The problem has not yet been resolved :/
Im getting a "wonderlandads" redirect. As I mentioned earlier, it only occurs for websites other than the https sites and occurs when I click on a link. It opens up in a new window ..
here are the logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by USER (administrator) on HP (19-01-2016 11:33:48)
Running from C:\Users\USER\Downloads\Programs
Loaded Profiles: USER (Available Profiles: USER)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Windows\KMS\KMS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\My WIFI Router\bmser.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(WordWeb Software) F:\WordWeb\wweb32.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8458968 2015-03-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2871464 2015-03-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [99064 2015-12-07] (Panda Security, S.L.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3898960 2015-05-03] (Tonec Inc.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [GarenaPlus] => "F:\Garena Plus\GarenaMessenger.exe" -autolaunch
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [WordWeb] => F:\WordWeb\wweb32.exe [80000 2015-08-02] (WordWeb Software)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Run: [Google Update] => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-15] (Google Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Tcpip\Parameters: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{AE90576C-1979-43C9-8D26-79196EFB8156}: [DhcpNameServer] 46.101.178.39 8.8.8.8
Tcpip\..\Interfaces\{CD917F21-16FC-4567-8EFF-43E5D9B488A6}: [DhcpNameServer] 172.16.224.2 218.248.233.3
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\76ggilh7.default-1453040933184
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> F:\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-10-01] ( Garena)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-921485403-2575864937-4210904776-1001: @tools.google.com/Google Update;version=3 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-921485403-2575864937-4210904776-1001: @tools.google.com/Google Update;version=9 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5 [2016-01-19] [not signed]
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Firefox\Extensions: [[email protected]] - F:\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - F:\WordWeb\WCaptureMoz [2015-10-21] [not signed]
FF HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\USER\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-12-24] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-09-17] (Intel Corporation)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-12-07] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [72952 2015-11-30] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-12-07] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-03-06] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WIFIGXENDHCPSER; C:\Program Files (x86)\My WIFI Router\bmser.exe [1656416 2014-04-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-12-24] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-12-24] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] ()
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-12-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [78584 2015-12-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-12-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-12-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-11-22] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120056 2015-11-29] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-11-22] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-12-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [136952 2015-12-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-11-29] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3568856 2014-09-24] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-03] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-04] (Basil Projects)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-06] (Hewlett-Packard Development Company, L.P.)
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\USER\AppData\Local\Temp\gkernel.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-18 19:03 - 2016-01-18 19:03 - 00001062 _____ C:\Users\USER\Desktop\WhatsApp.lnk
2016-01-17 21:50 - 2016-01-17 21:50 - 00001836 _____ C:\Users\Public\Desktop\Apps.lnk
2016-01-17 21:50 - 2016-01-17 21:50 - 00001779 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2016-01-17 21:49 - 2016-01-17 22:02 - 00000000 ____D C:\ProgramData\BlueStacks
2016-01-17 21:49 - 2016-01-17 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2016-01-17 21:49 - 2016-01-17 21:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-01-17 21:48 - 2016-01-17 21:48 - 00000000 ____D C:\Users\USER\AppData\Local\Bluestacks
2016-01-17 19:58 - 2016-01-17 19:58 - 00000000 ____D C:\Users\USER\Desktop\Old Firefox Data
2016-01-17 19:37 - 2015-05-22 14:15 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-01-16 10:57 - 2016-01-18 03:26 - 00000917 _____ C:\Users\USER\Desktop\JRT.txt
2016-01-16 10:26 - 2016-01-16 10:26 - 00060394 _____ C:\Users\USER\Downloads\FIXLIST.txt
2016-01-14 20:35 - 2016-01-19 11:33 - 00000000 ____D C:\FRST
2016-01-12 20:25 - 2016-01-12 20:26 - 00002172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\Users\USER\AppData\Roaming\Panda Security
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-01-12 20:25 - 2016-01-12 20:25 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-12 20:05 - 2016-01-12 20:25 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-10 11:30 - 2016-01-16 10:40 - 00000000 ____D C:\AdwCleaner
2016-01-05 12:37 - 2016-01-05 12:43 - 00000000 ____D C:\Users\USER\Desktop\SEMINAR REPORT FORMAT
2016-01-03 11:45 - 2016-01-03 11:45 - 00000000 ____D C:\Users\USER\AppData\Roaming\aipai
2016-01-03 11:44 - 2016-01-03 11:44 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartPixel
2016-01-03 11:44 - 2016-01-03 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartPixel
2015-12-31 20:55 - 2016-01-07 09:37 - 00000000 ____D C:\Users\USER\Desktop\seminar mine
2015-12-31 20:36 - 2016-01-06 22:18 - 00000000 ____D C:\Users\USER\Desktop\SEMINAR eg
2015-12-27 18:35 - 2015-12-27 18:35 - 00000000 ____D C:\Users\USER\Documents\VideoPad Projects
2015-12-27 18:31 - 2015-12-27 18:31 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2015-12-23 23:32 - 2016-01-08 08:48 - 00000000 ____D C:\Users\USER\Desktop\New folder
2015-12-23 22:50 - 2015-12-23 22:50 - 00000000 _____ C:\autoexec.bat
2015-12-23 22:37 - 2015-12-23 22:37 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-22 22:33 - 2015-12-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-12-20 00:52 - 2015-12-20 00:52 - 00000000 ____D C:\Program Files (x86)\Garena Total
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-19 11:32 - 2015-09-22 10:02 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{13577F26-D72F-4587-B470-A1DBBBD660BB}
2016-01-19 11:08 - 2015-11-15 13:27 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA.job
2016-01-19 09:07 - 2015-11-15 13:27 - 00000858 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core.job
2016-01-19 08:59 - 2015-09-19 19:43 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-921485403-2575864937-4210904776-1001
2016-01-19 08:40 - 2015-11-25 23:25 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-01-19 08:39 - 2015-10-21 12:00 - 00001110 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-19 08:39 - 2015-09-19 23:12 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-19 08:39 - 2015-09-19 20:15 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2016-01-19 08:39 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 03:26 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\AppData\Roaming\DMCache
2016-01-17 21:50 - 2013-08-22 21:06 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-17 21:48 - 2015-11-30 01:38 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-01-17 20:07 - 2015-10-04 11:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-16 21:46 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\Downloads\Compressed
2016-01-16 10:28 - 2013-08-22 19:06 - 00000000 ____D C:\Windows
2016-01-16 10:21 - 2015-10-09 20:49 - 00000000 ____D C:\Users\USER\AppData\Roaming\AVG
2016-01-16 10:21 - 2015-10-09 20:32 - 00000000 ____D C:\ProgramData\Avg
2016-01-16 10:21 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-01-13 17:29 - 2013-08-22 20:14 - 00527496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-12 20:26 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2016-01-12 02:59 - 2013-08-22 18:55 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-07 16:06 - 2015-09-30 06:19 - 00000000 ____D C:\Users\USER\Downloads\Video
2016-01-05 22:06 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2016-01-05 19:28 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\rescache
2016-01-03 11:42 - 2015-09-19 20:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-03 11:42 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2015-12-27 10:13 - 2015-11-25 19:23 - 00007600 _____ C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-12-22 22:33 - 2015-09-24 09:02 - 00000000 ____D C:\Users\USER\AppData\Local\Google
2015-12-22 22:27 - 2014-01-15 18:27 - 00000000 ____D C:\Windows\KMS
2015-12-20 11:06 - 2015-10-21 13:06 - 00000000 ____D C:\Users\USER\Downloads\wallpaper
2015-12-20 00:49 - 2015-10-11 00:33 - 00000000 ____D C:\Users\USER\AppData\Roaming\GarenaPlus
2015-12-20 00:49 - 2015-10-11 00:32 - 00000000 ____D C:\ProgramData\GarenaMessenger
==================== Files in the root of some directories =======
2015-11-19 08:50 - 2015-11-19 09:06 - 0000115 _____ () C:\Users\USER\AppData\Roaming\LogFile.txt
2015-10-11 01:38 - 2015-11-20 18:35 - 0045270 _____ () C:\Users\USER\AppData\Roaming\room_v3.dat
2015-09-30 12:33 - 2015-09-30 12:33 - 0003584 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-25 19:23 - 2015-12-27 10:13 - 0007600 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2015-09-24 09:07 - 2015-09-24 09:07 - 0000000 _____ () C:\Users\USER\AppData\Local\{B607AE99-9100-406D-A74F-02025B4F0770}
Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\KMP_4.0.3.1.exe
C:\Users\USER\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-12 21:57
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by USER (2016-01-19 11:34:46)
Running from C:\Users\USER\Downloads\Programs
Windows 8.1 Pro (X64) (2015-09-19 14:06:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-921485403-2575864937-4210904776-500 - Administrator - Disabled)
Guest (S-1-5-21-921485403-2575864937-4210904776-501 - Limited - Disabled)
USER (S-1-5-21-921485403-2575864937-4210904776-1001 - Administrator - Enabled) => C:\Users\USER
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Enabled - Out of date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Out of date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Enabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AVG Zen (Version: 1.21.6 - AVG Technologies) Hidden
BlueStacks App Player (HKLM-x32\...\{D7E3588F-25E6-4A93-8B1C-596F7951CA38}) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.170 - Broadcom Corporation)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Google Chrome (HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\Google Chrome) (Version: 18.0.1025.168 - Google Inc.)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel® Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4281 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Lumia UEFI Blue Driver (HKLM-x32\...\{9D2A75FE-8CE1-4297-AEC1-A097D47BACE9}) (Version: 1.1.10.1526 - Microsoft)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Panda Devices Agent (x32 Version: 1.03.06 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 8.20.00.0000 - Panda Security) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Proxifier version 3.28 (HKLM-x32\...\Proxifier_is1) (Version: 3.28 - Initex)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30182 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.39.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7455 - Realtek Semiconductor Corp.)
SmartPixel (HKLM-x32\...\SmartPixel) (Version: 3.2.0.0 - Beyond Magic Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.48.55 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 4.22 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Device Recovery Tool 3.1.4 (HKLM-x32\...\{d4849306-53e9-465f-8a2d-a68c8fcfe4dd}) (Version: 3.1.4 - Microsoft)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
WTFast 3.5 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 3.5.9.511 - Initex & AAA Internet Publishing)
Your Freedom 20151111-01 (HKLM-x32\...\Your_Deploy_0) (Version: - resolution GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-921485403-2575864937-4210904776-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\USER\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1DF9AB9D-8BC1-4269-9873-2D300A79F272} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2015-11-11] ()
Task: {72B0950E-A263-41AB-A4EB-53748857F4F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {7E491859-3AE3-46DE-88BF-6A591916427A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-24] (Adobe Systems Incorporated)
Task: {B472D1A9-EEBD-40E1-9AD2-E055C00DE325} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B71AD709-6B25-4A26-B6C7-77993931F1B5} - System32\Tasks\{FAD0EC96-51A4-4001-81B1-951269B934AF} => pcalua.exe -a C:\Users\USER\Downloads\Programs\win64_154012.exe -d C:\Users\USER\AppData\Roaming\IDM
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C887F459-C2C4-4710-93CB-FFA3D2F0CF21} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {CFB55E4D-B926-4456-BB57-7E4AFF6FC476} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F679A661-D75B-4DCF-9B41-FB97D7FD900E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001Core.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-921485403-2575864937-4210904776-1001UA.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-02 09:32 - 2015-03-28 15:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2015-09-19 19:36 - 2014-01-04 17:22 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2015-09-19 19:36 - 2013-12-04 01:31 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2015-10-09 18:52 - 2015-11-11 13:29 - 00168384 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-04-23 08:28 - 2014-04-23 08:28 - 01656416 _____ () C:\Program Files (x86)\My WIFI Router\bmser.exe
2015-12-15 22:47 - 2015-12-15 22:47 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-10-09 18:53 - 2015-11-11 13:29 - 02519488 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-12-02 08:55 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-02 08:55 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-02 08:55 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-02 08:55 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-02 08:55 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-23 08:28 - 2014-04-23 08:28 - 00193392 _____ () C:\Program Files (x86)\My WIFI Router\bmupdex.dll
2015-12-16 22:01 - 2015-11-11 01:25 - 00778752 _____ () E:\Steam\SDL2.dll
2015-10-21 16:43 - 2015-07-03 21:42 - 04962816 _____ () E:\Steam\v8.dll
2015-12-16 22:01 - 2015-12-15 01:31 - 02547280 _____ () E:\Steam\video.dll
2015-10-21 16:43 - 2015-07-03 21:42 - 01556992 _____ () E:\Steam\icui18n.dll
2015-10-21 16:43 - 2015-07-03 21:42 - 01187840 _____ () E:\Steam\icuuc.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-10-21 16:43 - 2015-09-24 06:03 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-12-16 22:01 - 2015-12-15 01:31 - 00804432 _____ () E:\Steam\bin\chromehtml.DLL
2015-11-17 21:25 - 2015-11-04 03:30 - 00201728 _____ () E:\Steam\bin\openvr_api.dll
2015-12-16 22:01 - 2015-11-17 06:01 - 47846176 _____ () E:\Steam\bin\libcef.dll
2015-10-21 16:43 - 2015-09-25 05:26 - 00119208 _____ () E:\Steam\winh264.dll
2015-10-08 17:49 - 2016-01-17 21:50 - 00195584 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll
2015-10-08 17:49 - 2016-01-17 21:50 - 01467392 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 18:55 - 2016-01-16 10:28 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\Downloads\wallpaper\space_pilot-1366x768.jpg
DNS Servers: 46.101.178.39 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\StartupApproved\StartupFolder: => "r.lnk"
HKU\S-1-5-21-921485403-2575864937-4210904776-1001\...\StartupApproved\Run: => "GarenaPlus"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F4B3501D-6EFA-452B-B6A5-3961975DA0A6}] => (Allow) C:\Windows\KMS\KMS.exe
FirewallRules: [{E4B7321F-F3D6-4B57-A493-69CDAE030B71}] => (Allow) C:\Windows\KMS\KMS.exe
FirewallRules: [{1F6A0F79-C60B-42D6-A098-7E5D223990D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CF600147-70E8-4B9E-A63D-549DD5747FB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{73E80287-B682-4B54-BB5D-4726CF5C6A1D}] => (Allow) F:\Garena Plus\ggdllhost.exe
FirewallRules: [{4BB5B31E-C267-4BAA-B95C-6A06E0F7B485}] => (Allow) F:\Garena Plus\Room\garena_room.exe
FirewallRules: [{58EBDC79-F3A9-47DA-B122-C661E93CE1A2}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{0E89BE7C-349B-4824-AA19-B1EED3C552BA}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{4BA84F61-712F-42C4-AC49-A560238A71B8}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{35AFB527-11D4-4173-B6B7-EAC8E9586D82}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{1DD8A6D1-10B4-468E-A730-A54E0A9DB45F}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{62EAF6AC-0AE1-4D06-B0EA-989B6E141BD2}] => (Allow) F:\My WIFI Router\My WIFI Router.exe
FirewallRules: [{5ADEE819-265A-4480-8ED8-1F9CE99019DF}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{6D10EF45-6934-4606-AB61-BDF70A59AFAE}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{C38DA49F-658E-438C-A98A-C57D738A2A8C}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{D04BBC07-371D-4A6B-A2DB-A3FBC167E938}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{2B9B307F-F016-4624-B2C1-8B23DEDD8389}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{C9B7C9B9-7347-4D8E-8FAB-55EDA911547F}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{CCF9E7B7-9A49-4B8F-A64D-FFE68D451D1B}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{515A7A20-4634-4696-A309-F9697169A1F9}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{7B7DB94E-0C80-402A-985B-79DCD9A57138}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [{DDA76CC5-81E0-42A7-9538-0A7BD58EEE13}] => (Allow) C:\Program Files (x86)\My WIFI Router\My WIFI Router.exe
FirewallRules: [TCP Query User{1535DD3E-198F-4C10-8088-1F3D03C9B6B6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{005B92E1-C367-4731-992C-3117488257D9}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{68C18CC4-E3A7-4ED9-B8FF-B4DBF5FAF0C9}] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{9F80C398-DBEF-4DE3-B07F-C7BC1451E58C}] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{6E518937-B5BB-4DE4-861D-536F8B81A635}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F62FFD9D-8AB3-4408-9A40-5B5BA0457CCC}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B0D30BD-3989-4A65-8794-C373CB9CD2C2}] => (Allow) F:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{2AF723CB-6B80-457B-9071-B828EB66AC5E}] => (Allow) F:\FormatFactory\FormatFactory.exe
FirewallRules: [{BDDA8327-CB5E-4B21-BCD4-7D639DA8D99A}] => (Allow) F:\FormatFactory\FormatFactory.exe
FirewallRules: [{8D584E34-169D-475E-8945-27CCF24D6722}] => (Allow) F:\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{FCAD242B-14B1-4500-B14A-87452F91FBC2}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{0A6836F2-29D4-4D5C-BB03-1FA2D7A4D0E5}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [TCP Query User{22E78331-A400-4510-8041-FCF8D53A7762}F:\warcraft iii frozen throne esk\war3.exe] => (Allow) F:\warcraft iii frozen throne esk\war3.exe
FirewallRules: [UDP Query User{577F7BE6-3F42-4CE5-A525-4DB8FAF56E47}F:\warcraft iii frozen throne esk\war3.exe] => (Allow) F:\warcraft iii frozen throne esk\war3.exe
FirewallRules: [{ADDF4EE8-E983-47BF-88AF-79BDF376BAAE}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [{7B5E3993-FDF0-4683-AF8B-817F9DCD6C4B}] => (Allow) C:\Program Files (x86)\MyPublicWiFi\MyPublicWiFi.exe
FirewallRules: [TCP Query User{0B05774B-D732-4D98-A2D3-D04D0E195F58}F:\yf\freedom.exe] => (Block) F:\yf\freedom.exe
FirewallRules: [UDP Query User{B260784D-F4C3-4EE0-A687-76BAF63FCC4B}F:\yf\freedom.exe] => (Block) F:\yf\freedom.exe
FirewallRules: [TCP Query User{82562156-6C57-4E24-98B9-8D6B604F49CC}F:\smartpixel\bin\smartpixel.exe] => (Allow) F:\smartpixel\bin\smartpixel.exe
FirewallRules: [UDP Query User{49ED8963-A542-44A4-9E6E-D0BEF0FC7AB2}F:\smartpixel\bin\smartpixel.exe] => (Allow) F:\smartpixel\bin\smartpixel.exe
FirewallRules: [{D66A53E2-78FC-47AE-802E-853DDB1C0528}] => (Allow) %systemroot%\system32\alg.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
25-12-2015 21:58:03 JRT Pre-Junkware Removal
03-01-2016 05:31:28 Scheduled Checkpoint
10-01-2016 19:51:07 Scheduled Checkpoint
13-01-2016 20:12:33 Removed BlueStacks App Player
16-01-2016 10:27:37 Restore Point Created by FRST
16-01-2016 10:42:47 JRT Pre-Junkware Removal
16-01-2016 10:50:33 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2016 09:47:51 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 09:47:51 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 09:47:29 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 09:47:29 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 09:46:13 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 09:46:13 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (1412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 08:59:31 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (4800) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 08:59:31 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (4800) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 08:43:20 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (2412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
Error: (01/19/2016 08:43:20 AM) (Source: ESENT) (EventID: 412) (User: )
Description: svchost (2412) Instance: Unable to read the header of logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb.log. Error -501.
System errors:
=============
Error: (01/19/2016 08:39:10 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/18/2016 09:40:14 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/17/2016 09:02:09 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/17/2016 09:01:39 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/17/2016 07:37:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/17/2016 10:08:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/16/2016 10:27:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/16/2016 01:32:21 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/16/2016 10:41:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
Error: (01/16/2016 10:40:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: Intel® Core i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 4016.67 MB
Available physical RAM: 2246.17 MB
Total Virtual: 5198.38 MB
Available Virtual: 2659.74 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.31 GB) (Free:65.75 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:416.93 GB) (Free:392.23 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:416.93 GB) (Free:407.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0458014D)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=416.9 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================