Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What shouldn t be here


  • This topic is locked This topic is locked
44 replies to this topic

#1 Pestyone

Pestyone

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 23 January 2015 - 03:53 PM

I hope this this is the right place to post a Hi  Jack this log very confusing to see where if belongs here so here goes  .  .  .

 

I am going ads galore ; update java; adobe ; some un named video player converter etc that I never had or used trash galore that superantispyware and malwearbytes can t find yet  .  .  .  .

 

 

So what gets deleted and what else doesn t belong ; would like to clean up the system so awaiting 

help  .  .  .

 

 

Yikes attach a file why not copy / paste why is always the slow way  .  .  . 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 25 January 2015 - 02:27 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 January 2015 - 03:15 PM

Ok hows this guess theirs something on the  Hi Jack log that shouldn t be their hum ; what ?

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by pestyone (administrator) on PESTYONE-PC on 26-01-2015 15:09:07
Running from C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDENBN77
Loaded Profiles: pestyone (Available profiles: pestyone)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-01-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM\...\Winlogon: [Userinit] C:\windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-30] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20141217-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-660230534-9386771-3986129850-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-660230534-9386771-3986129850-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20141217-135-ie-sm
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> DefaultScope {B354A84F-EC94-493A-8F00-48982DC4C505} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {B354A84F-EC94-493A-8F00-48982DC4C505} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default
FF NewTab: hxxp://www.safesear.ch/?type=20141217-135-ff-nt
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxp://www.safesear.ch/?type=20141217-135-ff
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=242154&p=
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\user.js
FF SearchPlugin: C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\yahoo_ff.xml
FF Extension: ArcadeParlor - C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-05-25]
FF Extension: saveitkeep. - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\w@T.co.uk [2014-12-03]
FF Extension: Like - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\jid1-eFRcA0eiPxecTQ@jetpack.xpi [2014-12-17]
FF Extension: Simple - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\jid1-vS7biDmom8YxhA@jetpack.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-11-12]
CHR Extension: (No Name) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-11-12]
CHR Extension: (No Name) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc [2014-11-07]
CHR Extension: (CostMin) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag [2014-06-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ASLDRService; No ImagePath
S2 ATKGFNEXSrv; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-12-19] (Digiarty Software, Inc.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-15] (Windows ® 2003 DDK 3790 provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-12-17] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-19] (Duplex Secure Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-10-31] (Rsupport Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:09 - 2015-01-26 15:09 - 00000000 ____D () C:\FRST
2015-01-26 14:54 - 2015-01-26 14:54 - 00021701 _____ () C:\Users\pestyone\Downloads\9C7166C9E448F0200C9268DBB7D004A56805471A.torrent
2015-01-25 23:52 - 2015-01-25 23:52 - 00014222 _____ () C:\Users\pestyone\Downloads\F1B4A4CDC6D3AF9AF3122206178D61DBC86CEC16.torrent
2015-01-25 23:51 - 2015-01-25 23:51 - 00014817 _____ () C:\Users\pestyone\Downloads\FF14B3E8F3459AE3D6305DA77A6AD76BE5083306.torrent
2015-01-25 23:50 - 2015-01-25 23:50 - 00014974 _____ () C:\Users\pestyone\Downloads\0A8B75CBE702D943556F3092F911852C13756AEC.torrent
2015-01-25 23:46 - 2015-01-25 23:46 - 00016039 _____ () C:\Users\pestyone\Downloads\009299A755071D15268FED8A27C5603024D6BAE0.torrent
2015-01-25 23:41 - 2015-01-25 23:41 - 00015916 _____ () C:\Users\pestyone\Downloads\C6DCC45C15BCCE5F9B6C8675161DB64FC7089DBD.torrent
2015-01-25 23:37 - 2015-01-25 23:37 - 00016835 _____ () C:\Users\pestyone\Downloads\CD586163E60414C970725C49C2591B6870D5AA8A.torrent
2015-01-25 23:37 - 2015-01-25 23:37 - 00016835 _____ () C:\Users\pestyone\Downloads\CD586163E60414C970725C49C2591B6870D5AA8A (1).torrent
2015-01-25 23:36 - 2015-01-25 23:36 - 00017146 _____ () C:\Users\pestyone\Downloads\39B501CBD2F90FD3A8789EC29911925C60C4948C.torrent
2015-01-25 23:29 - 2015-01-25 23:29 - 00018546 _____ () C:\Users\pestyone\Downloads\E478854EA9CD7F66E38D3C420A4200314D9D49B4.torrent
2015-01-25 23:28 - 2015-01-25 23:28 - 00017560 _____ () C:\Users\pestyone\Downloads\82274F85CAF8BE06E9EC5ED347E8B20A848EB2FD.torrent
2015-01-25 23:27 - 2015-01-25 23:27 - 00019660 _____ () C:\Users\pestyone\Downloads\C9E6FE4BD0E3C5D73129E9E1D9711AFE52D96A7C.torrent
2015-01-25 23:26 - 2015-01-25 23:26 - 00017700 _____ () C:\Users\pestyone\Downloads\A64ACA8058F6099CDED76C61DCD96BEB0EF6386B.torrent
2015-01-25 23:23 - 2015-01-25 23:23 - 00016939 _____ () C:\Users\pestyone\Downloads\464D2E87DE594188F866190D2238C0F38A22669A.torrent
2015-01-25 22:48 - 2015-01-25 22:48 - 00024822 _____ () C:\Users\pestyone\Downloads\7C1D9F573ADE4BA811ADC056C081A799B40D2F44 (1).torrent
2015-01-25 22:47 - 2015-01-25 22:47 - 00024822 _____ () C:\Users\pestyone\Downloads\7C1D9F573ADE4BA811ADC056C081A799B40D2F44.torrent
2015-01-25 22:31 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2015-01-24 10:04 - 2015-01-24 10:05 - 00779420 _____ () C:\Users\pestyone\Documents\1-24-15 print screen.odt
2015-01-24 07:20 - 2015-01-24 07:20 - 00002845 _____ () C:\Users\pestyone\Downloads\3737D0EA09F66F7D8B2F2F051BC35F53C82FAE68.torrent
2015-01-24 07:18 - 2015-01-24 07:18 - 00010264 _____ () C:\Users\pestyone\Downloads\5BD4982E93858D41FCF2F47CA1397AA7038810CB.torrent
2015-01-24 07:14 - 2015-01-24 07:14 - 00006154 _____ () C:\Users\pestyone\Downloads\EBE26BC1CBAF1FBC5B4D6DABA02A3FCF61A8970A.torrent
2015-01-24 06:23 - 2015-01-24 06:23 - 00015200 _____ () C:\Users\pestyone\Downloads\2783708420293267076CF35EAB1D7B92F3CE025A.torrent
2015-01-24 05:00 - 2015-01-24 05:00 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Elephant Games
2015-01-24 04:13 - 2015-01-24 04:13 - 00001062 _____ () C:\Users\pestyone\Desktop\Universal Extractor.lnk
2015-01-24 04:13 - 2015-01-24 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
2015-01-24 04:13 - 2015-01-24 04:13 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2015-01-24 01:36 - 2015-01-24 01:36 - 00016877 _____ () C:\Users\pestyone\Downloads\2A169873E6B4719AAEF2953EFDFA929D3BCFFF7D.torrent
2015-01-23 15:51 - 2015-01-23 15:51 - 00007465 _____ () C:\Users\pestyone\Desktop\hijackthis  -  1-23 - 15.txt
2015-01-23 14:48 - 2015-01-23 14:47 - 00401720 _____ (Trend Micro Inc.) C:\Users\pestyone\Downloads\hijackthis.exe
2015-01-23 12:21 - 2015-01-23 12:21 - 00115830 _____ () C:\Users\pestyone\Downloads\822E89ABC4D1EC98C5927A6136A7D8D1F3E6281C.torrent
2015-01-22 10:07 - 2015-01-22 10:07 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Thunderbird
2015-01-22 10:07 - 2015-01-22 10:07 - 00000000 ____D () C:\Users\pestyone\AppData\Local\Thunderbird
2015-01-22 09:55 - 2015-01-22 09:55 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Pegasus Mail
2015-01-22 09:54 - 2015-01-22 09:54 - 00000000 ____D () C:\PMAIL
2015-01-22 02:15 - 2015-01-22 02:15 - 00013330 _____ () C:\Users\pestyone\Downloads\[torrent.cd].DVD_Ranger_v4.5.0.4_Multilingual_Incl_Keygen_and_Patch_~HuNtEr~.torrent
2015-01-21 19:12 - 2015-01-21 19:12 - 00734083 _____ () C:\Users\pestyone\Documents\burned  1-21-15  7pm.odt
2015-01-19 16:11 - 2015-01-19 16:11 - 00000000 ____D () C:\Users\pestyone\AppData\Local\iSkysoft
2015-01-19 16:10 - 2015-01-22 02:27 - 00000000 ____D () C:\Users\pestyone\Documents\iSkysoft DVD Creator
2015-01-19 16:10 - 2015-01-19 16:10 - 00000000 ____D () C:\Users\Public\Documents\iSkysoft
2015-01-19 16:04 - 2015-01-19 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2015-01-19 16:04 - 2015-01-19 16:04 - 00000000 ____D () C:\Program Files (x86)\LAV Filters
2015-01-19 16:03 - 2015-01-19 16:03 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-01-19 16:03 - 2015-01-19 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-01-19 16:03 - 2015-01-19 16:03 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-19 15:53 - 2015-01-21 08:22 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\DVD Flick
2015-01-19 15:52 - 2015-01-19 15:52 - 00001870 _____ () C:\Users\pestyone\Desktop\DVD Flick.lnk
2015-01-19 15:52 - 2015-01-19 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2015-01-19 15:52 - 2015-01-19 15:52 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2015-01-19 15:52 - 2008-08-31 13:27 - 00028672 _____ (-) C:\windows\SysWOW64\mousewheel.ocx
2015-01-19 15:52 - 2007-08-31 18:36 - 00036864 _____ (Robdogg Inc.) C:\windows\SysWOW64\trayicon_handler.ocx
2015-01-19 15:52 - 2004-03-09 00:00 - 00609824 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.ocx
2015-01-19 15:52 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\windows\SysWOW64\ssubtmr6.dll
2015-01-19 15:52 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\windows\SysWOW64\comct232.ocx
2015-01-19 15:41 - 2015-01-19 15:41 - 00386680 _____ (Duplex Secure Ltd.) C:\windows\system32\Drivers\sptd.sys
2015-01-19 15:41 - 2015-01-19 15:41 - 00000000 ____D () C:\Users\pestyone\Documents\StarBurn
2015-01-19 15:41 - 2015-01-19 15:41 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\StarBurn
2015-01-19 15:40 - 2015-01-19 15:40 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\MediaFilters
2015-01-19 15:23 - 2015-01-19 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2015-01-19 15:23 - 2015-01-19 15:23 - 00000000 ____D () C:\Program Files (x86)\LSoft Technologies
2015-01-19 13:58 - 2015-01-19 13:58 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\anyburn
2015-01-19 13:55 - 2015-01-22 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2015-01-18 23:09 - 2015-01-18 23:09 - 00001099 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-01-18 23:09 - 2015-01-18 23:09 - 00000000 ____D () C:\Yahoo!
2015-01-18 23:09 - 2015-01-18 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-01-17 09:04 - 2015-01-17 09:04 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-16 09:24 - 2015-01-26 14:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 09:24 - 2015-01-16 09:24 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 04:36 - 2015-01-13 04:36 - 06388344 _____ (Tim Kosse) C:\Users\pestyone\Downloads\FileZilla_3.10.0_win32-setup.exe
2015-01-12 12:27 - 2015-01-12 12:27 - 71040000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2015-01-12 12:27 - 2015-01-12 12:27 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 06218072 _____ (Dolby Laboratories) C:\windows\system32\DDPP64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 05804772 _____ () C:\windows\system32\Drivers\rtvienna.dat
2015-01-12 12:27 - 2015-01-12 12:27 - 04263128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-01-12 12:27 - 2015-01-12 12:27 - 03186544 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02860760 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02827120 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02041432 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-01-12 12:27 - 2015-01-12 12:27 - 01939800 _____ (Dolby Laboratories) C:\windows\system32\DDPD64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01756264 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01568360 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01486952 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01443340 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
2015-01-12 12:27 - 2015-01-12 12:27 - 01287384 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00959704 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00947760 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00728680 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00712296 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00693352 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00663296 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00662784 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00629464 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00603984 _____ (Knowles Acoustics ) C:\windows\system32\KAAPORT64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00560328 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00491112 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00432744 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00428648 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00315736 _____ (Dolby Laboratories) C:\windows\system32\DDPO64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00261464 _____ (Dolby Laboratories) C:\windows\system32\DDPA64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00242792 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00242792 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00241768 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00141584 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00124176 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00075024 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00000000 ____D () C:\Program Files\Realtek
2015-01-12 11:08 - 2015-01-12 11:08 - 00002878 _____ () C:\Users\pestyone\Documents\Junkware Removal Tool.txt
2015-01-12 09:24 - 2015-01-12 09:24 - 00001246 _____ () C:\Users\pestyone\Desktop\DVD Fab 8 Qt (Tom_Da_Man).lnk
2015-01-12 09:24 - 2015-01-12 09:24 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked
2015-01-11 21:59 - 2015-01-11 21:59 - 00002878 _____ () C:\Users\pestyone\Desktop\JRT.txt
2015-01-11 21:42 - 2015-01-12 12:27 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2015-01-11 21:17 - 2015-01-11 21:17 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\NCH Software
2015-01-11 21:12 - 2015-01-11 21:12 - 00001206 _____ () C:\Users\pestyone\Desktop\Auslogics Registry Cleaner.lnk
2015-01-11 21:12 - 2015-01-11 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-01-11 21:12 - 2015-01-11 21:12 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-01-11 20:56 - 2015-01-11 20:58 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\WiseUpdate
2015-01-11 20:37 - 2015-01-11 20:37 - 04044800 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys
2015-01-10 08:25 - 2015-01-10 08:25 - 00000242 _____ () C:\Users\pestyone\Documents\Tiny Rustic Cabin With Wheels and a Stunning Interior  Tiny House for Us.url
2015-01-09 20:42 - 2015-01-09 20:42 - 00000607 _____ () C:\Users\pestyone\Downloads\csvdownload.csv
2015-01-09 20:41 - 2015-01-09 20:41 - 00002137 _____ () C:\Users\pestyone\Downloads\ofxdownload.ofx
2015-01-08 12:42 - 2015-01-08 12:42 - 00000266 _____ () C:\Users\pestyone\Documents\Movies seen - 1-8-15 x.txt
2015-01-07 05:57 - 2015-01-12 09:29 - 00000000 ____D () C:\Users\pestyone\Desktop\mp4
2015-01-03 11:36 - 2015-01-03 11:36 - 00299989 _____ () C:\Users\pestyone\Documents\video  5.odt
2015-01-02 08:19 - 2015-01-02 08:19 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Mariaglorum
2015-01-02 05:09 - 2015-01-12 09:24 - 00000000 ____D () C:\Program Files (x86)\DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked
2015-01-02 01:30 - 2015-01-02 01:30 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\DVDFab
2015-01-01 23:19 - 2015-01-01 23:19 - 00000040 ___SH () C:\ProgramData\.zreglib
2015-01-01 10:17 - 2015-01-01 10:17 - 00738722 _____ () C:\Users\pestyone\Documents\video e.odt
2015-01-01 08:53 - 2015-01-01 08:53 - 00616558 _____ () C:\Users\pestyone\Desktop\Arial  20.odt
2014-12-31 23:53 - 2015-01-01 00:38 - 00000000 ____D () C:\Users\pestyone\Documents\DVDFab
2014-12-31 22:47 - 2014-12-31 22:47 - 00188823 _____ () C:\Users\pestyone\Documents\video d.odt
2014-12-31 10:29 - 2014-12-31 10:29 - 00741922 _____ () C:\Users\pestyone\Documents\video C.odt
2014-12-31 08:36 - 2014-12-31 08:36 - 00000103 _____ () C:\Users\pestyone\Documents\T o y s.txt
2014-12-30 09:34 - 2014-12-30 09:34 - 00312924 _____ () C:\Users\pestyone\Documents\video list d.odt
2014-12-30 02:06 - 2014-12-30 02:06 - 00111190 _____ () C:\Users\pestyone\Documents\Contents 1.odt
2014-12-29 23:07 - 2014-12-29 23:07 - 00082357 _____ () C:\Users\pestyone\Documents\One Week.htm
2014-12-29 23:07 - 2014-12-29 23:07 - 00000000 ____D () C:\Users\pestyone\Documents\One Week_files
2014-12-29 14:57 - 2014-12-29 14:57 - 00026528 _____ (REALiX™) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-29 06:24 - 2014-12-29 06:24 - 00311857 _____ () C:\Users\pestyone\Documents\video burned 12-28-14.odt
2014-12-28 20:11 - 2014-12-28 20:11 - 00300682 _____ () C:\Users\pestyone\Documents\Grim story 12-28-14  p count here.odt
2014-12-28 20:03 - 2014-12-28 20:03 - 00300215 _____ () C:\Users\pestyone\Documents\Grim story 12-28-14.odt
2014-12-28 09:50 - 2014-12-28 09:50 - 00000022 _____ () C:\Users\pestyone\Documents\spam email addy.txt
2014-12-28 09:49 - 2014-12-28 09:50 - 00000179 _____ () C:\Users\pestyone\Documents\Kinky toys 12-28-14.txt
2014-12-27 12:46 - 2015-01-11 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub to PDF Converter
2014-12-27 12:46 - 2014-12-27 12:46 - 00000981 _____ () C:\Users\pestyone\Desktop\ePub to PDF Converter.lnk
2014-12-27 12:46 - 2014-12-27 12:46 - 00000000 ____D () C:\Program Files (x86)\ePub to PDF Converter
2014-12-27 12:45 - 2014-12-27 12:46 - 05026902 _____ (DONGSOFT Company, Inc. ) C:\Users\pestyone\Downloads\epubtopdf.exe
2014-12-27 07:01 - 2015-01-11 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-12-27 07:01 - 2014-12-27 07:01 - 00001968 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-12-27 07:01 - 2014-12-27 07:01 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 14:30 - 2014-07-21 20:57 - 00000000 ____D () C:\Users\pestyone\Documents\ConvertXToDVD
2015-01-26 07:26 - 2014-12-17 07:26 - 00000000 ____D () C:\Users\pestyone\AppData\Local\Component
2015-01-26 05:19 - 2014-10-07 12:36 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\vlc
2015-01-26 05:18 - 2011-04-18 18:11 - 02015014 _____ () C:\windows\WindowsUpdate.log
2015-01-26 05:02 - 2014-04-12 04:08 - 00001191 _____ () C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
2015-01-26 05:02 - 2014-04-12 04:06 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Vso
2015-01-26 01:44 - 2013-06-28 21:38 - 00000000 ____D () C:\Users\pestyone\AppData\Local\CrashDumps
2015-01-25 22:38 - 2009-07-13 23:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:38 - 2009-07-13 23:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:33 - 2014-10-23 05:36 - 00002860 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (pestyone)
2015-01-25 22:31 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-24 09:58 - 2014-03-24 00:15 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\dvdcss
2015-01-24 05:45 - 2014-11-22 05:35 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\GetPrivate
2015-01-24 05:45 - 2014-06-30 22:40 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\serv
2015-01-24 05:06 - 2014-03-27 17:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-22 15:47 - 2013-06-28 22:31 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\FileZilla
2015-01-22 09:59 - 2014-05-15 07:53 - 00000000 ____D () C:\Program Files (x86)\RAR Opener
2015-01-20 12:21 - 2014-10-23 05:36 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-19 06:37 - 2014-10-20 03:53 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\DigitalVolcano
2015-01-18 23:10 - 2013-06-28 21:35 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Yahoo!
2015-01-18 23:10 - 2013-06-28 21:34 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-18 23:02 - 2011-11-25 23:10 - 00000000 ____D () C:\Users\pestyone
2015-01-16 09:24 - 2014-12-17 07:31 - 00002112 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-16 09:24 - 2014-12-17 01:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 09:24 - 2014-12-17 01:10 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 10:22 - 2013-06-29 11:50 - 00000000 ____D () C:\Users\pestyone\Documents\Calibre Library
2015-01-11 21:25 - 2011-04-18 18:16 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-11 21:25 - 2011-04-18 18:13 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-11 21:25 - 2011-04-18 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-11 21:25 - 2011-04-18 18:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-11 21:24 - 2013-06-30 14:19 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 21:24 - 2013-06-30 14:19 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-11 21:22 - 2011-04-18 18:07 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-11 21:20 - 2014-11-03 07:23 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2015-01-11 21:17 - 2014-11-03 07:23 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-11 21:16 - 2014-11-03 07:23 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-01-11 21:13 - 2014-12-22 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magellan Content Manager
2015-01-11 20:58 - 2014-12-17 02:21 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Wise Registry Cleaner
2015-01-11 20:32 - 2013-06-28 21:35 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-11 20:32 - 2013-06-28 21:35 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-11 20:31 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-01-11 07:04 - 2014-07-10 03:35 - 00045491 _____ () C:\Users\pestyone\Documents\Docked return 7-10-14 4 am.odt
2014-12-29 14:58 - 2014-12-17 07:31 - 00003220 _____ () C:\windows\System32\Tasks\Driver Booster Scan
2014-12-29 14:58 - 2014-12-17 07:31 - 00003164 _____ () C:\windows\System32\Tasks\Driver Booster Update
2014-12-29 14:57 - 2014-12-17 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-29 06:31 - 2014-06-27 07:56 - 00047207 _____ () C:\Users\pestyone\Documents\re dock two.odt

==================== Files in the root of some directories =======

2014-03-20 06:53 - 2014-03-20 06:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-05-07 22:58 - 2014-05-07 22:58 - 0009008 _____ () C:\Users\pestyone\AppData\Roaming\.freeciv-client-rc-2.4
2014-06-30 22:47 - 2014-06-30 23:00 - 0000314 _____ () C:\Users\pestyone\AppData\Roaming\aps.uninstall.scan.results
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\pestyone\AppData\Roaming\DULE
2014-04-12 04:06 - 2014-05-21 16:15 - 0099384 _____ () C:\Users\pestyone\AppData\Roaming\inst.exe
2014-04-12 04:06 - 2014-05-21 16:15 - 0007859 _____ () C:\Users\pestyone\AppData\Roaming\pcouffin.cat
2014-04-12 04:06 - 2014-05-21 16:15 - 0001167 _____ () C:\Users\pestyone\AppData\Roaming\pcouffin.inf
2014-04-12 04:07 - 2014-05-21 16:15 - 0000034 _____ () C:\Users\pestyone\AppData\Roaming\pcouffin.log
2014-04-12 04:06 - 2014-05-21 16:15 - 0082816 _____ (VSO Software) C:\Users\pestyone\AppData\Roaming\pcouffin.sys
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\pestyone\AppData\Roaming\USWP
2014-04-12 04:08 - 2015-01-26 05:02 - 0001191 _____ () C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
2014-10-09 10:25 - 2014-10-29 22:59 - 0015872 _____ () C:\Users\pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 04:55 - 2014-05-04 04:57 - 0000026 _____ () C:\Users\pestyone\AppData\Local\isoworkshop.ini
2014-06-30 22:47 - 2014-06-30 22:47 - 0623696 _____ (Click Me In Limited) C:\Users\pestyone\AppData\Local\nsxC759.tmp
2014-10-19 20:37 - 2014-10-19 20:37 - 0000003 _____ () C:\Users\pestyone\AppData\Local\proxy.log
2014-08-17 08:35 - 2014-08-17 08:36 - 0007606 _____ () C:\Users\pestyone\AppData\Local\Resmon.ResmonCfg
2014-03-27 18:16 - 2014-11-20 00:28 - 0000025 _____ () C:\Users\pestyone\AppData\Local\trueburner.ini
2015-01-01 23:19 - 2015-01-01 23:19 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-17 07:51 - 2014-12-17 07:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-25 04:12 - 2014-05-28 09:46 - 0005856 _____ () C:\ProgramData\NanoRepository.bin
2014-03-25 04:12 - 2014-05-22 07:30 - 0005856 _____ () C:\ProgramData\NanoRepository.bin.bak

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-25 06:26

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by pestyone at 2015-01-26 15:10:20
Running from C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDENBN77
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

???? ??? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
????? Windows Live (Version: 15.4.3502.0922 - ?????????? ??????????) Hidden
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???????? ?????????? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
?????????? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????????? ?? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
BatteryLifeExtender (HKLM-x32\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
calibre (HKLM\...\{8D8C1516-D6D5-41F1-B98B-DCCCF17F8ED2}) (Version: 1.36.0 - Kovid Goyal)
calibre (HKLM-x32\...\{8D8C1516-D6D5-41F1-B98B-DCCCF17F8ED2}) (Version: 1.36.0 - Kovid Goyal)
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
ConvertXtoDVD 4.2.0.0 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.2.0.0 - )
ConvertXtoDVD 4.2.0.0 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.2.0.0 - )
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Ebook to EPUB PDF AZW Converter 6.0.4 (HKLM\...\{D88F8A2D-E63A-4E59-AC08-23260A97C239}) (Version: 6.0.4 - EPUBSOFT)
Ebook to EPUB PDF AZW Converter 6.0.4 (HKLM-x32\...\{D88F8A2D-E63A-4E59-AC08-23260A97C239}) (Version: 6.0.4 - EPUBSOFT)
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version:  - DONGSOFT Company, Inc.)
ETDWare PS/2-X64 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
European Mystery The Face of Envy Collectors 1.00 (HKLM\...\European Mystery The Face of Envy Collectors 1.00) (Version: 1.00 - Games)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Interenet Optimizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version:  - BullPoint) <==== ATTENTION
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
LibreOffice 4.3.2.2 (HKLM\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - ?????????? ??????????)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.4.10.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.0.4 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Play Camera (HKLM-x32\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics)
Play Camera (Version: 2.0.0.13 - Samsung Electronics) Hidden
Play Camera (x32 Version: 2.0.0.13 - Samsung Electronics) Hidden
Poczta uslugi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RAR Opener version 1.0 (HKLM\...\{DFC3E171-965F-4C07-AA42-05F6F5B7380B}_is1) (Version: 1.0 - raropener.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Smart Toolbar Remover v2.2 (HKLM-x32\...\Smart Toolbar Remover_is1) (Version: 2.2 - Smart PC Solutions)
Soft4Boost Secure Eraser (HKLM-x32\...\Soft4Boost Secure Eraser_is1) (Version: 2.7.3.175 - Soft4Boost Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden <==== ATTENTION
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden <==== ATTENTION
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.4 - )
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.4 - )
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live ??? (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-01-2015 09:23:45 Driver Booster : Adobe Flash Player ActiveX
19-01-2015 15:41:00 SPTD setup V1.86

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D37EA5-6704-41E1-BCE5-58AC1AAF202F} - System32\Tasks\Driver Booster SkipUAC (pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-12-17] (IObit)
Task: {06A45F69-747D-4078-BE2D-A11BD84354DE} - \EasyBatteryManager No Task File <==== ATTENTION
Task: {10F81BA8-4AAC-4B2E-A1A6-842DD77CEECF} - \{3634D602-37DE-4762-92E4-39897701453E} No Task File <==== ATTENTION
Task: {26D795EA-5309-4425-A1F2-2F5B322554B3} - \{4603685D-1586-4F5F-A373-B88EFC7B7C00} No Task File <==== ATTENTION
Task: {2EBDFAE7-1858-47CD-BD8C-732A81DC7226} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4C51280C-6FC0-4392-8B88-4653C528694B} - \EasySpeedUpManager No Task File <==== ATTENTION
Task: {4D50A3F5-2CBF-49A5-8858-EC73327CA9D2} - \{4EDB573E-C1DF-4838-8F81-9A0A5FABBF1F} No Task File <==== ATTENTION
Task: {62D92155-8224-46EF-9AB7-B0E1E076D36B} - \GPUP No Task File <==== ATTENTION
Task: {66334212-B723-4324-9063-4B825F1E366E} - \SamsungSupportCenter No Task File <==== ATTENTION
Task: {68E21AC2-A9E0-4B54-AB31-2E21FCA2C725} - \SUPBackground No Task File <==== ATTENTION
Task: {8318BD7B-1011-4A05-B2F2-E8C244B82E73} - \LaunchSignup No Task File <==== ATTENTION
Task: {83EFAAE9-66C1-4E87-85A5-F5F60DDA8D5C} - \ATKOSD2 No Task File <==== ATTENTION
Task: {868B14CA-400C-4D74-9393-E99DA7CD984F} - \{BB649798-199D-4D44-95E0-8756789F44DE} No Task File <==== ATTENTION
Task: {88EF7753-72CC-45FE-B6CF-B517C6916EF6} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {8E0FD80E-7A22-41EF-ABF8-6751A43DE6F8} - \BatteryLifeExtender No Task File <==== ATTENTION
Task: {8F1BDFB5-8E24-40AB-883F-9CAA60740349} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update => %LOCALAPPDATA%\Idle_Crawler\Idle-Crawler.exe <==== ATTENTION
Task: {9C446C30-CEFB-4F9D-9C97-49541D48FE0D} - \{C93F746B-5857-4FC0-9F37-7339020567ED} No Task File <==== ATTENTION
Task: {A20150B5-FDAF-4DC4-8D4A-2511034AAC43} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {A897A89B-88DB-414E-AEFB-485424472FE6} - System32\Tasks\Component System\Component => C:\Users\pestyone\AppData\Local\Component\com.exe [2014-12-05] ()
Task: {BD4710BC-2358-4E1D-A0C7-24D0F5290488} - \AdobeFlashPlayer-S-2-1-24-198293847112UI No Task File <==== ATTENTION
Task: {D097BDA6-A29D-468D-B5FB-FF3692C0E67E} - \EasyDisplayMgr No Task File <==== ATTENTION
Task: {DA1B4AD6-CFF1-4F9E-8219-C4F24956E91D} - \{781824E9-25EB-465D-AA07-03B06570DF56} No Task File <==== ATTENTION
Task: {E0AB2E1A-5E9B-49A1-93B4-103A69CC5530} - \NSManager_1418845481 No Task File <==== ATTENTION
Task: {FB6D4E1E-35D8-470C-A84A-DF11D2D6D0FA} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {FD1CB382-C56E-4819-85B8-8FDEB9B4B206} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-11-25 23:12 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-21 16:14 - 2012-12-13 12:34 - 09884120 _____ () C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-19 16:11 - 2014-04-04 11:29 - 00371712 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-01-19 16:11 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\startupreg: CmTray => "C:\Users\pestyone\Desktop\New folder\launchCM.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

========================= Accounts: ==========================

Administrator (S-1-5-21-660230534-9386771-3986129850-500 - Administrator - Disabled)
Guest (S-1-5-21-660230534-9386771-3986129850-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-660230534-9386771-3986129850-1002 - Limited - Enabled)
pestyone (S-1-5-21-660230534-9386771-3986129850-1000 - Administrator - Enabled) => C:\Users\pestyone

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9285 Wireless Network Adapter
Description: Qualcomm Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 04:57:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x31419236
Faulting process id: 0x4658
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/25/2015 04:54:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x39b1ffff
Faulting process id: 0xd24
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (01/26/2015 05:14:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/26/2015 00:46:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/25/2015 10:31:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/25/2015 10:31:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.

Error: (01/25/2015 10:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASLDR Service service failed to start due to the following error:
%%3

Error: (01/25/2015 02:57:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/25/2015 03:00:39 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/25/2015 03:00:29 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.

Error: (01/25/2015 03:00:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASLDR Service service failed to start due to the following error:
%%3

Error: (01/24/2015 07:07:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (01/25/2015 04:57:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63unknown0.0.0.000000000c000000531419236465801d03884f9aaefb9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown8ab46531-a478-11e4-8995-e811329dc68c

Error: (01/25/2015 04:54:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63unknown0.0.0.000000000c000000539b1ffffd2401d038751807897eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown316ab8d7-a478-11e4-8995-e811329dc68c

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 4028.61 MB
Available physical RAM: 2177.47 MB
Total Pagefile: 8055.41 MB
Available Pagefile: 5864.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:113 GB) (Free:39.92 GB) NTFS
Drive d: () (Fixed) (Total:166.5 GB) (Free:124.85 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:399.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80CD1684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=113 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=166.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=18.5 GB) - (Type=27)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 749E749E)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 26 January 2015 - 03:33 PM

Hey, :)
We don't use HJT as it is outdated.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 January 2015 - 05:58 PM

Ok this seems to have found or fixed nothing hum heres the log next malwearbytes amazing how many things to run ouchy .

 

 

# AdwCleaner v4.109 - Report created 26/01/2015 at 17:47:49
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : pestyone - PESTYONE-PC
# Running from : C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\010CQIU2\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\Users\pestyone\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\trovi-search.xml
File Found : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\yahoo_ff.xml
File Found : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\user.js
Folder Found : C:\Program Files (x86)\MSR
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\7d1d4a9521a684ba
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\UpdateCommon
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\pestyone\AppData\Local\BlitzMediaPlayer
Folder Found : C:\Users\pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Found : C:\Users\pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\pestyone\AppData\Local\TNT2
Folder Found : C:\Users\pestyone\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\pestyone\AppData\Roaming\AppCloudUpdater
Folder Found : C:\Users\pestyone\AppData\Roaming\GetPrivate
Folder Found : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\w@T.co.uk
Folder Found : C:\Users\pestyone\AppData\Roaming\NCH Software
Folder Found : C:\Users\pestyone\AppData\Roaming\serv
Folder Found : C:\windows\Microsoft\SystemUpdatekb70007

***** [ Scheduled Tasks ] *****

Task Found : Driver Booster Scan
Task Found : Driver Booster Update
Task Found : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.safesear.ch/?type=20141217-135-ie-sm
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\click-n-mark
Key Found : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Found : HKCU\Software\Conduit_Search_Protect
Key Found : HKCU\Software\FreeSoftToday
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\SecuredDownload
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\TelevisionFanatic
Key Found : HKCU\Software\TNT2
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\Conduit_Search_Protect
Key Found : [x64] HKCU\Software\FreeSoftToday
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\SecuredDownload
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\TelevisionFanatic
Key Found : [x64] HKCU\Software\TNT2
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\AdvertisingSupport
Key Found : HKLM\SOFTWARE\Browser Champion
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Email Notifier
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\mystarttb
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\TBID
Key Found : HKLM\SOFTWARE\TelevisionFanatic
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Key Found : [x64] HKLM\SOFTWARE\TBID
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.safesear.ch/web/?type=20141217-135-sshome-ie-df&q={searchTerms}

-\\ Mozilla Firefox v

[t0jy83tu.default] - Line Found : user_pref("browser.newtab.url", "hxxp://www.safesear.ch/?type=20141217-135-ff-nt");
[t0jy83tu.default] - Line Found : user_pref("browser.search.order.1", "SafeSearch");
[t0jy83tu.default] - Line Found : user_pref("browser.search.selectedEngine", "SafeSearch");
[t0jy83tu.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://www.safesear.ch/?type=20141217-135-ff");
[t0jy83tu.default] - Line Found : user_pref("keyword.url", "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=");

-\\ Google Chrome v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R0].txt - [12246 octets] - [26/01/2015 17:47:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12307 octets] ##########



#6 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 January 2015 - 07:14 PM

Ok hate malwearbytes have used before and keeps freezing up on me and just froze again so will run superantispywear ; that s the best but heres another log will look for other malwear removers .      So what have I missed dang it

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by pestyone (administrator) on PESTYONE-PC on 26-01-2015 19:03:17
Running from C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CERNH5OC
Loaded Profiles: pestyone (Available profiles: pestyone)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-01-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM\...\Winlogon: [Userinit] C:\windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-06-30] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-19] => http=127.0.0.1:8118;https=127.0.0.1:8118
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-20] => http=127.0.0.1:8118;https=127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear.ch/web/?type=20141217-135-sshome-ie-df&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-660230534-9386771-3986129850-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-660230534-9386771-3986129850-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.safesear.ch/?type=20141217-135-ie-sm
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> DefaultScope {B354A84F-EC94-493A-8F00-48982DC4C505} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-660230534-9386771-3986129850-1000 -> {B354A84F-EC94-493A-8F00-48982DC4C505} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default
FF NewTab: hxxp://www.safesear.ch/?type=20141217-135-ff-nt
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: SafeSearch
FF Homepage: hxxp://www.safesear.ch/?type=20141217-135-ff
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=242154&p=
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\user.js
FF SearchPlugin: C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\yahoo_ff.xml
FF Extension: ArcadeParlor - C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [2014-05-25]
FF Extension: saveitkeep. - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\w@T.co.uk [2014-12-03]
FF Extension: Like - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\jid1-eFRcA0eiPxecTQ@jetpack.xpi [2014-12-17]
FF Extension: Simple - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\jid1-vS7biDmom8YxhA@jetpack.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-11-12]
CHR Extension: (No Name) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2014-11-12]
CHR Extension: (No Name) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc [2014-11-07]
CHR Extension: (CostMin) - C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag [2014-06-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ASLDRService; No ImagePath
S2 ATKGFNEXSrv; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-12-19] (Digiarty Software, Inc.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-29] (REALiX™)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-15] (Windows ® 2003 DDK 3790 provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-12-17] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-19] (Duplex Secure Ltd.)
R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-10-31] (Rsupport Corporation)
R3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 18:00 - 2015-01-26 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 17:47 - 2015-01-26 17:51 - 00000000 ____D () C:\AdwCleaner
2015-01-26 16:14 - 2015-01-26 16:14 - 00001197 _____ () C:\Users\Public\Desktop\EMCO Malware Destroyer 7.lnk
2015-01-26 16:14 - 2015-01-26 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
2015-01-26 16:14 - 2015-01-26 16:14 - 00000000 ____D () C:\Program Files (x86)\EMCO
2015-01-26 16:10 - 2015-01-26 16:10 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Runscanner.net
2015-01-26 15:09 - 2015-01-26 19:03 - 00000000 ____D () C:\FRST
2015-01-26 14:54 - 2015-01-26 14:54 - 00021701 _____ () C:\Users\pestyone\Downloads\9C7166C9E448F0200C9268DBB7D004A56805471A.torrent
2015-01-25 22:31 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2015-01-24 10:04 - 2015-01-24 10:05 - 00779420 _____ () C:\Users\pestyone\Documents\1-24-15 print screen.odt
2015-01-24 05:00 - 2015-01-24 05:00 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Elephant Games
2015-01-24 04:13 - 2015-01-24 04:13 - 00001062 _____ () C:\Users\pestyone\Desktop\Universal Extractor.lnk
2015-01-24 04:13 - 2015-01-24 04:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
2015-01-24 04:13 - 2015-01-24 04:13 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2015-01-23 15:51 - 2015-01-23 15:51 - 00007465 _____ () C:\Users\pestyone\Desktop\hijackthis  -  1-23 - 15.txt
2015-01-23 14:48 - 2015-01-23 14:47 - 00401720 _____ (Trend Micro Inc.) C:\Users\pestyone\Downloads\hijackthis.exe
2015-01-22 10:07 - 2015-01-22 10:07 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Thunderbird
2015-01-22 10:07 - 2015-01-22 10:07 - 00000000 ____D () C:\Users\pestyone\AppData\Local\Thunderbird
2015-01-22 09:55 - 2015-01-22 09:55 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Pegasus Mail
2015-01-22 09:54 - 2015-01-22 09:54 - 00000000 ____D () C:\PMAIL
2015-01-22 02:15 - 2015-01-22 02:15 - 00013330 _____ () C:\Users\pestyone\Downloads\[torrent.cd].DVD_Ranger_v4.5.0.4_Multilingual_Incl_Keygen_and_Patch_~HuNtEr~.torrent
2015-01-21 19:12 - 2015-01-21 19:12 - 00734083 _____ () C:\Users\pestyone\Documents\burned  1-21-15  7pm.odt
2015-01-19 16:11 - 2015-01-19 16:11 - 00000000 ____D () C:\Users\pestyone\AppData\Local\iSkysoft
2015-01-19 16:10 - 2015-01-22 02:27 - 00000000 ____D () C:\Users\pestyone\Documents\iSkysoft DVD Creator
2015-01-19 16:10 - 2015-01-19 16:10 - 00000000 ____D () C:\Users\Public\Documents\iSkysoft
2015-01-19 16:04 - 2015-01-19 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2015-01-19 16:04 - 2015-01-19 16:04 - 00000000 ____D () C:\Program Files (x86)\LAV Filters
2015-01-19 16:03 - 2015-01-19 16:03 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-01-19 16:03 - 2015-01-19 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2015-01-19 16:03 - 2015-01-19 16:03 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-19 15:53 - 2015-01-21 08:22 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\DVD Flick
2015-01-19 15:52 - 2015-01-19 15:52 - 00001870 _____ () C:\Users\pestyone\Desktop\DVD Flick.lnk
2015-01-19 15:52 - 2015-01-19 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
2015-01-19 15:52 - 2015-01-19 15:52 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2015-01-19 15:52 - 2008-08-31 13:27 - 00028672 _____ (-) C:\windows\SysWOW64\mousewheel.ocx
2015-01-19 15:52 - 2007-08-31 18:36 - 00036864 _____ (Robdogg Inc.) C:\windows\SysWOW64\trayicon_handler.ocx
2015-01-19 15:52 - 2004-03-09 00:00 - 00609824 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.ocx
2015-01-19 15:52 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\windows\SysWOW64\ssubtmr6.dll
2015-01-19 15:52 - 1998-06-24 00:00 - 00164144 _____ (Microsoft Corporation) C:\windows\SysWOW64\comct232.ocx
2015-01-19 15:41 - 2015-01-19 15:41 - 00386680 _____ (Duplex Secure Ltd.) C:\windows\system32\Drivers\sptd.sys
2015-01-19 15:41 - 2015-01-19 15:41 - 00000000 ____D () C:\Users\pestyone\Documents\StarBurn
2015-01-19 15:41 - 2015-01-19 15:41 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\StarBurn
2015-01-19 15:40 - 2015-01-19 15:40 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\MediaFilters
2015-01-19 15:23 - 2015-01-19 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2015-01-19 15:23 - 2015-01-19 15:23 - 00000000 ____D () C:\Program Files (x86)\LSoft Technologies
2015-01-19 13:58 - 2015-01-19 13:58 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\anyburn
2015-01-19 13:55 - 2015-01-22 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2015-01-18 23:09 - 2015-01-18 23:09 - 00001099 _____ () C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2015-01-18 23:09 - 2015-01-18 23:09 - 00000000 ____D () C:\Yahoo!
2015-01-18 23:09 - 2015-01-18 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2015-01-17 09:04 - 2015-01-17 09:04 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-16 09:24 - 2015-01-26 18:46 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 09:24 - 2015-01-16 09:24 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 04:36 - 2015-01-13 04:36 - 06388344 _____ (Tim Kosse) C:\Users\pestyone\Downloads\FileZilla_3.10.0_win32-setup.exe
2015-01-12 12:27 - 2015-01-12 12:27 - 71040000 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2015-01-12 12:27 - 2015-01-12 12:27 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 06218072 _____ (Dolby Laboratories) C:\windows\system32\DDPP64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 05804772 _____ () C:\windows\system32\Drivers\rtvienna.dat
2015-01-12 12:27 - 2015-01-12 12:27 - 04263128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-01-12 12:27 - 2015-01-12 12:27 - 03186544 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02860760 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02827120 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 02041432 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-01-12 12:27 - 2015-01-12 12:27 - 01939800 _____ (Dolby Laboratories) C:\windows\system32\DDPD64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01756264 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01568360 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01486952 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 01443340 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
2015-01-12 12:27 - 2015-01-12 12:27 - 01287384 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00959704 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00947760 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00728680 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00712296 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00693352 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00663296 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00662784 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00629464 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00603984 _____ (Knowles Acoustics ) C:\windows\system32\KAAPORT64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00560328 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00491112 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00432744 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00428648 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00315736 _____ (Dolby Laboratories) C:\windows\system32\DDPO64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00261464 _____ (Dolby Laboratories) C:\windows\system32\DDPA64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00242792 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00242792 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00241768 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00141584 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00124176 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00075024 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll
2015-01-12 12:27 - 2015-01-12 12:27 - 00000000 ____D () C:\Program Files\Realtek
2015-01-12 11:08 - 2015-01-12 11:08 - 00002878 _____ () C:\Users\pestyone\Documents\Junkware Removal Tool.txt
2015-01-12 09:24 - 2015-01-12 09:24 - 00001246 _____ () C:\Users\pestyone\Desktop\DVD Fab 8 Qt (Tom_Da_Man).lnk
2015-01-12 09:24 - 2015-01-12 09:24 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked
2015-01-11 21:59 - 2015-01-11 21:59 - 00002878 _____ () C:\Users\pestyone\Desktop\JRT.txt
2015-01-11 21:42 - 2015-01-12 12:27 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2015-01-11 21:17 - 2015-01-11 21:17 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\NCH Software
2015-01-11 21:12 - 2015-01-11 21:12 - 00001206 _____ () C:\Users\pestyone\Desktop\Auslogics Registry Cleaner.lnk
2015-01-11 21:12 - 2015-01-11 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-01-11 21:12 - 2015-01-11 21:12 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-01-11 20:56 - 2015-01-11 20:58 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\WiseUpdate
2015-01-11 20:37 - 2015-01-11 20:37 - 04044800 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys
2015-01-10 08:25 - 2015-01-10 08:25 - 00000242 _____ () C:\Users\pestyone\Documents\Tiny Rustic Cabin With Wheels and a Stunning Interior  Tiny House for Us.url
2015-01-09 20:42 - 2015-01-09 20:42 - 00000607 _____ () C:\Users\pestyone\Downloads\csvdownload.csv
2015-01-09 20:41 - 2015-01-09 20:41 - 00002137 _____ () C:\Users\pestyone\Downloads\ofxdownload.ofx
2015-01-08 12:42 - 2015-01-08 12:42 - 00000266 _____ () C:\Users\pestyone\Documents\Movies seen - 1-8-15 x.txt
2015-01-07 05:57 - 2015-01-12 09:29 - 00000000 ____D () C:\Users\pestyone\Desktop\mp4
2015-01-03 11:36 - 2015-01-03 11:36 - 00299989 _____ () C:\Users\pestyone\Documents\video  5.odt
2015-01-02 08:19 - 2015-01-02 08:19 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Mariaglorum
2015-01-02 05:09 - 2015-01-12 09:24 - 00000000 ____D () C:\Program Files (x86)\DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked
2015-01-02 01:30 - 2015-01-02 01:30 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\DVDFab
2015-01-01 23:19 - 2015-01-01 23:19 - 00000040 ___SH () C:\ProgramData\.zreglib
2015-01-01 10:17 - 2015-01-01 10:17 - 00738722 _____ () C:\Users\pestyone\Documents\video e.odt
2015-01-01 08:53 - 2015-01-01 08:53 - 00616558 _____ () C:\Users\pestyone\Desktop\Arial  20.odt
2014-12-31 23:53 - 2015-01-01 00:38 - 00000000 ____D () C:\Users\pestyone\Documents\DVDFab
2014-12-31 22:47 - 2014-12-31 22:47 - 00188823 _____ () C:\Users\pestyone\Documents\video d.odt
2014-12-31 10:29 - 2014-12-31 10:29 - 00741922 _____ () C:\Users\pestyone\Documents\video C.odt
2014-12-31 08:36 - 2014-12-31 08:36 - 00000103 _____ () C:\Users\pestyone\Documents\T o y s.txt
2014-12-30 09:34 - 2014-12-30 09:34 - 00312924 _____ () C:\Users\pestyone\Documents\video list d.odt
2014-12-30 02:06 - 2014-12-30 02:06 - 00111190 _____ () C:\Users\pestyone\Documents\Contents 1.odt
2014-12-29 23:07 - 2014-12-29 23:07 - 00082357 _____ () C:\Users\pestyone\Documents\One Week.htm
2014-12-29 23:07 - 2014-12-29 23:07 - 00000000 ____D () C:\Users\pestyone\Documents\One Week_files
2014-12-29 14:57 - 2014-12-29 14:57 - 00026528 _____ (REALiX™) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
2014-12-29 06:24 - 2014-12-29 06:24 - 00311857 _____ () C:\Users\pestyone\Documents\video burned 12-28-14.odt
2014-12-28 20:11 - 2014-12-28 20:11 - 00300682 _____ () C:\Users\pestyone\Documents\Grim story 12-28-14  p count here.odt
2014-12-28 20:03 - 2014-12-28 20:03 - 00300215 _____ () C:\Users\pestyone\Documents\Grim story 12-28-14.odt
2014-12-28 09:50 - 2014-12-28 09:50 - 00000022 _____ () C:\Users\pestyone\Documents\spam email addy.txt
2014-12-28 09:49 - 2014-12-28 09:50 - 00000179 _____ () C:\Users\pestyone\Documents\Kinky toys 12-28-14.txt
2014-12-27 12:46 - 2015-01-11 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub to PDF Converter
2014-12-27 12:46 - 2014-12-27 12:46 - 00000981 _____ () C:\Users\pestyone\Desktop\ePub to PDF Converter.lnk
2014-12-27 12:46 - 2014-12-27 12:46 - 00000000 ____D () C:\Program Files (x86)\ePub to PDF Converter
2014-12-27 12:45 - 2014-12-27 12:46 - 05026902 _____ (DONGSOFT Company, Inc. ) C:\Users\pestyone\Downloads\epubtopdf.exe
2014-12-27 07:01 - 2015-01-11 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-12-27 07:01 - 2014-12-27 07:01 - 00001968 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-12-27 07:01 - 2014-12-27 07:01 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 16:32 - 2014-07-21 20:57 - 00000000 ____D () C:\Users\pestyone\Documents\ConvertXToDVD
2015-01-26 16:25 - 2014-10-07 12:36 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\vlc
2015-01-26 16:21 - 2014-04-12 04:08 - 00001191 _____ () C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
2015-01-26 16:21 - 2014-04-12 04:06 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Vso
2015-01-26 07:26 - 2014-12-17 07:26 - 00000000 ____D () C:\Users\pestyone\AppData\Local\Component
2015-01-26 05:18 - 2011-04-18 18:11 - 02015014 _____ () C:\windows\WindowsUpdate.log
2015-01-26 01:44 - 2013-06-28 21:38 - 00000000 ____D () C:\Users\pestyone\AppData\Local\CrashDumps
2015-01-25 22:38 - 2009-07-13 23:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:38 - 2009-07-13 23:45 - 00022976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 22:33 - 2014-10-23 05:36 - 00002860 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (pestyone)
2015-01-25 22:31 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-24 09:58 - 2014-03-24 00:15 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\dvdcss
2015-01-24 05:45 - 2014-11-22 05:35 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\GetPrivate
2015-01-24 05:45 - 2014-06-30 22:40 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\serv
2015-01-24 05:06 - 2014-03-27 17:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-22 15:47 - 2013-06-28 22:31 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\FileZilla
2015-01-22 09:59 - 2014-05-15 07:53 - 00000000 ____D () C:\Program Files (x86)\RAR Opener
2015-01-20 12:21 - 2014-10-23 05:36 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-19 06:37 - 2014-10-20 03:53 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\DigitalVolcano
2015-01-18 23:10 - 2013-06-28 21:35 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Yahoo!
2015-01-18 23:10 - 2013-06-28 21:34 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-18 23:02 - 2011-11-25 23:10 - 00000000 ____D () C:\Users\pestyone
2015-01-16 09:24 - 2014-12-17 07:31 - 00002112 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-01-16 09:24 - 2014-12-17 01:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 09:24 - 2014-12-17 01:10 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 10:22 - 2013-06-29 11:50 - 00000000 ____D () C:\Users\pestyone\Documents\Calibre Library
2015-01-11 21:25 - 2011-04-18 18:16 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-11 21:25 - 2011-04-18 18:13 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-11 21:25 - 2011-04-18 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-11 21:25 - 2011-04-18 18:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-11 21:24 - 2013-06-30 14:19 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 21:24 - 2013-06-30 14:19 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-11 21:22 - 2011-04-18 18:07 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-01-11 21:20 - 2014-11-03 07:23 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2015-01-11 21:17 - 2014-11-03 07:23 - 00000000 ____D () C:\ProgramData\NCH Software
2015-01-11 21:16 - 2014-11-03 07:23 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-01-11 21:13 - 2014-12-22 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magellan Content Manager
2015-01-11 20:58 - 2014-12-17 02:21 - 00000000 ____D () C:\Users\pestyone\AppData\Roaming\Wise Registry Cleaner
2015-01-11 20:32 - 2013-06-28 21:35 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-11 20:32 - 2013-06-28 21:35 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-11 20:31 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-01-11 07:04 - 2014-07-10 03:35 - 00045491 _____ () C:\Users\pestyone\Documents\Docked return 7-10-14 4 am.odt
2014-12-29 14:58 - 2014-12-17 07:31 - 00003220 _____ () C:\windows\System32\Tasks\Driver Booster Scan
2014-12-29 14:58 - 2014-12-17 07:31 - 00003164 _____ () C:\windows\System32\Tasks\Driver Booster Update
2014-12-29 14:57 - 2014-12-17 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-29 06:31 - 2014-06-27 07:56 - 00047207 _____ () C:\Users\pestyone\Documents\re dock two.odt

==================== Files in the root of some directories =======

2014-03-20 06:53 - 2014-03-20 06:53 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-05-07 22:58 - 2014-05-07 22:58 - 0009008 _____ () C:\Users\pestyone\AppData\Roaming\.freeciv-client-rc-2.4
2014-06-30 22:47 - 2014-06-30 23:00 - 0000314 _____ () C:\Users\pestyone\AppData\Roaming\aps.uninstall.scan.results
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\pestyone\AppData\Roaming\DULE
2014-04-12 04:06 - 2014-05-21 16:15 - 0099384 _____ () C:\Users\pestyone\AppData\Roaming\inst.exe
2014-04-12 04:06 - 2014-05-21 16:15 - 0007859 _____ () C:\Users\pestyone\AppData\Roaming\pcouffin.cat
2014-04-12 04:06 - 2014-05-21 16:15 - 0001167 _____ () C:\Users\pestyone\AppData\Roaming\pcouffin.inf
2014-04-12 04:07 - 2014-05-21 16:15 - 0000034 _____ () C:\Users\pestyone\AppData\Roaming\pcouffin.log
2014-04-12 04:06 - 2014-05-21 16:15 - 0082816 _____ (VSO Software) C:\Users\pestyone\AppData\Roaming\pcouffin.sys
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\pestyone\AppData\Roaming\USWP
2014-04-12 04:08 - 2015-01-26 16:21 - 0001191 _____ () C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
2014-10-09 10:25 - 2014-10-29 22:59 - 0015872 _____ () C:\Users\pestyone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-04 04:55 - 2014-05-04 04:57 - 0000026 _____ () C:\Users\pestyone\AppData\Local\isoworkshop.ini
2014-06-30 22:47 - 2014-06-30 22:47 - 0623696 _____ (Click Me In Limited) C:\Users\pestyone\AppData\Local\nsxC759.tmp
2014-10-19 20:37 - 2014-10-19 20:37 - 0000003 _____ () C:\Users\pestyone\AppData\Local\proxy.log
2014-08-17 08:35 - 2014-08-17 08:36 - 0007606 _____ () C:\Users\pestyone\AppData\Local\Resmon.ResmonCfg
2014-03-27 18:16 - 2014-11-20 00:28 - 0000025 _____ () C:\Users\pestyone\AppData\Local\trueburner.ini
2015-01-01 23:19 - 2015-01-01 23:19 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-12-17 07:51 - 2014-12-17 07:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-25 04:12 - 2014-05-28 09:46 - 0005856 _____ () C:\ProgramData\NanoRepository.bin
2014-03-25 04:12 - 2014-05-22 07:30 - 0005856 _____ () C:\ProgramData\NanoRepository.bin.bak

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-25 06:26

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by pestyone at 2015-01-26 19:04:29
Running from C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CERNH5OC
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

???? ??? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
????? Windows Live (Version: 15.4.3502.0922 - ?????????? ??????????) Hidden
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
???????? ?????????? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
?????????? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
??????????? ?? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BatteryLifeExtender (HKLM\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
BatteryLifeExtender (HKLM-x32\...\{E308B555-8434-4AF8-B66F-729897C75F93}) (Version: 1.0.6 - Samsung)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
calibre (HKLM\...\{8D8C1516-D6D5-41F1-B98B-DCCCF17F8ED2}) (Version: 1.36.0 - Kovid Goyal)
calibre (HKLM-x32\...\{8D8C1516-D6D5-41F1-B98B-DCCCF17F8ED2}) (Version: 1.36.0 - Kovid Goyal)
Call of Duty® 4 - Modern Warfare™ (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)
ConvertXtoDVD 4.2.0.0 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.2.0.0 - )
ConvertXtoDVD 4.2.0.0 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.2.0.0 - )
CyberLink YouCam (Version: 2.0.3911 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked (HKU\S-1-5-21-660230534-9386771-3986129850-1000\...\DVD Fab 8 Qt v8.1.3.8 (Tom_Da_Man) PreCracked) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.15 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Ebook to EPUB PDF AZW Converter 6.0.4 (HKLM\...\{D88F8A2D-E63A-4E59-AC08-23260A97C239}) (Version: 6.0.4 - EPUBSOFT)
Ebook to EPUB PDF AZW Converter 6.0.4 (HKLM-x32\...\{D88F8A2D-E63A-4E59-AC08-23260A97C239}) (Version: 6.0.4 - EPUBSOFT)
EMCO Malware Destroyer 7 (HKLM-x32\...\{0ADE8140-163D-4ED3-97D7-91ED53E76362}_is1) (Version:  - EMCO Software)
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version:  - DONGSOFT Company, Inc.)
ETDWare PS/2-X64 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
European Mystery The Face of Envy Collectors 1.00 (HKLM\...\European Mystery The Face of Envy Collectors 1.00) (Version: 1.00 - Games)
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Fotogalerija Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Interenet Optimizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version:  - BullPoint) <==== ATTENTION
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (Version: 2.8.25.18 - Oracle Corporation) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
LibreOffice 4.3.2.2 (HKLM\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
LibreOffice 4.3.2.2 (HKLM-x32\...\{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}) (Version: 4.3.2.2 - The Document Foundation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.24.27.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - ?????????? ??????????)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.4.10.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Panda Devices Agent (HKLM\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.0.4 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Play Camera (HKLM-x32\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics)
Play Camera (Version: 2.0.0.13 - Samsung Electronics) Hidden
Play Camera (x32 Version: 2.0.0.13 - Samsung Electronics) Hidden
Poczta uslugi Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RAR Opener version 1.0 (HKLM\...\{DFC3E171-965F-4C07-AA42-05F6F5B7380B}_is1) (Version: 1.0 - raropener.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Samsung AnyWeb Print (HKLM\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 1.1.19.0 - Samsung Electronics Co., Ltd.)
Samsung AnyWeb Print (Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung AnyWeb Print (x32 Version: 1.0 - Samsung Electronics Co., Ltd.) Hidden
Samsung Support Center (HKLM\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.01.06.00:16 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Smart Toolbar Remover v2.2 (HKLM-x32\...\Smart Toolbar Remover_is1) (Version: 2.2 - Smart PC Solutions)
Soft4Boost Secure Eraser (HKLM-x32\...\Soft4Boost Secure Eraser_is1) (Version: 2.7.3.175 - Soft4Boost Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden <==== ATTENTION
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden <==== ATTENTION
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.4 - )
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.4 - )
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live ??? (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-660230534-9386771-3986129850-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-01-2015 09:23:45 Driver Booster : Adobe Flash Player ActiveX
19-01-2015 15:41:00 SPTD setup V1.86
26-01-2015 15:49:34 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01D37EA5-6704-41E1-BCE5-58AC1AAF202F} - System32\Tasks\Driver Booster SkipUAC (pestyone) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-12-17] (IObit)
Task: {06A45F69-747D-4078-BE2D-A11BD84354DE} - \EasyBatteryManager No Task File <==== ATTENTION
Task: {10F81BA8-4AAC-4B2E-A1A6-842DD77CEECF} - \{3634D602-37DE-4762-92E4-39897701453E} No Task File <==== ATTENTION
Task: {26D795EA-5309-4425-A1F2-2F5B322554B3} - \{4603685D-1586-4F5F-A373-B88EFC7B7C00} No Task File <==== ATTENTION
Task: {2EBDFAE7-1858-47CD-BD8C-732A81DC7226} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4C51280C-6FC0-4392-8B88-4653C528694B} - \EasySpeedUpManager No Task File <==== ATTENTION
Task: {4D50A3F5-2CBF-49A5-8858-EC73327CA9D2} - \{4EDB573E-C1DF-4838-8F81-9A0A5FABBF1F} No Task File <==== ATTENTION
Task: {62D92155-8224-46EF-9AB7-B0E1E076D36B} - \GPUP No Task File <==== ATTENTION
Task: {66334212-B723-4324-9063-4B825F1E366E} - \SamsungSupportCenter No Task File <==== ATTENTION
Task: {68E21AC2-A9E0-4B54-AB31-2E21FCA2C725} - \SUPBackground No Task File <==== ATTENTION
Task: {8318BD7B-1011-4A05-B2F2-E8C244B82E73} - \LaunchSignup No Task File <==== ATTENTION
Task: {83EFAAE9-66C1-4E87-85A5-F5F60DDA8D5C} - \ATKOSD2 No Task File <==== ATTENTION
Task: {868B14CA-400C-4D74-9393-E99DA7CD984F} - \{BB649798-199D-4D44-95E0-8756789F44DE} No Task File <==== ATTENTION
Task: {88EF7753-72CC-45FE-B6CF-B517C6916EF6} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {8E0FD80E-7A22-41EF-ABF8-6751A43DE6F8} - \BatteryLifeExtender No Task File <==== ATTENTION
Task: {8F1BDFB5-8E24-40AB-883F-9CAA60740349} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update => %LOCALAPPDATA%\Idle_Crawler\Idle-Crawler.exe <==== ATTENTION
Task: {9C446C30-CEFB-4F9D-9C97-49541D48FE0D} - \{C93F746B-5857-4FC0-9F37-7339020567ED} No Task File <==== ATTENTION
Task: {A20150B5-FDAF-4DC4-8D4A-2511034AAC43} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-12-17] (IObit)
Task: {A897A89B-88DB-414E-AEFB-485424472FE6} - System32\Tasks\Component System\Component => C:\Users\pestyone\AppData\Local\Component\com.exe [2014-12-05] ()
Task: {BD4710BC-2358-4E1D-A0C7-24D0F5290488} - \AdobeFlashPlayer-S-2-1-24-198293847112UI No Task File <==== ATTENTION
Task: {D097BDA6-A29D-468D-B5FB-FF3692C0E67E} - \EasyDisplayMgr No Task File <==== ATTENTION
Task: {DA1B4AD6-CFF1-4F9E-8219-C4F24956E91D} - \{781824E9-25EB-465D-AA07-03B06570DF56} No Task File <==== ATTENTION
Task: {E0AB2E1A-5E9B-49A1-93B4-103A69CC5530} - \NSManager_1418845481 No Task File <==== ATTENTION
Task: {FB6D4E1E-35D8-470C-A84A-DF11D2D6D0FA} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {FD1CB382-C56E-4819-85B8-8FDEB9B4B206} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-11-25 23:12 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-21 16:14 - 2012-12-13 12:34 - 09884120 _____ () C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-19 16:11 - 2014-04-04 11:29 - 00371712 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-01-19 16:11 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\startupreg: CmTray => "C:\Users\pestyone\Desktop\New folder\launchCM.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

========================= Accounts: ==========================

Administrator (S-1-5-21-660230534-9386771-3986129850-500 - Administrator - Disabled)
Guest (S-1-5-21-660230534-9386771-3986129850-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-660230534-9386771-3986129850-1002 - Limited - Enabled)
pestyone (S-1-5-21-660230534-9386771-3986129850-1000 - Administrator - Enabled) => C:\Users\pestyone

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR9285 Wireless Network Adapter
Description: Qualcomm Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 04:57:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x31419236
Faulting process id: 0x4658
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/25/2015 04:54:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x39b1ffff
Faulting process id: 0xd24
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (01/26/2015 05:14:50 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (01/26/2015 00:46:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/25/2015 10:31:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/25/2015 10:31:20 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.

Error: (01/25/2015 10:31:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASLDR Service service failed to start due to the following error:
%%3

Error: (01/25/2015 02:57:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/25/2015 03:00:39 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/25/2015 03:00:29 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.

Error: (01/25/2015 03:00:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ASLDR Service service failed to start due to the following error:
%%3

Error: (01/24/2015 07:07:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (01/25/2015 04:57:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63unknown0.0.0.000000000c000000531419236465801d03884f9aaefb9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown8ab46531-a478-11e4-8995-e811329dc68c

Error: (01/25/2015 04:54:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63unknown0.0.0.000000000c000000539b1ffffd2401d038751807897eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown316ab8d7-a478-11e4-8995-e811329dc68c

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/23/2015 05:13:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/23/2015 05:13:22 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 59%
Total physical RAM: 4028.61 MB
Available physical RAM: 1615.78 MB
Total Pagefile: 8055.41 MB
Available Pagefile: 5258.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:113 GB) (Free:35.94 GB) NTFS
Drive d: () (Fixed) (Total:166.5 GB) (Free:124.85 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:399.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 80CD1684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=113 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=166.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=18.5 GB) - (Type=27)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 749E749E)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 



#7 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 January 2015 - 07:36 PM

Ok hows this must run superantispywear later this evening or tomorrow any other ideas ; I assume theirs still crap in the system .

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by pestyone on Mon 01/26/2015 at 19:16:24.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/26/2015 at 19:23:54.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 27 January 2015 - 11:36 AM

Yes, you haven't used the clean button with Adwarecleaner. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 January 2015 - 01:12 PM

Yes I did it only found 1 thing about yahoo should I re do ?

 

Will try malwearbtyes again might get me a log then onto super antispy wear  



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 27 January 2015 - 01:33 PM

Yes.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 January 2015 - 01:40 PM

Ok have the malwearbytes log posting now hope it fixed a lot dang it -

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/27/2015
Scan Time: 1:16:07 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.27.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pestyone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374437
Time Elapsed: 15 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 22
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, , [f0616b8c474290a61b20230e56ad9967],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{39AD0726-986D-40F9-972B-E3BFA24B7745}, , [f0616b8c474290a61b20230e56ad9967],
PUP.Optional.BrowserChampion.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6EF0F0-B46B-4CB2-839C-BBE569FAA859}, , [a7aa4bac1f6a7cba7f3e4ca7d32fa45c],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [153c8b6cb9d067cf8419688c9f637d83],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}, , [ef62dc1b0e7bb6809019fd999a6928d8],
PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\WOW6432NODE\AdvertisingSupport, , [71e0d7202d5c4aec4fe0355025dea45c],
PUP.Optional.BrowserChampion.A, HKLM\SOFTWARE\WOW6432NODE\Browser Champion, , [6ee3c82f2168a69095ca24711be83fc1],
PUP.Optional.MyStart.A, HKLM\SOFTWARE\WOW6432NODE\mystarttb, , [094800f76326f14583e1afe5cb388c74],
PUP.Optional.TelevisionFanatic.A, HKLM\SOFTWARE\WOW6432NODE\TelevisionFanatic, , [1b3624d30f7ae1557c01dea69271a35d],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}, , [2d240fe80a7f9e9875345442df24619f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [7cd50dea06833402b5072969659e5aa6],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [9ab7b245cfba280e71795d2a49bab64a],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, , [6ee37285d7b28fa7e2b547afcb3917e9],
PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, , [87ca19de64250234d2d2b049ec187987],
PUP.Optional.GameHugArcade.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GameHugArcadeApp, , [68e90fe82e5b0d297fab71090003639d],
PUP.Optional.Softonic.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [60f1896ea1e84aec441f047d58abbc44],
PUP.Optional.TelevisionFanatic.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TelevisionFanatic, , [e8691bdcd4b5dc5a3e404f35ec179f61],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [92bf6493daafdf57d2255f9bc73d6e92],
PUP.Optional.ClickNMark.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\click-n-mark, , [55fc74832f5ac274d1329e1736cd41bf],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, , [f45d6b8cec9d47eff05570375da63ac6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [2b2620d74544f73f01d6b809d62d37c9],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [0f42ca2dc3c671c5717a993eea1a20e0],

Registry Values: 4
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ymb, , [7cd50dea06833402b5072969659e5aa6]
PUM.Bad.Proxy, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, , [ada4c82f494041f503a7fb9b887b0df3]
PUM.Bad.Proxy, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, , [0051ca2d56336cca802accca32d125db]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-660230534-9386771-3986129850-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, , [0f42ca2dc3c671c5717a993eea1a20e0]

Registry Data: 4
PUP.Optional.Safesear.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141217-135-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141217-135-ie-sm),,[1d346c8bf7921323ce912088bb4a55ab]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[dc75a4531c6d59dda7dcc1e6b84d7987]
PUP.Optional.Safesear.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141217-135-ie-sm, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://www.safesear.ch/?type=20141217-135-ie-sm),,[8ac7d5224c3dfa3c233c990f7e879f61]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[ea675d9a0d7ce056166d9b0c0bfa817f]

Folders: 23
PUP.Optional.GetPrivateVPN, C:\Users\pestyone\AppData\Roaming\GETPRIVATE, , [a7aac433f79264d22e206625010219e7],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.CrossRider.A, C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\IPLJMGHELFLFIKEJMGKMLMPJMEHFJODC\1.26.15_0, , [3f129562bbcecc6ad85286e956ad4bb5],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007, , [f75a10e7ed9c1026a2c910605aa9748c],
PUP.Optional.MyAppsCloud.A, C:\Users\pestyone\AppData\Roaming\AppCloudUpdater, , [4e036394622784b2be26c2afc53e49b7],
PUP.Optional.MyAppsCloud.A, C:\Users\pestyone\AppData\Roaming\AppCloudUpdater\UpdateProc, , [4e036394622784b2be26c2afc53e49b7],

Files: 135
PUP.Optional.Spigot.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\yahoo_ff.xml, , [62efa453602945f1f37a7ffe659eb54b],
PUP.Optional.Like.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\extensions\JID1-EFRCA0EIPXECTQ@JETPACK.XPI, , [53fe3eb9b4d5cd692382611c32d19a66],
PUP.Optional.Like.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\extensions\JID1-VS7BIDMOM8YXHA@JETPACK.XPI, , [c48da94eb7d23afcc7df9ce1f013e11f],
PUP.Optional.GetPrivateVPN, C:\Users\pestyone\AppData\Roaming\GetPrivate\tasks.dll, , [a7aac433f79264d22e206625010219e7],
PUP.Optional.IdleCrawler, C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle-Crawler Update, , [8ec3a255f891a294b8475f345ea5ad53],
PUP.Optional.Proxy.A, C:\Users\pestyone\AppData\Local\proxy.log, , [272a38bf553448ee93332075bd4604fc],
PUP.Optional.Trovi.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\searchplugins\TROVI-SEARCH.XML, , [c68b61960b7ec27467cbeac0748fd32d],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\Autorun.inf, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\crx.tar, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\GameApps.ini, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\GameConsole.exe, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\GameEngine.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\GLOBALUNINSTALL.TNT, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\hmac.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\iestage2.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\IEToolbar.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\IEToolbar64.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\INSTALL.TNT, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\log.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\MinecraftShims64.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\PARTNER.TNT, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\passport.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\passport64.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\pinnedSearch.htm, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_FindWide.htm, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_Freshy.htm, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\progress.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\regsvr.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\RemoteSkin.wms, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\sqlite.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS64.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\TntMagicDel.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\UnInjLib.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\UnInjLib64.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\UNINSTALL.TNT, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\UninstallDlg.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\untar.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\UPDATE.TNT, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\xpi.tar, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.TidyNetwork.A, C:\Users\pestyone\AppData\Local\TNT2\2.0.0.1895\zipunzip.1.dll, , [f859d522deab96a05c6bce75ef14be42],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.InstallState, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\Newtonsoft.Json.dll, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.config, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\SQLite.Interop.dll, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\System.Data.SQLite.dll, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\win32.reg, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.config, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\backup\System Update kb70007\backup\uninstall.exe, , [cd84639497f2ce6840a13d1605fef50b],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\AUTHORS.txt, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\config.txt, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\default.action, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\default.filter, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\LICENSE.txt, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\match-all.action, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\mgwz.dll, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.exe, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy.log, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\privoxy_uninstall.exe, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\README.txt, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\trust.txt, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.action, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.action_empty, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.filter, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\user.filter_old, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\p_doc.css, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\coding.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\cvs.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\documentation.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\index.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\introduction.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\newrelease.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\testing.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\developer-manual\webserver-update.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\configuration.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\contact.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\copyright.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\general.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\index.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\installation.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\misc.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\faq\trouble.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images\files-in-use.jpg, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\images\proxy_setup.jpg, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\actions-file.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\appendix.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\config.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\configuration.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\contact.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\copyright.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\files-in-use.jpg, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\filter-file.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\index.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\installation.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\introduction.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy2.jpg, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\proxy_setup.jpg, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\p_doc.css, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\quickstart.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\seealso.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\startup.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\templates.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\doc\user-manual\whatsnew.html, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\cgi-style.css, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\connect-failed, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-local-help, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-support-and-service, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-title, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\mod-unstable-warning, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\no-such-domain, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.Privoxy.A, C:\Program Files (x86)\MSR\Privoxy\templates\url-info-osd.xml, , [f25fa057e3a62214f8ea4211956e748c],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\icon.png, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\install.rdf, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\chrome\content\browser.xul, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.ArcadeParlor.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}\skin\style.css, , [77da34c3553464d297807fd8d03320e0],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\msvcp110.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\msvcr110.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\7z.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\CmnUtls.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\InSes.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\NavSupp.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\WblSupp.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\WbSes.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.IdleCrawler, C:\Users\pestyone\AppData\Local\Idle_Crawler\Modules\WdcMan.dll, , [c190dd1afa8f81b5b698511243c0bf41],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\Newtonsoft.Json.dll, , [f75a10e7ed9c1026a2c910605aa9748c],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\SQLite.Interop.dll, , [f75a10e7ed9c1026a2c910605aa9748c],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\System.Data.SQLite.dll, , [f75a10e7ed9c1026a2c910605aa9748c],
PUP.Optional.SystemUpdate.A, C:\Windows\Microsoft\SystemUpdatekb70007\win32.reg, , [f75a10e7ed9c1026a2c910605aa9748c],
PUP.Optional.MyAppsCloud.A, C:\Users\pestyone\AppData\Roaming\AppCloudUpdater\UpdateProc\config.dat, , [4e036394622784b2be26c2afc53e49b7],
PUP.Optional.SafeSear.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.safesear.ch/?type=20141217-135-ff-nt");), ,[70e112e5127761d5ecd241a242c3649c]
PUP.Optional.SafeSear.A, C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.safesear.ch/?type=20141217-135-ff");), ,[f45d8f6876138da9605f34af3dc821df]

Physical Sectors: 0
(No malicious items detected)

(end)



#12 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 January 2015 - 01:44 PM

Ok this is worse after the malwearbytes scan then before you have to be kidding me not removing a thing till I hear back from you

don't need my lap top crashing if the wrong things get removed with my awful bad luck here goes -

 

 

 

# AdwCleaner v4.109 - Report created 27/01/2015 at 13:37:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : pestyone - PESTYONE-PC
# Running from : C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQX5G0EM\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\Users\pestyone\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\user.js
Folder Found : C:\Program Files (x86)\MSR
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\ProgramData\7d1d4a9521a684ba
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\UpdateCommon
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\pestyone\AppData\Local\BlitzMediaPlayer
Folder Found : C:\Users\pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Found : C:\Users\pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Found : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Found : C:\Users\pestyone\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\w@T.co.uk
Folder Found : C:\Users\pestyone\AppData\Roaming\NCH Software
Folder Found : C:\Users\pestyone\AppData\Roaming\serv

***** [ Scheduled Tasks ] *****

Task Found : Driver Booster Scan
Task Found : Driver Booster Update
Task Found : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\SecuredDownload
Key Found : HKCU\Software\TNT2
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\SecuredDownload
Key Found : [x64] HKCU\Software\TNT2
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Email Notifier
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\TBID
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Key Found : [x64] HKLM\SOFTWARE\TBID
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.safesear.ch/web/?type=20141217-135-sshome-ie-df&q={searchTerms}

-\\ Mozilla Firefox v

[t0jy83tu.default] - Line Found : user_pref("browser.search.order.1", "SafeSearch");
[t0jy83tu.default] - Line Found : user_pref("browser.search.selectedEngine", "SafeSearch");
[t0jy83tu.default] - Line Found : user_pref("keyword.url", "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=");

-\\ Google Chrome v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R1].txt - [12349 octets] - [27/01/2015 13:07:18]
AdwCleaner[R2].txt - [9988 octets] - [27/01/2015 13:37:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [10048 octets] ##########



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:05 AM

Posted 27 January 2015 - 01:52 PM

Key Found :

You haven't used the Clean Button. Please reread my instructions. :) The same for MBAM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 January 2015 - 02:12 PM

Malwear was deleted and now your saying its ok to delete all from the other log will do that now  .  .  .   then what



#15 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 January 2015 - 02:24 PM

Ok heres the ADW log looks like MWB removed a bunch before ADW could leaving it looks like leaving only 1 thing for ADW to remove so what what now guessing I am not clean yet might do better  -

 

 

# AdwCleaner v4.109 - Report created 27/01/2015 at 14:17:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : pestyone - PESTYONE-PC
# Running from : C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4159F27\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\UpdateCommon
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\7d1d4a9521a684ba
Folder Deleted : C:\Program Files (x86)\MSR
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\pestyone\AppData\Local\BlitzMediaPlayer
Folder Deleted : C:\Users\pestyone\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\pestyone\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\pestyone\AppData\Roaming\serv
Folder Deleted : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\Extensions\w@T.co.uk
Folder Deleted : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Folder Deleted : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Deleted : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\pestyone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\pestyone\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\pestyone\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipljmghelflfikejmgkmlmpjmehfjodc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
Folder Deleted : C:\Users\pestyone\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mdaehphobnahmjgkidbhhnnfjknmhoag
File Deleted : C:\Users\pestyone\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\Profiles\t0jy83tu.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\pestyone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\pestyone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : [x64] HKLM\SOFTWARE\TBID
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[t0jy83tu.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "SafeSearch");
[t0jy83tu.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SafeSearch");
[t0jy83tu.default\prefs.js] - Line Deleted : user_pref("keyword.url", "hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=");

-\\ Google Chrome v

-\\ Comodo Dragon v

-\\ Chrome Canary v

*************************

AdwCleaner[R1].txt - [12349 octets] - [27/01/2015 13:07:18]
AdwCleaner[R2].txt - [10189 octets] - [27/01/2015 13:37:08]
AdwCleaner[R3].txt - [10251 octets] - [27/01/2015 14:14:31]
AdwCleaner[S0].txt - [10026 octets] - [27/01/2015 14:17:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10087 octets] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users