-A221457B578A}.
Unable to cancel {12647CB4-19E9-418E-B842-83F576A410BB}.
Unable to cancel {00B587B6-2B0D-4720-88B4-4CC7368A3094}.
Unable to cancel {95687AB8-30D3-456E-BF29-5C4962226D43}.
Unable to cancel {757269B9-A91D-495C-B46A-3AC86E2D6135}.
Unable to cancel {11668FBC-363F-42E5-8CC7-4F026E72FFCA}.
Unable to cancel {262318BD-F2B9-49AF-938A-5C429279213B}.
Unable to cancel {F60030C0-6E4B-4882-9350-A3945A3659E6}.
Unable to cancel {EDD8A9C0-2256-4AFE-B67F-78E9251FEB41}.
Unable to cancel {623B70C1-191B-4020-B508-7E291CBE0063}.
Unable to cancel {1FFA29C3-2777-4826-B745-B458578D62B8}.
Unable to cancel {2AC8B8C3-975A-49C7-A46F-A9FAF4299DAB}.
Unable to cancel {8C1D17C4-5FF1-44B1-BE13-24666B60E682}.
Unable to cancel {399456C5-8D17-48C2-B350-BF7396BAC9D5}.
Unable to cancel {5D1067C5-D18B-43B9-9AC2-1183F3DA6A67}.
Unable to cancel {CA0051C6-63A7-4551-957C-03153094CF0B}.
Unable to cancel {E1B054C6-B06D-4811-88EA-D1C345EE2E30}.
Unable to cancel {C3325CC6-6F25-423E-8CE5-1A6B01397C92}.
Unable to cancel {3E8A86C6-A236-4AEF-8556-DFEEF02A546C}.
Unable to cancel {89EAF7C9-CFA3-42F2-BC14-E31E00B0A926}.
Unable to cancel {B0CBBECA-EA85-4226-8668-888F602832E5}.
Unable to cancel {3640CECA-9579-48B5-8EA5-512AE6DF3883}.
Unable to cancel {304DF1CA-EF43-4D16-9653-CA8281653FD8}.
Unable to cancel {709C1ACE-1F4D-4C70-AADC-098BFA2C5D0B}.
Unable to cancel {FF2F31CE-AA75-4B1C-BC1F-8117C66E3D16}.
Unable to cancel {D8E663CF-4EE2-49CE-896E-59D56B5DBDC0}.
Unable to cancel {31E3AACF-EC97-4CB1-A12C-E4672CDA99B6}.
Unable to cancel {ED0C01D0-B227-4542-8DFA-E0976777C738}.
Unable to cancel {3BC74DD0-6EEC-40A8-A085-33D849B7D70A}.
Unable to cancel {5809C3D0-9F7E-4DB8-B9F7-9E1B53070635}.
Unable to cancel {216C78D1-289A-4575-80B4-9C0A13A39C3F}.
Unable to cancel {FDDE77D2-426F-464A-A587-93DFE71B835F}.
Unable to cancel {EACDC0D2-0F71-4CE9-AB8D-358DB6C8ADD4}.
Unable to cancel {72BA42D3-58EB-49B0-A58C-82F60D0ED72B}.
Unable to cancel {3020AAD3-FC6E-44AC-85AE-72184C486AF8}.
Unable to cancel {12579BD6-BC34-4A4B-A72A-7133F1D95073}.
Unable to cancel {A073C5D6-42CE-4EB8-9B3D-6B0583AF7D1E}.
Unable to cancel {3C5052D7-F398-439F-BBE4-58631CD0A18E}.
Unable to cancel {BB416CD7-97CE-46BF-9760-6A24D9AF0A8A}.
Unable to cancel {0E4970D9-368A-4D3E-9B3B-DF37987952E9}.
Unable to cancel {3764CADA-C3C5-49EB-97A1-4C03D6845498}.
Unable to cancel {37C408DB-4CFE-46CC-9CEB-D2E17F55E75F}.
Unable to cancel {FFB43DDB-A30D-4958-9326-C28CC9E13F84}.
Unable to cancel {E4178DDB-12B8-4949-B0EC-DDEC8F240A2D}.
Unable to cancel {3A68AADC-4B5A-45ED-B2CB-1679905E8592}.
Unable to cancel {82B36EDD-6760-4C7F-B964-0AF4243E82CB}.
Unable to cancel {5AC138DE-A551-47D8-9477-6F5C0E0EC46C}.
Unable to cancel {B492D6DE-A3B3-4568-B39D-7B3A85C3E78A}.
Unable to cancel {76FB63DF-92F5-403F-8095-62F3D85DEDC7}.
Unable to cancel {CF93A7DF-0A50-4A9E-95E2-CBF74CFDA048}.
Unable to cancel {9D3FB7E0-97F0-41AC-92CF-4DEF1B025592}.
Unable to cancel {527656E3-07FE-4BE0-8BA1-854DE900DFAE}.
Unable to cancel {4F787DE3-22BA-44DE-9A1B-DC7D229FF080}.
Unable to cancel {42DFE4E3-A90D-4765-9C2C-55B4550F174C}.
Unable to cancel {45A1FCE3-233C-408D-A31E-B632C31D4F84}.
Unable to cancel {41999BE5-A173-4DEB-8761-992ED6105F89}.
Unable to cancel {C2835BE6-07A3-4DF6-84E3-A628BA9C73F4}.
Unable to cancel {F53E94E6-3916-414B-BD99-09D32EAAFEF4}.
Unable to cancel {E96A99E6-8F8D-4A62-83DC-C7A19DD19AFD}.
Unable to cancel {DB5D07E7-D290-40CF-83C5-9E5DC8380DDD}.
Unable to cancel {633313E7-7A78-48E6-AA01-47F38F6E5B4C}.
Unable to cancel {E48153E7-4B49-4C6D-A91F-500D1B7F51B2}.
Unable to cancel {280E4EE8-3CEC-4B8C-88C4-8D3DFA0ED805}.
Unable to cancel {85BB8DE8-5B9B-4607-ABFE-5D57D60197A5}.
Unable to cancel {07B6A9E8-9668-478B-9A03-4240957249AD}.
Unable to cancel {9D3418EA-F027-4D0E-A5B2-3BA61DF25583}.
Unable to cancel {918393EA-63A2-4FD1-8D8E-98F31546CB60}.
Unable to cancel {4CF810EB-03C0-4C28-9505-819EFD2FA181}.
Unable to cancel {7F88AFEC-EC4B-4A10-BDD2-566FA9003E63}.
Unable to cancel {EA5306ED-9F1F-4F88-81B5-9D00F3FAE2FA}.
Unable to cancel {04C838ED-902B-495A-ADB7-BCCE118468D5}.
Unable to cancel {AAEEDAED-470C-4188-A104-522D17B495FF}.
Unable to cancel {60C653EE-61EC-442B-9EC7-5F7EDE593F3D}.
Unable to cancel {D4649EEE-00CC-4280-BA2E-00A25163EAB4}.
Unable to cancel {AA17C5EE-8BBF-4D57-8F89-03B3EA687E5E}.
Unable to cancel {0B0D2BF0-AFD5-4E36-A543-DE68BAC04E16}.
Unable to cancel {5E9B7FF0-F3B8-4C4B-93BC-583BAC7A3C94}.
Unable to cancel {ABF79EF0-DEAB-4A67-9E33-28266B29BDA3}.
Unable to cancel {C50FDBF0-1AC0-45F2-BFE7-D1CD8D105D7F}.
Unable to cancel {D08004F1-3CF7-493C-AC03-0280022DEECE}.
Unable to cancel {3C8111F2-EFA9-44C0-905A-A00B176B3D61}.
Unable to cancel {5D656FF2-02E6-44C1-B862-793E70407B45}.
Unable to cancel {07A9CCF3-225F-4DD6-BB55-F8589B93A982}.
Unable to cancel {E0E68DF4-5AE8-42A2-824A-05EC67DDD93D}.
Unable to cancel {094DC5F4-66D5-494B-B1E5-4CA1C27AB303}.
Unable to cancel {E06D28F6-9273-4520-B5FB-40D51C393B4F}.
Unable to cancel {D9178CF7-D3B4-49AB-BEC3-6EFD9E2F7726}.
Unable to cancel {B20314F8-2DBD-4F98-BB63-45B123FBF2E0}.
Unable to cancel {3CD94BF8-5DE9-47DC-A8D1-5A3D9BB83843}.
Unable to cancel {EE8BB5F8-8B5B-4115-A2FC-9BC8CDD17AE9}.
Unable to cancel {BA1F76F9-CAF5-465E-BEC7-C10D4E04FDEA}.
Unable to cancel {48269BF9-FB80-4117-A55D-44B4881DF6A8}.
Unable to cancel {9C4C03FA-28CD-495F-8516-3972ABABDF32}.
Unable to cancel {A5F625FA-9F4D-43A4-A812-AAC236C113D6}.
Unable to cancel {71BA96FA-E368-4B3A-87BA-390A89DEA522}.
Unable to cancel {ED664AFB-88B8-4484-9384-09EE38980013}.
Unable to cancel {51F421FC-CB0F-44C6-87C6-AE7E6D18A36B}.
Unable to cancel {30A4C8FC-4D4C-4E21-A8E4-8C252526510D}.
Unable to cancel {493407FD-00F3-45F7-B5BD-E4ABC12647CC}.
Unable to cancel {8032ADFE-4B4A-43E4-8204-E71025445A9C}.
Unable to cancel {BB74DCFE-753D-4FD9-84E7-522CA84CAEB6}.
Unable to cancel {F2730B53-6EE3-4F29-B32C-553B5E1837FA}.
{D5755C73-36DE-41D4-A045-131E7C29C358} canceled.
{D18D0A1F-FD4D-47DF-B669-BBC2AD9DF93C} canceled.
8 out of 479 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:08:24 ====
 
AdwCleaner.txt -
 
# AdwCleaner v5.002 - Logfile created 18/08/2015 at 16:01:20
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : e - STATESECMONITOR
# Running from : C:\Users\e\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : 
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1350 bytes] ##########
# AdwCleaner v5.032 - Logfile created 06/02/2016 at 18:58:47
# Updated 31/01/2016 by Xplode
# Database : 2016-02-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : e - STATESECMONITOR
# Running from : C:\Users\e\Downloads\adwcleaner_5.032.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Iminent
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Updater By Sweetpacks
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Value Deleted : HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Search Protection]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3558 bytes] ##########
# AdwCleaner v5.112 - Logfile created 22/04/2016 at 18:13:33
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 8.1  (X64)
# Username : e - STATESECMONITOR
# Running from : C:\Users\e\Downloads\adwcleaner_5.112.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3tpuxked45kzt.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3tpuxked45kzt.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.inbox.com_0.localstorage
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.inbox.com_0.localstorage-journal
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_d3l3lkinz3f56t.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [14031 bytes] - [18/08/2015 16:01:20]
C:\AdwCleaner\AdwCleaner[C2].txt - [1921 bytes] - [03/09/2015 21:01:04]
C:\AdwCleaner\AdwCleaner[C3].txt - [1737 bytes] - [10/09/2015 06:51:06]
C:\AdwCleaner\AdwCleaner[C4].txt - [1692 bytes] - [25/10/2015 12:23:12]
C:\AdwCleaner\AdwCleaner[C5].txt - [2034 bytes] - [13/11/2015 07:15:50]
C:\AdwCleaner\AdwCleaner[C6].txt - [663 bytes] - [26/11/2015 23:08:07]
C:\AdwCleaner\AdwCleaner[C7].txt - [977 bytes] - [08/12/2015 14:49:24]
C:\AdwCleaner\AdwCleaner[C8].txt - [669 bytes] - [20/12/2015 01:04:13]
C:\AdwCleaner\AdwCleaner[S10].txt - [579 bytes] - [20/12/2015 01:02:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [22202 bytes] - [18/08/2015 15:59:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [11617 bytes] - [03/09/2015 20:58:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [1542 bytes] - [10/09/2015 06:47:25]
C:\AdwCleaner\AdwCleaner[S4].txt - [1553 bytes] - [25/10/2015 12:21:14]
C:\AdwCleaner\AdwCleaner[S5].txt - [1883 bytes] - [13/11/2015 07:13:48]
C:\AdwCleaner\AdwCleaner[S6].txt - [572 bytes] - [26/11/2015 22:51:18]
C:\AdwCleaner\AdwCleaner[S7].txt - [868 bytes] - [08/12/2015 14:47:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15197 bytes] ##########
# AdwCleaner v5.116 - Logfile created 14/05/2016 at 19:48:29
# Updated 09/05/2016 by Xplode
# Database : 2016-05-13.1 [Server]
# Operating system : Windows 8.1  (X64)
# Username : e - STATESECMONITOR
# Running from : C:\Users\e\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\WebDiscover Browser.lnk
[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe
[-] File Deleted : C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\searchplugins\bing-lavasoft.xml
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key Deleted : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\WebDiscoverBrowser
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebDiscoverBrowser]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\e\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : default
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IPSec settings cleared
:: IE policies deleted
:: Chrome preferences reset : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default
:: Chrome preferences reset : C:\Users\e\AppData\Local\Chromium\User Data\Default
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [27647 bytes] - [18/08/2015 16:01:20]
C:\AdwCleaner\AdwCleaner[C2].txt - [1921 bytes] - [03/09/2015 21:01:04]
C:\AdwCleaner\AdwCleaner[C3].txt - [1737 bytes] - [10/09/2015 06:51:06]
C:\AdwCleaner\AdwCleaner[C4].txt - [1692 bytes] - [25/10/2015 12:23:12]
C:\AdwCleaner\AdwCleaner[C5].txt - [2034 bytes] - [13/11/2015 07:15:50]
C:\AdwCleaner\AdwCleaner[C6].txt - [663 bytes] - [26/11/2015 23:08:07]
C:\AdwCleaner\AdwCleaner[C7].txt - [977 bytes] - [08/12/2015 14:49:24]
C:\AdwCleaner\AdwCleaner[C8].txt - [669 bytes] - [20/12/2015 01:04:13]
C:\AdwCleaner\AdwCleaner[S10].txt - [579 bytes] - [20/12/2015 01:02:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [35288 bytes] - [18/08/2015 15:59:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [11617 bytes] - [03/09/2015 20:58:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [1542 bytes] - [10/09/2015 06:47:25]
C:\AdwCleaner\AdwCleaner[S4].txt - [1553 bytes] - [25/10/2015 12:21:14]
C:\AdwCleaner\AdwCleaner[S5].txt - [1883 bytes] - [13/11/2015 07:13:48]
C:\AdwCleaner\AdwCleaner[S6].txt - [572 bytes] - [26/11/2015 22:51:18]
C:\AdwCleaner\AdwCleaner[S7].txt - [868 bytes] - [08/12/2015 14:47:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [28813 bytes] ##########

  • 0

#6
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

It is running the same except that the search window is gone.


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hammerman25
 

It is running the same except that the search window is gone.


Thanks for the update. :)

We'll go for a malwarebytes and ESET scan to see if anything is still lurking.

Step1 - Malwarebytes scan

Launch Malwarebytes Anti-Malware
[The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


Step2 - ESET scan


You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Things for your next post:
  • MBAM log
  • ESET log

  • 0

#8
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

MBAM -

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 5/15/2016
Scan Time: 11:16 PM
Logfile: Mal.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.15.06
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: e
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317408
Time Elapsed: 29 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

ESET log -

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 29483
 

 

These were the threats -

 

C:\FRST\Quarantine\C\Program Files\WebDiscoverBrowser\installsight.dll a variant of Win32/WebBar.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WebDiscoverBrowser\wdsvc2.exe a variant of Win32/WebBar.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files\WebDiscoverBrowser\2.145.2\48.0.2564.10\installsight.dll a variant of Win32/WebBar.D potentially unwanted application

 


  • 0

#9
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hammerman25

The logs are looking clear of malware. What ESET found has already been removed using FRST and these will be deleted when I clean up and remove my tools. :)

Let's try refreshing your browsers and also post some fresh FRST logs.

Step1 - Refresh Browsers
  • Please see this guide on how to reset your web browsers.
  • Please follow the instructions for Chrome, FireFox and Internet Explorer.


    Step2 - FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • How is the computer running now?
  • FRST.txt and Addition.txt logs

  • 0

#10
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
FRST.txt -
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by e (2016-05-16 21:47:58)
Running from C:\Users\e\Desktop
Windows 8.1 (X64) (2015-02-23 04:26:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957965229-2164351736-1395244876-500 - Administrator - Disabled)
e (S-1-5-21-1957965229-2164351736-1395244876-1001 - Administrator - Enabled) => C:\Users\e
Guest (S-1-5-21-1957965229-2164351736-1395244876-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1957965229-2164351736-1395244876-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Belkin N750 Dual Band Wireless USB Adapter (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGet 3.7 (HKLM-x32\...\ClipGet_is1) (Version:  - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2408.0 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GestureControl (HKLM-x32\...\{00F2E61A-3A04-4B8C-A828-8E2596F7EFF5}) (Version: 3.0.9 - Extreme Reality Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Help Desk (HKLM\...\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}) (Version: 1.0.8 - Samsung Electronics CO., LTD.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{ECEA43C7-A861-498F-9B3E-5480C6C03E7F}) (Version: 12.1.122 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.2 - Samsung Electronics CO., LTD.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Support Center (HKLM\...\{ED8871B5-56A0-45AC-B8C6-B0DD85352664}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Unity Web Player (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User Guide (HKLM-x32\...\{1610D72A-3656-4842-A1A7-1208B4EB168F}) (Version: 1.7.00 - Samsung Electronics CO., LTD.)
VSDC Free Video Editor version 3.1.0.354 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {136F3C33-711D-4DC5-8BE9-A55941D8F9C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1678740F-0BEC-4AE5-A008-AD10F944EDE0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-12-16] (SEC)
Task: {2B906F59-2693-42A8-A048-384437318422} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {45F8C106-DBC5-46C8-A87D-15B391DBA61F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {63FF9B7D-0C22-4373-B63C-161FEA8B31AE} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-10-19] (Samsung Electronics CO., LTD.)
Task: {6DDD9379-AF9B-41EA-82A8-6E3C432F55D5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {A87176E5-53A1-43CD-9D16-20235EC78E7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E241A584-AEA9-4DBC-816E-720330FF30FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {E2A15D0C-FC32-40B1-B203-314613D96C8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {ED094695-0779-4821-A653-26AB69DA7529} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\e\Desktop\DCS-932L(31207543).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxps://www.mydlink.com//?mydlink_no=31207543&lang=en_US"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 04:28 - 2012-08-10 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-11-09 02:56 - 2012-11-09 02:56 - 04310648 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-10-19 02:34 - 2012-10-19 02:34 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 01055352 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-11-18 19:40 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 21:34 - 2012-06-07 21:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-18 19:24 - 2012-06-24 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-05-13 00:16 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 00:16 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\europacasino.com -> www.europacasino.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2016-05-14 19:06 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\e\Downloads\zoo 1b.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "StrongVaultApp.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "SMessaging"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "iWon Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "iWon_5k Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Logitech Vid"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Nike+ Connect"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-04-2016 06:33:05 Windows Update
02-05-2016 23:34:01 Installed iTunes
03-05-2016 18:44:48 Revo Uninstaller's restore point - Web Companion
05-05-2016 03:38:21 Revo Uninstaller's restore point - KNCTR
12-05-2016 06:11:21 Scheduled Checkpoint
14-05-2016 19:05:59 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Logitech HD Webcam C615
Description: Logitech HD Webcam C615
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Logitech
Service: LVUVC64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2016 08:15:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/16/2016 06:32:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/16/2016 03:46:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/16/2016 03:25:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1134
 
Start Time: 01d1af4bb9ae1646
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: ade706ed-1b3f-11e6-bfab-50b7c3bd3122
 
Faulting package full name: 128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm
 
Faulting package-relative application ID: App
 
Error: (05/16/2016 02:40:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 964
 
Start Time: 01d1af456f821abf
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 67d9a770-1b39-11e6-bfab-50b7c3bd3122
 
Faulting package full name: 128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm
 
Faulting package-relative application ID: App
 
Error: (05/16/2016 01:59:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/16/2016 01:26:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/15/2016 06:58:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/14/2016 07:09:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/14/2016 07:05:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d3634ecc-0eb9-4008-8a2c-219963f8bb7e}
 
 
System errors:
=============
Error: (05/16/2016 03:42:07 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/16/2016 03:41:37 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/16/2016 01:29:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/16/2016 01:29:35 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\e\AppData\Local\Temp\ehdrv.sys
 
Error: (05/16/2016 01:29:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\e\AppData\Local\Temp\ehdrv.sys
 
Error: (05/16/2016 01:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/16/2016 01:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/16/2016 01:29:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\e\AppData\Local\Temp\ehdrv.sys
 
Error: (05/15/2016 04:28:08 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/15/2016 04:27:38 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
CodeIntegrity:
===================================
  Date: 2016-05-16 02:55:04.038
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 02:55:02.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:03.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:03.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:02.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:02.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:15.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:15.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:15.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:14.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 3984.14 MB
Available physical RAM: 2298.92 MB
Total Virtual: 6160.15 MB
Available Virtual: 3968.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.16 GB) (Free:329.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 
 
Additions.txt - 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by e (2016-05-16 21:47:58)
Running from C:\Users\e\Desktop
Windows 8.1 (X64) (2015-02-23 04:26:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957965229-2164351736-1395244876-500 - Administrator - Disabled)
e (S-1-5-21-1957965229-2164351736-1395244876-1001 - Administrator - Enabled) => C:\Users\e
Guest (S-1-5-21-1957965229-2164351736-1395244876-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1957965229-2164351736-1395244876-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Belkin N750 Dual Band Wireless USB Adapter (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGet 3.7 (HKLM-x32\...\ClipGet_is1) (Version:  - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2408.0 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GestureControl (HKLM-x32\...\{00F2E61A-3A04-4B8C-A828-8E2596F7EFF5}) (Version: 3.0.9 - Extreme Reality Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Help Desk (HKLM\...\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}) (Version: 1.0.8 - Samsung Electronics CO., LTD.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{ECEA43C7-A861-498F-9B3E-5480C6C03E7F}) (Version: 12.1.122 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.2 - Samsung Electronics CO., LTD.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Support Center (HKLM\...\{ED8871B5-56A0-45AC-B8C6-B0DD85352664}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Unity Web Player (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User Guide (HKLM-x32\...\{1610D72A-3656-4842-A1A7-1208B4EB168F}) (Version: 1.7.00 - Samsung Electronics CO., LTD.)
VSDC Free Video Editor version 3.1.0.354 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.1.0.354 - Flash-Integro LLC)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {136F3C33-711D-4DC5-8BE9-A55941D8F9C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1678740F-0BEC-4AE5-A008-AD10F944EDE0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-12-16] (SEC)
Task: {2B906F59-2693-42A8-A048-384437318422} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {45F8C106-DBC5-46C8-A87D-15B391DBA61F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {63FF9B7D-0C22-4373-B63C-161FEA8B31AE} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-10-19] (Samsung Electronics CO., LTD.)
Task: {6DDD9379-AF9B-41EA-82A8-6E3C432F55D5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {A87176E5-53A1-43CD-9D16-20235EC78E7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E241A584-AEA9-4DBC-816E-720330FF30FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {E2A15D0C-FC32-40B1-B203-314613D96C8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-22] (Google Inc.)
Task: {ED094695-0779-4821-A653-26AB69DA7529} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\e\Desktop\DCS-932L(31207543).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxps://www.mydlink.com//?mydlink_no=31207543&lang=en_US"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-10 04:28 - 2012-08-10 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-11-09 02:56 - 2012-11-09 02:56 - 04310648 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-10-19 02:34 - 2012-10-19 02:34 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 01055352 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-10-19 02:34 - 2012-10-19 02:34 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-11-18 19:40 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 21:34 - 2012-06-07 21:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-18 19:24 - 2012-06-24 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-05-13 00:16 - 2016-05-11 06:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 00:16 - 2016-05-11 06:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\europacasino.com -> www.europacasino.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2016-05-14 19:06 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\e\Downloads\zoo 1b.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "StrongVaultApp.exe.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "SMessaging"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "iWon Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "iWon_5k Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Logitech Vid"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Nike+ Connect"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-04-2016 06:33:05 Windows Update
02-05-2016 23:34:01 Installed iTunes
03-05-2016 18:44:48 Revo Uninstaller's restore point - Web Companion
05-05-2016 03:38:21 Revo Uninstaller's restore point - KNCTR
12-05-2016 06:11:21 Scheduled Checkpoint
14-05-2016 19:05:59 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Logitech HD Webcam C615
Description: Logitech HD Webcam C615
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Logitech
Service: LVUVC64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/16/2016 08:15:10 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/16/2016 06:32:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/16/2016 03:46:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/16/2016 03:25:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1134
 
Start Time: 01d1af4bb9ae1646
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: ade706ed-1b3f-11e6-bfab-50b7c3bd3122
 
Faulting package full name: 128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm
 
Faulting package-relative application ID: App
 
Error: (05/16/2016 02:40:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 964
 
Start Time: 01d1af456f821abf
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 67d9a770-1b39-11e6-bfab-50b7c3bd3122
 
Faulting package full name: 128374E71F94E.SamsungStore_1.0.2.815_neutral__9sy8ehn46reqm
 
Faulting package-relative application ID: App
 
Error: (05/16/2016 01:59:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/16/2016 01:26:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/15/2016 06:58:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/14/2016 07:09:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/14/2016 07:05:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d3634ecc-0eb9-4008-8a2c-219963f8bb7e}
 
 
System errors:
=============
Error: (05/16/2016 03:42:07 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/16/2016 03:41:37 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/16/2016 01:29:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/16/2016 01:29:35 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\e\AppData\Local\Temp\ehdrv.sys
 
Error: (05/16/2016 01:29:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\e\AppData\Local\Temp\ehdrv.sys
 
Error: (05/16/2016 01:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/16/2016 01:29:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (05/16/2016 01:29:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\e\AppData\Local\Temp\ehdrv.sys
 
Error: (05/15/2016 04:28:08 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/15/2016 04:27:38 AM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
CodeIntegrity:
===================================
  Date: 2016-05-16 02:55:04.038
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 02:55:02.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:03.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:03.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:02.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-16 00:42:02.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:15.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:15.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:15.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-05-15 23:49:14.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 42%
Total physical RAM: 3984.14 MB
Available physical RAM: 2298.92 MB
Total Virtual: 6160.15 MB
Available Virtual: 3968.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.16 GB) (Free:329.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 

 

Still running the same. Slow to load and I have to refresh once or twice to get the page to load.


  • 0

Advertisements


#11
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

I'm sorry but it is running 100% better now. Thanks!


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hammerman25
 

I'm sorry but it is running 100% better now. Thanks!

:thumbsup:

Were almost done but looks like you posted the addition log twice instead of the FRST log. :)

The FRST log can be found at C:\FRST\logs.

Please copy and paste the FRST.txt log in your reply.

Thanks
  • 0

#13
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
It is better but still slow. I still have to refresh to open the web sites.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by e (administrator) on STATESECMONITOR (16-05-2016 21:47:09)
Running from C:\Users\e\Desktop
Loaded Profiles: e (Available Profiles: e)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Nike+ Connect] => "C:\Users\e\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6A1D41FA-DC74-4930-BACA-22F167ADDC1F}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://yahoo.com/
FF NewTab: hxxp://yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\e\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-01-11] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\e\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-14]
CHR Extension: (Google Docs) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-14]
CHR Extension: (Google Drive) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-14]
CHR Extension: (YouTube) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Google Sheets) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-14]
CHR Extension: (Avira Browser Safety) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-14]
CHR Extension: (Google Docs Offline) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-14]
CHR Extension: (Gmail) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [451936 2011-11-22] (Ralink Technology, Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 21:47 - 2016-05-16 21:47 - 00027868 _____ C:\Users\e\Desktop\FRST.txt
2016-05-16 06:37 - 2016-05-16 06:37 - 00000830 _____ C:\Users\e\Desktop\eset_threat.txt
2016-05-16 01:16 - 2016-05-16 01:16 - 00001032 _____ C:\Users\e\Desktop\Mal.txt
2016-05-14 19:52 - 2016-05-14 19:52 - 00000000 ___RD C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-05-14 19:24 - 2016-05-14 19:24 - 03640384 _____ C:\Users\e\Desktop\AdwCleaner.exe
2016-05-14 19:05 - 2016-05-14 19:08 - 00032773 _____ C:\Users\e\Desktop\Fixlog.txt
2016-05-14 19:05 - 2016-05-14 19:05 - 00000000 ____D C:\Users\e\Desktop\FRST-OlderVersion
2016-05-14 18:43 - 2016-05-14 18:43 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-05-14 18:42 - 2016-05-03 19:34 - 00451620 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160514-184240.backup
2016-05-03 19:34 - 2016-05-03 18:44 - 00450103 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup
2016-05-03 18:48 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-03 18:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-05-03 18:44 - 2016-01-16 07:52 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup
2016-05-03 18:36 - 2016-05-14 18:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Users\e\AppData\Local\Chromium
2016-05-03 18:31 - 2016-05-03 18:32 - 00215168 _____ C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe
2016-05-02 23:37 - 2016-05-02 23:37 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iTunes
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iPod
2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files\Bonjour
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-05-02 23:08 - 2016-05-02 23:19 - 169713992 _____ (Apple Inc.) C:\Users\e\Downloads\iTunes6464Setup.exe
2016-05-02 01:31 - 2016-05-02 01:31 - 32168632 _____ C:\Users\e\Downloads\kolik_x264_001.avi
2016-05-02 01:07 - 2016-05-02 01:07 - 02232432 _____ C:\Users\e\Downloads\MVI_0178.AVI
2016-04-29 14:35 - 2016-04-29 14:35 - 00121093 _____ C:\Users\e\Downloads\1018466651-20120511-133914-.pdf
2016-04-29 12:16 - 2016-04-29 12:16 - 01331443 _____ C:\Users\e\Downloads\1032686392-20160321-161616-.pdf
2016-04-29 12:14 - 2016-04-29 12:14 - 00067362 _____ C:\Users\e\Downloads\1033029940-20160420-122818-.pdf
2016-04-27 02:39 - 2016-04-27 02:39 - 00000000 ___DC C:\Users\e\AppData\Local\MigWiz
2016-04-25 19:56 - 2016-04-25 19:56 - 00000000 ____D C:\Users\e\AppData\Local\Apple Inc
2016-04-25 19:52 - 2016-04-25 19:52 - 00000000 ____D C:\Users\e\Downloads\iphone
2016-04-25 12:28 - 2016-04-25 12:28 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-04-25 12:26 - 2016-04-25 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-04-24 22:55 - 2016-04-24 22:55 - 00000000 _____ C:\Recovery.txt
2016-04-23 14:29 - 2016-04-23 14:29 - 00377409 _____ C:\Users\e\Downloads\EandT.htm
2016-04-22 22:01 - 2016-05-13 00:17 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-22 22:01 - 2016-05-13 00:17 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-22 21:47 - 2016-05-16 20:49 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-22 21:47 - 2016-05-16 05:49 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 21:47 - 2016-05-11 05:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-22 21:47 - 2016-05-11 05:44 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-22 21:43 - 2016-05-12 12:55 - 00043669 _____ C:\Users\e\Downloads\FRST.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 21:47 - 2016-02-06 17:14 - 00000000 ____D C:\FRST
2016-05-16 21:34 - 2015-11-07 16:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-16 16:20 - 2015-02-23 18:26 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52D1E520-8463-4173-977F-6BA65D81C2E3}
2016-05-16 06:37 - 2015-03-04 07:41 - 00139776 ___SH C:\Users\e\Desktop\Thumbs.db
2016-05-16 01:26 - 2013-08-22 10:36 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-16 00:38 - 2015-02-23 19:11 - 19935744 ___SH C:\Users\e\Downloads\Thumbs.db
2016-05-15 23:15 - 2015-08-04 06:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 08:08 - 2013-02-17 23:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957965229-2164351736-1395244876-1001
2016-05-15 02:18 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-14 19:54 - 2012-11-18 19:33 - 00000000 ____D C:\ProgramData\WinClon
2016-05-14 19:49 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-14 19:49 - 2013-06-24 01:14 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-05-14 19:26 - 2015-02-21 20:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-14 18:54 - 2014-11-21 03:44 - 00005384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-14 18:46 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-14 18:44 - 2015-02-22 21:49 - 00000000 ____D C:\Users\e
2016-05-13 12:56 - 2015-01-04 07:39 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-13 00:34 - 2015-11-07 16:39 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-12 12:55 - 2016-02-06 17:24 - 00042058 _____ C:\Users\e\Downloads\Addition.txt
2016-05-07 11:49 - 2013-11-20 08:54 - 00000000 ____D C:\Users\e\Downloads\Nudes
2016-05-04 12:44 - 2013-02-19 03:04 - 00007604 _____ C:\Users\e\AppData\Local\resmon.resmoncfg
2016-05-03 19:31 - 2013-03-09 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-03 14:51 - 2015-08-04 06:46 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-03 14:51 - 2015-08-04 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-03 14:51 - 2015-08-04 06:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-02 23:37 - 2013-03-04 03:36 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-02 23:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-02 23:33 - 2013-03-04 03:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-29 01:13 - 2015-02-22 21:42 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-04-28 20:53 - 2015-06-05 07:08 - 01271296 ___SH C:\Users\e\Documents\Thumbs.db
2016-04-28 20:37 - 2014-11-05 16:31 - 00000000 ____D C:\Users\e\Downloads\ideas
2016-04-27 14:52 - 2013-11-23 16:26 - 00000000 ____D C:\Users\e\Downloads\Paintings
2016-04-26 16:16 - 2013-12-14 09:36 - 00000000 ____D C:\Users\e\AppData\Local\Windows Live
2016-04-26 07:46 - 2016-03-03 14:58 - 00000000 ____D C:\Users\e\Downloads\phone
2016-04-26 00:39 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-25 23:18 - 2013-09-16 02:59 - 00000000 ____D C:\Users\e\Downloads\Mom and pop_files
2016-04-25 19:56 - 2013-03-04 03:38 - 00000000 ____D C:\Users\e\AppData\Roaming\Apple Computer
2016-04-23 19:00 - 2013-03-02 20:00 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-23 18:59 - 2015-08-18 16:40 - 00001253 _____ C:\Users\e\Desktop\JRT.txt
2016-04-23 17:27 - 2013-03-09 18:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-04-22 22:00 - 2013-03-06 17:25 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-22 21:47 - 2015-02-26 16:00 - 00000000 ____D C:\Users\e\AppData\Local\Deployment
2016-04-22 20:58 - 2016-04-06 17:41 - 00001680 _____ C:\SSDXFlashLog.zip
2016-04-22 20:51 - 2016-03-15 09:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-04-22 20:51 - 2015-08-18 15:59 - 00000000 ____D C:\AdwCleaner
2016-04-22 20:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing
2016-04-22 20:49 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-22 20:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-04-22 20:30 - 2013-02-22 11:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!
 
==================== Files in the root of some directories =======
 
2013-04-27 10:35 - 2015-01-25 18:39 - 0000542 _____ () C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-04-27 08:02 - 2013-04-27 08:02 - 0000026 _____ () C:\Users\e\AppData\Roaming\ClipGet-UpdatePerformed.txt
2015-02-08 01:53 - 2015-08-25 16:27 - 0005120 _____ () C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-19 03:04 - 2016-05-04 12:44 - 0007604 _____ () C:\Users\e\AppData\Local\resmon.resmoncfg
2014-08-01 08:02 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-18 19:38 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-14 20:35
 
==================== End of FRST.txt ============================

  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Hammersmith25

Ok. Try this fix to tidy a few things up.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR Extension: (Avira Browser Safety) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2016-05-14 18:42 - 2016-05-03 19:34 - 00451620 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160514-184240.backup
2016-05-03 19:34 - 2016-05-03 18:44 - 00450103 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup
2016-05-03 18:48 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-03 18:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-05-03 18:44 - 2016-01-16 07:52 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup
2016-05-03 18:36 - 2016-05-14 18:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-05-03 18:31 - 2016-05-03 18:32 - 00215168 _____ C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe
2016-05-03 19:31 - 2013-03-09 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-23 17:27 - 2013-03-09 18:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
Reg: Reg delete
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /F
Reg: Reg Delete "HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
Reg: Reg Add "HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    After this fix how is the computer running now?

  • 0

#15
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Fixlog.txt -
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by e (2016-05-20 18:38:18) Run:3
Running from C:\Users\e\Desktop
Loaded Profiles: e (Available Profiles: e)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR Extension: (Avira Browser Safety) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-05-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2016-05-14 18:42 - 2016-05-03 19:34 - 00451620 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160514-184240.backup
2016-05-03 19:34 - 2016-05-03 18:44 - 00450103 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup
2016-05-03 18:48 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-03 18:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-05-03 18:44 - 2016-01-16 07:52 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup
2016-05-03 18:36 - 2016-05-14 18:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-05-03 18:31 - 2016-05-03 18:32 - 00215168 _____ C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe
2016-05-03 19:31 - 2013-03-09 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-23 17:27 - 2013-03-09 18:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
Reg: Reg delete
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /F
Reg: Reg Delete "HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
Reg: Reg Add "HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F
EmptyTemp:
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
C:\WINDOWS\system32\Drivers\etc\hosts.20160514-184240.backup => moved successfully
C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup => moved successfully
C:\Program Files\Common Files\AV => moved successfully
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy => moved successfully
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete =========
 
ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.
 
 
========= End of Reg: =========
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /F => Error: No automatic fix found for this entry.
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => 411 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:39:00 ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP