Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sister's Computer has 168 infected files according to MBAM [Solved

Started by flyboy1565 , Sep 22 2016 07:22 PM

  • This topic is locked This topic is locked

#1
flyboy1565
Posted 22 September 2016 - 07:22 PM

flyboy1565

    Member

  • Member
  • PipPipPip
  • 403 posts
Everyone knows the fun of coming to see your family and them going... my computer is acting up can you fix it?
 
So here i am again. Issues they mention are slow start-up and lots of extra adds. When I started looking at his computer I noted that they have a torrent client, which they use for file transfer for ISOs. 
 
Please let me know what you'd like next. I do have the MBAM log as well if needed.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Ryan (administrator) on RYAN-HP (22-09-2016 18:12:54)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zedge.net) C:\Users\Ryan\AppData\Local\Apps\2.0\TOR05459.K34\22QL0184.DZM\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe
() C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [BitTorrent] => C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe [2142920 2016-09-07] (BitTorrent Inc.)
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [ZedgeToneSync] => C:\Users\Ryan\AppData\Local\Apps\2.0\Data\PQ8G03NJ.4HW\CVRY0H6L.HV5\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [10952880 2016-03-18] ()
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2013-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\MountPoints2: {5d9c5d70-24f6-11e4-bc1c-78e3b56aec4c} - H:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs:  c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4088136 2013-11-11] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32:  c:\progra~2\optimi~1\optpro~1.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-06] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A91CC97-D96D-43DB-A1A7-FEB59D96FB88}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD5123EC-8F86-4DB1-B33B-CFDFA6D765F2}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {87525DEF-9276-4B9A-820D-9DF8E55E1B5B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {87525DEF-9276-4B9A-820D-9DF8E55E1B5B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {161E9AD7-BD94-4128-A6B3-CD725DBBB767} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10753
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {87525DEF-9276-4B9A-820D-9DF8E55E1B5B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {D38DC275-B56C-45CA-8607-951627B456A2} URL = hxxp://findwide.com/serp?guid={2AC2F665-BEB9-4D8C-AE52-CB7F814370C5}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-06] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-06] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> No Name - {221D2153-24C8-4111-B167-DDBA3625C0EA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2016-09-22]
CHR Extension: (Avast Online Security) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-06] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 trntv; C:\Users\Ryan\AppData\Roaming\TornTV.com\TornTVSvc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-06] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-22 18:12 - 2016-09-22 18:13 - 00021867 _____ C:\Users\Ryan\Desktop\FRST.txt
2016-09-22 18:02 - 2016-09-22 18:12 - 00000000 ____D C:\FRST
2016-09-22 17:51 - 2016-09-22 17:52 - 02402816 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2016-09-22 17:23 - 2016-09-22 17:24 - 22851472 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mbam-setup-2.2.1.1043.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-22 18:13 - 2013-11-05 21:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\BitTorrent
2016-09-22 17:54 - 2015-10-02 11:24 - 00000338 _____ C:\Windows\Tasks\Superclean.job
2016-09-22 17:27 - 2014-06-04 17:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-22 17:25 - 2014-06-04 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-22 17:25 - 2014-06-04 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-22 17:22 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-22 17:22 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-22 17:21 - 2015-04-04 19:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-22 17:16 - 2013-11-20 16:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 17:12 - 2016-08-15 15:35 - 00000000 ____D C:\Users\Ryan\AppData\LocalLow\BitTorrent
2016-09-22 17:12 - 2013-11-05 21:12 - 00000000 ____D C:\Users\Ryan\AppData\Local\Deployment
2016-09-22 16:56 - 2016-08-08 12:31 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2016-09-22 16:56 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-19 15:20 - 2013-11-20 16:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-19 15:20 - 2013-11-20 16:11 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-19 14:41 - 2016-08-08 12:31 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2016-09-19 14:28 - 2014-12-23 17:57 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-19 14:24 - 2013-11-01 13:59 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0BE88DE7-AA2C-4CDD-AEA2-80D4FB3315DB}
2016-09-19 14:22 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-19 14:19 - 2013-11-12 19:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-08 17:39 - 2014-03-07 19:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2016-09-07 21:00 - 2013-11-05 21:20 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2016-09-07 20:55 - 2016-06-15 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-07 20:55 - 2011-10-25 21:26 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2015-05-10 16:16 - 2015-07-30 22:18 - 0000024 _____ () C:\Users\Ryan\AppData\Roaming\appdataFr25.bin
2016-03-31 19:14 - 2016-03-31 19:18 - 0003584 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Users\Kids\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_138321_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_146778_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_178657_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_389163_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_431860_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_441315_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_443173_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_484388_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_644094_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_691437_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_729945_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_751052_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_847322_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_878850_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_892496_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_92267_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_95037_setup.exe
C:\Users\Ryan\AppData\Local\Temp\afgytdrp_995735_setup.exe
C:\Users\Ryan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpginulo.dll
C:\Users\Ryan\AppData\Local\Temp\Extract.exe
C:\Users\Ryan\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Ryan\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Ryan\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Ryan\AppData\Local\Temp\Resource.exe
C:\Users\Ryan\AppData\Local\Temp\SP55720.exe
C:\Users\Ryan\AppData\Local\Temp\SP56215.exe
C:\Users\Ryan\AppData\Local\Temp\SP56878.exe
C:\Users\Ryan\AppData\Local\Temp\SP56929.exe
C:\Users\Ryan\AppData\Local\Temp\sp58915.exe
C:\Users\Ryan\AppData\Local\Temp\sp64126.exe
C:\Users\Ryan\AppData\Local\Temp\supoptsetup.exe
C:\Users\Ryan\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Ryan\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Ryan\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Ryan\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-09 23:34
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Ryan (22-09-2016 18:13:59)
Running from C:\Users\Ryan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-01 20:55:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3085261950-921861981-1918839319-500 - Administrator - Disabled)
Guest (S-1-5-21-3085261950-921861981-1918839319-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3085261950-921861981-1918839319-1004 - Limited - Enabled)
Kids (S-1-5-21-3085261950-921861981-1918839319-1002 - Limited - Enabled) => C:\Users\Kids
Ryan (S-1-5-21-3085261950-921861981-1918839319-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{CF780466-D74B-C6E7-7E61-0C4DCA614455}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ApptoU (HKLM-x32\...\{01B91C29-337A-1FFD-7CFC-473451D2F861}) (Version:  - AppttoU) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\BitTorrent) (Version: 7.9.8.42577 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CoolSaLeCOupon (HKLM-x32\...\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}) (Version:  - CoolSaleCoupon) <==== ATTENTION
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deal4mee (HKLM-x32\...\{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}) (Version:  - "") <==== ATTENTION
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FiineDealSoFt (HKLM-x32\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version:  - finedeal) <==== ATTENTION
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{288591DE-4151-4E8E-A698-C6EFF5DF00F9}) (Version: 2.0.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
ImageToPPng (HKLM-x32\...\{96CA71FF-122E-97A7-1D4F-F986889CA854}) (Version:  - ImageToPPng) <==== ATTENTION
innoApp (HKLM\...\innoApp) (Version: 2014.12.12.162056 - innoApp) <==== ATTENTION
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWordTool (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\MyWordTool) (Version: 1 - MyWordTool)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - PC Utilities Software Limited) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QUeenCoupoN (HKLM-x32\...\{3DE8A1D7-C77F-E02A-70DD-31D29EC5B988}) (Version:  - QueenCCoupon) <==== ATTENTION
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.3.0.92 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
sAvInngtoYOu (HKLM-x32\...\{A2616871-3463-BCEE-5AFA-73773317A381}) (Version:  - "") <==== ATTENTION
shoppndurOp (HKLM-x32\...\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}) (Version:  - "") <==== ATTENTION
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
ToneSync for Windows (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TornTV (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - TornTV.com) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074993B8-5512-4E6B-847A-FBF5F4A1CEA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {0CC08119-4062-48E8-8142-CFD9EB0A9AD5} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {1C6FB079-1382-401D-A99B-BDDB5E1DD8B1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {274A9275-D324-41EA-B931-95D64485F147} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated)
Task: {2E340A9D-EA68-4A56-ADE9-1E3061C5DBB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {335CE251-D8F7-407C-858A-3D1FFAB0E0C2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {50F5787F-804A-49E2-9B49-E250CFEF1FC3} - System32\Tasks\Superclean => c:\programdata\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}\hqghumeaylnlf.exe [2014-10-12] (Super PC Tools Ltd) <==== ATTENTION
Task: {6200DF1F-5404-4433-B5D9-57D9B2DE0A90} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-06] (AVAST Software)
Task: {6EAA5548-AAC9-40FA-97D3-4AFE7295CA09} - System32\Tasks\{F44FCA31-B231-4DA2-94A0-61AA69628185} => pcalua.exe -a C:\Users\Ryan\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6F67D79D-E48E-443D-B633-E4CB3BCD4A7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {7060D010-00C1-4BEE-9E60-0C72911A0749} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {754E6F37-5489-4F32-8EEB-0DDE2D6825F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {778F4332-BBC0-4501-92FB-86FA295AACCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {7AF8D056-A2FE-42B5-8472-9B3F45D6CB58} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {7DA14909-5D15-4BCE-906D-32927CE8838D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-10] (AVAST Software)
Task: {CDC74C90-F7C3-46AE-B5E5-07EA9654B2FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {CF2D428A-86A2-4097-BB18-9AC7EA8E1566} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {DCA1E2EE-9D85-4967-B507-27F74102527A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}\hqghumeaylnlf.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-15 15:15 - 2011-09-15 15:15 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-27 16:18 - 2011-06-27 16:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2016-03-18 02:09 - 2016-03-18 02:09 - 10952880 _____ () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
2011-09-15 15:15 - 2011-09-15 15:15 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-15 15:29 - 2011-09-15 15:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-08-06 02:39 - 2015-08-06 02:39 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-06 02:39 - 2015-08-06 02:39 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-19 14:22 - 2016-09-19 14:22 - 03086136 _____ () C:\Program Files\AVAST Software\Avast\defs\16091901\algo.dll
2016-09-22 17:18 - 2016-09-22 17:18 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092201\algo.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 01289216 _____ () C:\Program Files (x86)\Samsung\SideSync4\cairo.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 00230529 _____ () C:\Program Files (x86)\Samsung\SideSync4\libpng14-14.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 00100352 _____ () C:\Program Files (x86)\Samsung\SideSync4\zlib1.dll
2016-03-18 02:24 - 2016-03-18 02:24 - 02660016 _____ () C:\Program Files (x86)\Samsung\SideSync4\NativeSideSyncFramework.dll
2016-03-18 02:27 - 2016-03-18 02:27 - 00842416 _____ () C:\Program Files (x86)\Samsung\SideSync4\SCommon.dll
2016-03-18 02:29 - 2016-03-18 02:29 - 04523184 _____ () C:\Program Files (x86)\Samsung\SideSync4\SLocales.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 00091136 _____ () C:\Program Files (x86)\Samsung\SideSync4\ThoughtWorks.QRCode.dll
2015-07-05 17:57 - 2015-07-05 17:57 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-19 15:20 - 2016-09-13 17:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-19 15:20 - 2016-09-13 17:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [126]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-05-09 16:37 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 d3oxij66pru1i3.cloudfront.net
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{810E3C31-6A2C-4873-B93F-54152FD8DEEE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{E265F2F4-5AF8-4DB6-BF37-BB9BC742B284}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{13EF10E2-A4C1-4B7B-B948-27A2169C8CC9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{B1813968-63F4-4718-B64E-CA4F123DE895}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{05FA3F96-530B-40D2-8C32-9D4A40966473}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5B6877E6-3677-4D3E-BD70-0BBB0621AE3B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70DDBE21-B848-491B-BC1E-20DE5E422A4D}] => (Allow) LPort=2869
FirewallRules: [{7A448A31-428A-45D9-8992-C92BB057F7C6}] => (Allow) LPort=1900
FirewallRules: [{7E06B758-C84B-459E-8A1A-2095C989F577}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{820950F3-88F1-42B5-AE8F-B7866712E654}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{82C13A3F-37A7-4A38-82DF-E5567DDC066B}] => (Allow) C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A8D8A8C1-9B85-42C7-BB9C-970B98A22F7A}] => (Allow) C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{740AC6D7-3166-4144-9D94-897B646D493E}] => (Allow) C:\Users\Ryan\AppData\Local\TNT2\2.0.0.1676\TNT2User.exe
FirewallRules: [{496462DA-94D5-4216-94E3-7E81D922B2D7}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{EF8B2149-A0CC-4E68-890A-EA18520BB7A5}] => (Allow) F:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{E8FD4060-3E70-4ADF-8B5F-4FFB0ACF0026}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{EB30BB95-25D2-4C9C-9667-2D486D695D70}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{F5201F38-1A85-4954-8D30-8776C9CEBE0B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{598AE8CD-66EF-4E45-853C-41A5823B07F7}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{D0BDEBF1-B9CF-4EC6-9E7C-D51B9E45CAE4}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B9CCC10F-D4F4-4366-B9D3-51A21110E845}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{419C12C8-4C50-4FB4-A225-4EBFBD8BBC08}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{406D1E52-EB1F-471B-B957-8DBD50B9E79A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83AF43C8-6024-4885-97C7-2B8274E0AF27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B389A998-B5EE-4371-9E4E-9C132833CDE7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5E01824-0DC1-4967-8BC3-76DE4940B00E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB58AAC4-FBB8-4F86-BDCA-8F8F276461AD}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{27EAF0CD-EC4D-42B9-B176-7CFB9B3607BF}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [TCP Query User{3608CBD2-8333-42F7-9EB5-B36BD8E04827}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Block) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{00B302A0-B55F-46E9-B562-D197A52D71BD}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Block) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [{10FA19F4-D9B6-4D6F-9E2E-50850ABBB072}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
16-06-2016 03:00:37 Windows Update
08-08-2016 13:25:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
15-08-2016 15:49:23 Chrome Cleanup Tool
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2016 05:07:34 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (09/22/2016 04:57:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/19/2016 02:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/18/2016 09:24:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/08/2016 05:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73492991
 
Error: (09/08/2016 05:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 73492991
 
Error: (09/08/2016 05:39:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/08/2016 05:39:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 73491946
 
Error: (09/08/2016 05:39:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 73491946
 
Error: (09/08/2016 05:39:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/22/2016 04:57:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Torntv Downloader service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/22/2016 04:56:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:31:38 PM on ‎9/‎19/‎2016 was unexpected.
 
Error: (09/19/2016 02:21:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.
 
Error: (09/19/2016 02:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/19/2016 02:18:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (09/19/2016 02:16:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Torntv Downloader service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/19/2016 02:16:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:25:28 PM on ‎9/‎18/‎2016 was unexpected.
 
Error: (09/18/2016 09:24:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Torntv Downloader service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/18/2016 09:23:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:03:45 PM on ‎9/‎8/‎2016 was unexpected.
 
Error: (09/07/2016 08:30:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3562.91 MB
Available physical RAM: 1610.77 MB
Total Virtual: 7124 MB
Available Virtual: 4712.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.78 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.82 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive f: (MY_DATA_030616) (CDROM) (Total:0.87 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B0B9757B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
pystryker
Posted 22 September 2016 - 09:39 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Special note: Please know that I am against pirating software in any form. Having pirated software on your machine is a direct violation of the Terms of Service you agreed to when creating your account. If pirated software is found on your machine, you will be asked to remove it. Refusing to do so will result in termination of assistance with your malware issues.


Now, let's get started, shall we? :thumbsup:


Step 1: P2P Warning and Program Uninstalls


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.

I guarantee you, that if you continue to use file sharing programs, your machine will get infected again.


Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • ApptoU
  • CoolSaLeCOupon
  • deal4mee
  • FiineDealSoFt
  • ImageToPPng
  • innoApp
  • Optimizer Pro v3.2
  • QUeenCoupoN
  • sAvInngtoYOu
  • shoppndurOp
  • TornTV
  • YTDownloader
Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
C:\Program Files (x86)\Optimizer Pro
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\MountPoints2: {5d9c5d70-24f6-11e4-bc1c-78e3b56aec4c} - H:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4088136 2013-11-11] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Toolbar: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> No Name - {221D2153-24C8-4111-B167-DDBA3625C0EA} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
S2 trntv; C:\Users\Ryan\AppData\Roaming\TornTV.com\TornTVSvc.exe [X]
Task: {0CC08119-4062-48E8-8142-CFD9EB0A9AD5} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {50F5787F-804A-49E2-9B49-E250CFEF1FC3} - System32\Tasks\Superclean => c:\programdata\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}\hqghumeaylnlf.exe [2014-10-12] (Super PC Tools Ltd) <==== ATTENTION
Task: {6EAA5548-AAC9-40FA-97D3-4AFE7295CA09} - System32\Tasks\{F44FCA31-B231-4DA2-94A0-61AA69628185} => pcalua.exe -a C:\Users\Ryan\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}\hqghumeaylnlf.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [126]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.



Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log
  • 0

#3
flyboy1565
Posted 23 September 2016 - 09:10 AM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

Like i said, i noticed that they are using a P2P program and warned them of the dangers. Again he uses it for work, to get ISOs. He tests linux ISOs for specific departments.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Ryan (23-09-2016 00:10:15) Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Kids)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
C:\Program Files (x86)\Optimizer Pro
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\MountPoints2: {5d9c5d70-24f6-11e4-bc1c-78e3b56aec4c} - H:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs: c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => c:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [4088136 2013-11-11] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
Toolbar: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> No Name - {221D2153-24C8-4111-B167-DDBA3625C0EA} - No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
S2 trntv; C:\Users\Ryan\AppData\Roaming\TornTV.com\TornTVSvc.exe [X]
Task: {0CC08119-4062-48E8-8142-CFD9EB0A9AD5} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {50F5787F-804A-49E2-9B49-E250CFEF1FC3} - System32\Tasks\Superclean => c:\programdata\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}\hqghumeaylnlf.exe [2014-10-12] (Super PC Tools Ltd) <==== ATTENTION
Task: {6EAA5548-AAC9-40FA-97D3-4AFE7295CA09} - System32\Tasks\{F44FCA31-B231-4DA2-94A0-61AA69628185} => pcalua.exe -a C:\Users\Ryan\AppData\Local\Temp\jre-8u60-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}\hqghumeaylnlf.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
ShortcutWithArgument: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www-search.net/?pid=s&pi=2
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [126]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value not found.
"C:\Program Files (x86)\Optimizer Pro" => not found.
"HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d9c5d70-24f6-11e4-bc1c-78e3b56aec4c}" => key removed successfully
HKCR\CLSID\{5d9c5d70-24f6-11e4-bc1c-78e3b56aec4c} => key not found. 
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully.
"c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value data removed successfully.
"c:\progra~2\optimi~1\optpro~1.dll" => Value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{221D2153-24C8-4111-B167-DDBA3625C0EA} => value removed successfully
HKCR\CLSID\{221D2153-24C8-4111-B167-DDBA3625C0EA} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
trntv => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CC08119-4062-48E8-8142-CFD9EB0A9AD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC08119-4062-48E8-8142-CFD9EB0A9AD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50F5787F-804A-49E2-9B49-E250CFEF1FC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50F5787F-804A-49E2-9B49-E250CFEF1FC3}" => key removed successfully
C:\Windows\System32\Tasks\Superclean => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EAA5548-AAC9-40FA-97D3-4AFE7295CA09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EAA5548-AAC9-40FA-97D3-4AFE7295CA09}" => key removed successfully
C:\Windows\System32\Tasks\{F44FCA31-B231-4DA2-94A0-61AA69628185} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F44FCA31-B231-4DA2-94A0-61AA69628185}" => key removed successfully
C:\Windows\Tasks\Superclean.job => moved successfully
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 130847581 B
Java, Flash, Steam htmlcache => 819 B
Windows/system/drivers => 1328799861 B
Edge => 0 B
Chrome => 28353004 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 8917734 B
LocalService => 0 B
NetworkService => 507886 B
Ryan => 1025938053 B
Kids => 37293671 B
 
RecycleBin => 2126500508 B
EmptyTemp: => 4.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:12:42 ====
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Ryan (Administrator) on Fri 09/23/2016 at  0:21:15.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 31 
 
Successfully deleted: C:\ProgramData\5fed065df425d94b (Folder) 
Successfully deleted: C:\ProgramData\hcoioajeacfilgoanfbbccnipiifcidn (Folder) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 
Successfully deleted: C:\Users\Ryan\AppData\Local\{0230B892-A92C-4A0C-8C5F-D9DB6FFE44D0} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{0C4522D1-5907-48F4-A3D6-2BA13283CAA5} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{2C664427-12E3-4A00-9179-27F889D34B8F} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{43E9EF45-920C-43FD-8B58-035200CCD67B} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{4A824EE8-561D-45ED-99D0-FEB8D7314A00} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{6473154A-F287-401A-A0C0-C394FE5185C0} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{856A5043-4E97-4AD3-A858-0E1D4A2E6EF4} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{D4CE55E0-F273-43FB-AB60-EF48E7C364A4} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\{E3323BBF-9275-4C4F-9E62-47DFB793E1F1} (Empty Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\mywordtool (Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Roaming\systweak (Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Roaming\torntv.com (Folder) 
Successfully deleted: C:\Users\Ryan\Documents\optimizer pro (Folder) 
Successfully deleted: C:\Windows\apppatch\custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb (File) 
Successfully deleted: C:\Program Files (x86)\ytdownloader (Folder) 
Successfully deleted: C:\ProgramData\AipuptoU (Folder)
Successfully deleted: C:\ProgramData\CoolSaaleCoupon (Folder)
Successfully deleted: C:\ProgramData\ImageToPPng (Folder)
Successfully deleted: C:\ProgramData\ShopperrMastEr (Folder)
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U4PXESF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Y662BVY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTPTL23P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM3ICH8P (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Ryan\AppData\Roaming\appdataFr25.bin (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7U4PXESF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Y662BVY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DTPTL23P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM3ICH8P (Temporary Internet Files Folder) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{87525DEF-9276-4B9A-820D-9DF8E55E1B5B} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D38DC275-B56C-45CA-8607-951627B456A2} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{87525DEF-9276-4B9A-820D-9DF8E55E1B5B} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/23/2016 at  0:27:18.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.020 - Logfile created 23/09/2016 at 00:34:19
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-22.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ryan - RYAN-HP
# Running from : C:\Users\Ryan\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\6912188003681425739UL
[-] Folder deleted: C:\ProgramData\{3fa7af32-75cb-cf30-3fa7-7af3275cbcc9}
[-] Folder deleted: C:\ProgramData\{a65f052a-6d20-84a3-a65f-f052a6d214a9}
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\foafflemhamidgghgngfknjflfcehhdf
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaopbphlojhnmbomffjcbnllcenbnih
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheohkjlkoklgnfaecdkggaffgffndck
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbpfkihdpnogafjpijnlknpkkkflcgd
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\namcaplenodjnggbfkbopdbfngponici
[-] Folder deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbejbgmfaefepfeklapcdmceoglafalk
[-] Folder deleted: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage-journal
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b3.playsushi.com_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b3.playsushi.com_0.localstorage-journal
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b4.playsushi.com_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_b4.playsushi.com_0.localstorage-journal
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.outfox.tv_0.localstorage
[-] File deleted: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.outfox.tv_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19857a06-1ce7-478e-a076-fac5e7d5b4b2}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24e09a8d-b515-4bd0-86be-086c12f5f2ac}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44924436-ed1d-4465-afb2-9d5ad6f1786a}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6c3c3cf2-06d2-473c-8070-201638fee872}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d2388bf3-67ea-4b67-ade1-d935872bf486}
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key deleted: HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key deleted: HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\GOffers
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\InstalledBrowserExtensions
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Super Optimizer
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\TNT2
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\systweak
[-] Key deleted: HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3085261950-921861981-1918839319-1001\Software\LinkSwift
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3085261950-921861981-1918839319-1001\Software\TidyNetwork
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3085261950-921861981-1918839319-1001\Software\TNT2
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKCU\Software\GOffers
[#] Key deleted on reboot: HKCU\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: HKCU\Software\Super Optimizer
[#] Key deleted on reboot: HKCU\Software\TNT2
[#] Key deleted on reboot: HKCU\Software\systweak
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key deleted: HKLM\SOFTWARE\SPPDCOM
[-] Key deleted: HKLM\SOFTWARE\systweak
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3085261950-921861981-1918839319-1001\Software\LinkSwift
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3085261950-921861981-1918839319-1001\Software\TidyNetwork
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3085261950-921861981-1918839319-1001\Software\TNT2
[#] Key deleted on reboot: [x64] HKCU\Software\GOffers
[#] Key deleted on reboot: [x64] HKCU\Software\InstalledBrowserExtensions
[#] Key deleted on reboot: [x64] HKCU\Software\Super Optimizer
[#] Key deleted on reboot: [x64] HKCU\Software\TNT2
[#] Key deleted on reboot: [x64] HKCU\Software\systweak
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: [x64] HKLM\SOFTWARE\TornTv Downloader
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] 
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ogminpmldncgcmokldnmmapddoccmhfl
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-search.net
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [10845 Bytes] - [23/09/2016 00:34:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [10339 Bytes] - [23/09/2016 00:33:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10993 Bytes] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by Ryan (administrator) on RYAN-HP (23-09-2016 07:48:48)
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Kids)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
() C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Zedge.net) C:\Users\Ryan\AppData\Local\Apps\2.0\TOR05459.K34\22QL0184.DZM\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ryan\AppData\Roaming\BitTorrent\updates\7.9.8_42577\utorrentie.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [BitTorrent] => C:\Users\Ryan\AppData\Roaming\BitTorrent\BitTorrent.exe [2142920 2016-09-07] (BitTorrent Inc.)
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [ZedgeToneSync] => C:\Users\Ryan\AppData\Local\Apps\2.0\Data\PQ8G03NJ.4HW\CVRY0H6L.HV5\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [SideSync] => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe [10952880 2016-03-18] ()
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2013-11-20] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-06] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5A91CC97-D96D-43DB-A1A7-FEB59D96FB88}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DD5123EC-8F86-4DB1-B33B-CFDFA6D765F2}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {87525DEF-9276-4B9A-820D-9DF8E55E1B5B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {161E9AD7-BD94-4128-A6B3-CD725DBBB767} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10753
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3085261950-921861981-1918839319-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-06] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-06] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default [2016-09-23]
CHR Extension: (Avast Online Security) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-06] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-06] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-06] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-23 00:29 - 2016-09-23 00:34 - 00000000 ____D C:\AdwCleaner
2016-09-23 00:28 - 2016-09-23 00:28 - 03861056 _____ C:\Users\Ryan\Desktop\AdwCleaner.exe
2016-09-23 00:27 - 2016-09-23 00:27 - 00004201 _____ C:\Users\Ryan\Desktop\JRT.txt
2016-09-23 00:19 - 2016-09-23 00:19 - 01610560 _____ (Malwarebytes) C:\Users\Ryan\Desktop\JRT.exe
2016-09-23 00:10 - 2016-09-23 00:12 - 00009584 _____ C:\Users\Ryan\Desktop\Fixlog.txt
2016-09-22 18:13 - 2016-09-22 18:15 - 00037195 _____ C:\Users\Ryan\Desktop\Addition.txt
2016-09-22 18:12 - 2016-09-23 07:50 - 00019223 _____ C:\Users\Ryan\Desktop\FRST.txt
2016-09-22 18:02 - 2016-09-23 07:48 - 00000000 ____D C:\FRST
2016-09-22 17:51 - 2016-09-22 17:52 - 02402816 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2016-09-22 17:23 - 2016-09-22 17:24 - 22851472 _____ (Malwarebytes ) C:\Users\Ryan\Downloads\mbam-setup-2.2.1.1043.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-23 07:48 - 2013-11-05 21:19 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\BitTorrent
2016-09-23 07:47 - 2013-11-20 16:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-23 07:47 - 2013-11-05 21:12 - 00000000 ____D C:\Users\Ryan\AppData\Local\Deployment
2016-09-23 07:46 - 2016-08-15 15:35 - 00000000 ____D C:\Users\Ryan\AppData\LocalLow\BitTorrent
2016-09-23 07:46 - 2015-04-04 19:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-23 00:44 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-23 00:44 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-23 00:35 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-23 00:34 - 2014-02-02 20:18 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-09-23 00:20 - 2013-11-01 13:59 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0BE88DE7-AA2C-4CDD-AEA2-80D4FB3315DB}
2016-09-23 00:12 - 2014-05-12 21:26 - 00000000 ____D C:\Users\Kids\AppData\LocalLow\Temp
2016-09-23 00:10 - 2013-11-01 13:59 - 00001116 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-22 18:16 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-22 17:27 - 2014-06-04 17:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-22 17:25 - 2014-06-04 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-22 17:25 - 2014-06-04 17:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-22 16:56 - 2016-08-08 12:31 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRyan.job
2016-09-19 15:20 - 2013-11-20 16:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-19 15:20 - 2013-11-20 16:11 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-19 14:41 - 2016-08-08 12:31 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRyan
2016-09-19 14:28 - 2014-12-23 17:57 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-19 14:19 - 2013-11-12 19:05 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-08 17:39 - 2014-03-07 19:15 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2016-09-07 21:00 - 2013-11-05 21:20 - 00000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2016-09-07 20:55 - 2016-06-15 19:22 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-07 20:55 - 2011-10-25 21:26 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2016-03-31 19:14 - 2016-03-31 19:18 - 0003584 _____ () C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\libeay32.dll
C:\Users\Ryan\AppData\Local\Temp\msvcr120.dll
C:\Users\Ryan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-09 23:34
 
==================== End of FRST.txt ============================
 
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Ryan (23-09-2016 07:50:34)
Running from C:\Users\Ryan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-11-01 20:55:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3085261950-921861981-1918839319-500 - Administrator - Disabled)
Guest (S-1-5-21-3085261950-921861981-1918839319-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3085261950-921861981-1918839319-1004 - Limited - Enabled)
Kids (S-1-5-21-3085261950-921861981-1918839319-1002 - Limited - Enabled) => C:\Users\Kids
Ryan (S-1-5-21-3085261950-921861981-1918839319-1001 - Administrator - Enabled) => C:\Users\Ryan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{CF780466-D74B-C6E7-7E61-0C4DCA614455}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\BitTorrent) (Version: 7.9.8.42577 - BitTorrent Inc.)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4422 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{3D5C7E0E-AEC0-40EB-99D3-C40469738040}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{288591DE-4151-4E8E-A698-C6EFF5DF00F9}) (Version: 2.0.1 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWordTool (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\MyWordTool) (Version: 1 - MyWordTool)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.3.0.92 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
ToneSync for Windows (HKU\S-1-5-21-3085261950-921861981-1918839319-1001\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Essentials Media Codec Pack 4.7 [64-Bit] (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 4.7 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3085261950-921861981-1918839319-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074993B8-5512-4E6B-847A-FBF5F4A1CEA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {1C6FB079-1382-401D-A99B-BDDB5E1DD8B1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {274A9275-D324-41EA-B931-95D64485F147} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-04] (Adobe Systems Incorporated)
Task: {2E340A9D-EA68-4A56-ADE9-1E3061C5DBB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {335CE251-D8F7-407C-858A-3D1FFAB0E0C2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-22] (CyberLink)
Task: {6200DF1F-5404-4433-B5D9-57D9B2DE0A90} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-06] (AVAST Software)
Task: {6F67D79D-E48E-443D-B633-E4CB3BCD4A7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {7060D010-00C1-4BEE-9E60-0C72911A0749} - System32\Tasks\HPCeeScheduleForRyan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {754E6F37-5489-4F32-8EEB-0DDE2D6825F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {778F4332-BBC0-4501-92FB-86FA295AACCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {7AF8D056-A2FE-42B5-8472-9B3F45D6CB58} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] ()
Task: {7DA14909-5D15-4BCE-906D-32927CE8838D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-10] (AVAST Software)
Task: {CDC74C90-F7C3-46AE-B5E5-07EA9654B2FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {CF2D428A-86A2-4097-BB18-9AC7EA8E1566} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {DCA1E2EE-9D85-4967-B507-27F74102527A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRyan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-15 15:15 - 2011-09-15 15:15 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-27 16:18 - 2011-06-27 16:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2016-03-18 02:09 - 2016-03-18 02:09 - 10952880 _____ () C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
2011-09-15 15:15 - 2011-09-15 15:15 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-15 15:29 - 2011-09-15 15:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 14:42 - 2011-06-17 14:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-08-06 02:39 - 2015-08-06 02:39 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-06 02:39 - 2015-08-06 02:39 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-22 17:18 - 2016-09-22 17:18 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092201\algo.dll
2016-09-23 07:46 - 2016-09-23 07:46 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092300\algo.dll
2015-04-13 07:00 - 2015-04-13 07:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2015-04-13 06:57 - 2015-04-13 06:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 01289216 _____ () C:\Program Files (x86)\Samsung\SideSync4\cairo.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 00230529 _____ () C:\Program Files (x86)\Samsung\SideSync4\libpng14-14.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 00100352 _____ () C:\Program Files (x86)\Samsung\SideSync4\zlib1.dll
2016-03-18 02:24 - 2016-03-18 02:24 - 02660016 _____ () C:\Program Files (x86)\Samsung\SideSync4\NativeSideSyncFramework.dll
2016-03-18 02:27 - 2016-03-18 02:27 - 00842416 _____ () C:\Program Files (x86)\Samsung\SideSync4\SCommon.dll
2016-03-18 02:29 - 2016-03-18 02:29 - 04523184 _____ () C:\Program Files (x86)\Samsung\SideSync4\SLocales.dll
2016-03-18 00:26 - 2016-03-18 00:26 - 00091136 _____ () C:\Program Files (x86)\Samsung\SideSync4\ThoughtWorks.QRCode.dll
2015-07-05 17:57 - 2015-07-05 17:57 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-19 15:20 - 2016-09-13 17:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-19 15:20 - 2016-09-13 17:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-09-23 00:11 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3085261950-921861981-1918839319-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{E10B29B6-98F8-4597-B3F8-BCB38669F264}C:\users\ryan\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\ryan\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{08D9552A-DB11-48AA-93C0-3F242CAE0EC1}C:\users\ryan\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\ryan\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{4FC95ECA-6DF9-41BD-B8F7-DA277157C1AE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{7AC03CA7-6E48-4F51-9BF8-7B2D3B5ECF51}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{0A251181-C858-4143-9E12-CBEACBA9AB39}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Block) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [UDP Query User{1060F067-A04D-4D20-9DF9-DBADFCB07955}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Block) C:\program files (x86)\samsung\sidesync4\sidesync.exe
FirewallRules: [TCP Query User{1E2696BE-FF34-4613-9DC3-3086ED15F399}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{868EC1A9-40EB-4A61-B087-8E3BC9C9DA88}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
08-08-2016 13:25:37 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
15-08-2016 15:49:23 Chrome Cleanup Tool
23-09-2016 00:10:20 Restore Point Created by FRST
23-09-2016 00:21:23 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2016 12:46:17 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (09/23/2016 12:36:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/23/2016 12:25:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.
 
Error: (09/23/2016 12:15:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/23/2016 12:10:19 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f7bcac37-6b89-48b0-a4a5-668fd060b783}
 
Error: (09/22/2016 06:23:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4867
 
Error: (09/22/2016 06:23:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4867
 
Error: (09/22/2016 06:23:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2016 06:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3806
 
Error: (09/22/2016 06:23:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3806
 
 
System errors:
=============
Error: (09/23/2016 12:34:13 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (09/23/2016 12:33:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/23/2016 12:33:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 55%
Total physical RAM: 3562.91 MB
Available physical RAM: 1579.69 MB
Total Virtual: 7124 MB
Available Virtual: 4599.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:440.78 GB) (Free:11.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.82 GB) (Free:2.12 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive f: (MY_DATA_030616) (CDROM) (Total:0.87 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B0B9757B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 

  • 0

#4
pystryker
Posted 23 September 2016 - 04:28 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Like i said, i noticed that they are using a P2P program and warned them of the dangers. Again he uses it for work, to get ISOs. He tests linux ISOs for specific departments.

Hello :)

:thumbsup: The logs look good except that YTDownloader is still installed. Please uninstall it, and then proceed with the following steps. How is the computer performing now?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes
  • Start MBAM and select Update
  • Once it has updated select Settings > Detection and Protection
  • Tick Scan for rootkits
MBAMsettings_zpsb6b9ada0.jpg
  • Go back to the Dashboard and select Scan Now
mbam21-console_zpslhr5hawa.jpg
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg
  • On completion of the scan (or after the reboot), start MBAM,
  • Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.
  • Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.
Step 2: Emisoft Emergency Kit
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
Step 3: Security Check
  • Please download Security Check by screen317 to your Desktop by clicking here.
  • Once downloaded, double click the program and follow the prompts.
  • Once finished, the program will produce a log called checkup.txt
  • Please post that log in your next reply.
Things I need to see in your next post:
  • MBAM Log
  • Emisoft Emergency Kit Log
  • SecurityCheck Log

  • 0

#5
flyboy1565
Posted 24 September 2016 - 12:35 AM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/23/2016
Scan Time: 3:52 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.23.09
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ryan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353516
Time Elapsed: 42 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 19
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, Quarantined, [6431ed8861397cba20a0e9abff031ae6], 
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , Quarantined, [276ebcb922788da90e2a5a5f649f0cf4], 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update innoApp, Quarantined, [eaab472edbbf53e32642d20dd92a1ce4], 
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util innoApp, Quarantined, [9104680d6b2f9a9c4325fee11de608f8], 
PUP.Optional.TidyNetwork, HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [5f36bfb6b4e678be40677543897a5aa6], 
PUP.Optional.TNT, HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Quarantined, [e2b39adbddbd8bab2b90219709fa8e72], 
PUP.Optional.TNT, HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{161E9AD7-BD94-4128-A6B3-CD725DBBB767}, Quarantined, [6a2b6a0b9efcac8ac7f58335c93a60a0], 
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-3085261950-921861981-1918839319-1002\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [b4e1096c4654231319015c5bd82b33cd], 
 
Registry Values: 9
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [6e279bdabcde1c1a092ee1d851b2e21e]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [7b1a086d7c1e0d2990a7f8c131d2cf31]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [d1c476ffa8f2c86e46f1a712b053c43c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [bfd6fe776e2c142294a3f6c32ed52dd3]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [1c793f369901c6705fd8e0d9ea19e51b]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [8510c5b0f1a924124aed1e9ba0638a76]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130628936522024928, Quarantined, [276ebcb922788da90e2a5a5f649f0cf4]
PUP.Optional.TNT, HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}|AppName, TNT2User.exe, Quarantined, [e2b39adbddbd8bab2b90219709fa8e72]
PUP.Optional.TNT, HKU\S-1-5-21-3085261950-921861981-1918839319-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{161E9AD7-BD94-4128-A6B3-CD725DBBB767}|OSDFileURL, file:///C:/Users/Ryan/AppData/Local/TNT2/Profiles/10753/yah10753.xml, Quarantined, [6a2b6a0b9efcac8ac7f58335c93a60a0]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 18
PUP.Optional.ArcadeParlor, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.arcadeparlor.com_0.localstorage, Quarantined, [b9dc99dc4357ae888c5d0fd205fe14ec], 
PUP.Optional.ArcadeParlor, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.arcadeparlor.com_0.localstorage-journal, Quarantined, [bbdab1c4d4c66ccac5242eb3bb48956b], 
PUP.Optional.ArcadeParlor, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b4.arcadeparlor.com_0.localstorage, Quarantined, [8e07f1840d8d7cba0fda01e08b7840c0], 
PUP.Optional.ArcadeParlor, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b4.arcadeparlor.com_0.localstorage-journal, Quarantined, [8c09dc99b6e489ad96534b961ee508f8], 
PUP.Optional.RivalGaming, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.rivalgaming.com_0.localstorage, Quarantined, [3a5b2e473f5b4ee8a64f33aede25b54b], 
PUP.Optional.RivalGaming, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.rivalgaming.com_0.localstorage-journal, Quarantined, [aee7175ef6a43204cb2a50910300b947], 
PUP.Optional.RivalGaming, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b4.rivalgaming.com_0.localstorage, Quarantined, [7d18264fd9c16bcb06efce13b2517888], 
PUP.Optional.RivalGaming, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b4.rivalgaming.com_0.localstorage-journal, Quarantined, [9005e09502982412de17c120d33026da], 
PUP.Optional.TopArcadeHits, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.toparcadehits.com_0.localstorage, Quarantined, [bfd6b8bd7c1ee1557041cb17ba49e020], 
PUP.Optional.TopArcadeHits, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.toparcadehits.com_0.localstorage-journal, Quarantined, [068fd99ce6b4b3834968c31f57ac9f61], 
PUP.Optional.ArcadeWeb, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.arcadeweb.com_0.localstorage, Quarantined, [a3f2393caceed363a678984bd92a4bb5], 
PUP.Optional.ArcadeWeb, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.arcadeweb.com_0.localstorage-journal, Quarantined, [fd98f580990110267aa46281f013e020], 
PUP.Optional.ArcadeSafari, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.arcadesafari.com_0.localstorage, Quarantined, [d8bd12637b1f3303c8df92526a997f81], 
PUP.Optional.ArcadeSafari, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.arcadesafari.com_0.localstorage-journal, Quarantined, [009577fe9dfd00367c2bb0348a797f81], 
PUP.Optional.ArcadeSafari, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b4.arcadesafari.com_0.localstorage, Quarantined, [d5c0f085d7c315218c1b92521de67c84], 
PUP.Optional.ArcadeSafari, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b4.arcadesafari.com_0.localstorage-journal, Quarantined, [088d6c098f0bad8945628e56e71c3cc4], 
PUP.Optional.PlayTopus, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.playtopus.com_0.localstorage, Quarantined, [dfb60a6bc9d11e18bd05f8ecc43fdf21], 
PUP.Optional.PlayTopus, C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_b3.playtopus.com_0.localstorage-journal, Quarantined, [9302175ed3c781b56260459ff90a6799], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

Emsisoft Emergency Kit - Version 11.9
Scan log
 
Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
9/23/2016 10:57:36 PM Malware 79514 7 0:14:35 Manual scan RYAN-HP
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Java version 32-bit out of Date! 
 Adobe Reader 10.1.16 Adobe Reader out of Date!  
 Google Chrome (53.0.2785.101) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
 

  • 0

#6
pystryker
Posted 24 September 2016 - 05:35 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Looks good, nothing but PUP's and they're all quarantined. :thumbsup: Let's update the 2 programs that SecurityCheck found. How's the machine running?


Step 1: Java Warning and Update

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

javara_zpshnkbqglv.jpg


Step 2: Update Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install Google Toolbar.
Please let me know when these are complete. :thumbsup:
  • 0

#7
flyboy1565
Posted 24 September 2016 - 08:02 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

Unfortunately, my sister wants to keep using Java and Adobe.


  • 0

#8
flyboy1565
Posted 24 September 2016 - 08:05 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts

both have been updated.


  • 0

#9
pystryker
Posted 24 September 2016 - 09:18 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Unfortunately, my sister wants to keep using Java and Adobe.


Hello :)

Ok, no worries, as long as they're updated when a new version comes out. :thumbsup:


Subject to no further issues, let's remove my tools and create a new, clean restore point on the machine.

Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

I also recommend reading Miekiemoes Protection Tips


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post

Delfix Log
  • 0

#10
flyboy1565
Posted 25 September 2016 - 12:57 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
# DelFix v1.010 - Logfile created 25/09/2016 at 11:53:00
# Updated 26/04/2015 by Xplode
# Username : Ryan - RYAN-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Ryan\Desktop\Addition.txt
Deleted : C:\Users\Ryan\Desktop\AdwCleaner.exe
Deleted : C:\Users\Ryan\Desktop\Fixlog.txt
Deleted : C:\Users\Ryan\Desktop\FRST.txt
Deleted : C:\Users\Ryan\Desktop\FRST64.exe
Deleted : C:\Users\Ryan\Desktop\JRT.exe
Deleted : C:\Users\Ryan\Desktop\JRT.txt
Deleted : C:\Users\Ryan\Desktop\SecurityCheck.exe
Deleted : C:\Users\Ryan\Downloads\JavaRa-2.6.1.1.zip
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #263 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 08/08/2016 20:25:37]
Deleted : RP #264 [Chrome Cleanup Tool | 08/15/2016 22:49:23]
Deleted : RP #266 [Restore Point Created by FRST | 09/23/2016 07:10:20]
Deleted : RP #267 [JRT Pre-Junkware Removal | 09/23/2016 07:21:23]
Deleted : RP #268 [Removed Java 8 Update 45 | 09/25/2016 01:49:01]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#11
pystryker
Posted 25 September 2016 - 08:28 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looks like a clean bill of health. :)

If we can be of service in the future, please don't hesitate to come see us. :thumbsup:
  • 0

#12
pystryker
Posted 27 September 2016 - 03:36 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP