Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan's & adware


  • This topic is locked This topic is locked
10 replies to this topic

#1 canale

canale

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 08 April 2015 - 07:09 PM

Hello! My girlfriend's computer seems to be loaded with adware and other bothersome programs. Ran a full MBAM/rootkit scan that took over 4 hrs!! attached are the results. Guess my question is what's the next logical step? Thank you for taking time to read this, much appreciated!

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:02 PM

Posted 09 April 2015 - 03:13 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Please post the Malwarebytes Scan log as well. Thank you!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 canale

canale
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 09 April 2015 - 10:44 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 09-04-2015 11:39:09
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Insoft LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
() C:\Users\User\AppData\Local\2C556222-1428275680-2E39-B6FE-2ECE6CEF2262\cnsrCFB7.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Insoft LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\conathst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\User\AppData\Local\2C556222-1428275680-2E39-B6FE-2ECE6CEF2262\ansvCE4E.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2014-11-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WinCheck] => C:\Users\User\AppData\Local\2C556222-1428275669-2E39-B6FE-2ECE6CEF2262\bnshAA9A.exe [182272 2015-04-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-29] (Spotify Ltd)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [1985256 2014-10-07] (Insoft LLC)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.75\OptProLauncher.exe [148008 2015-03-31] ()
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\MountPoints2: G - "G:\setup.exe" 
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\MountPoints2: {904fa716-dbad-11e4-bf51-2c59e5a17156} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [1985256 2014-10-07] (Insoft LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.findwide.com/v/2/?guid={BBB95132-B426-4A10-971C-2E63DC5DCED3}&serpv=6
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-69296176-4156326211-4257001618-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: BetterPrriceChEcu -> {c0bd0d4b-e5a9-428b-90a5-64b79e4c30af} -> C:\ProgramData\BetterPrriceChEcu\eZ7z5jAItFeicE.x64.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-69296176-4156326211-4257001618-1001 -> FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default\user.js [2015-04-05]
FF Extension: YouTube™ Flash® Player - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-04-09]
FF HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6E5C20AC-39EE-4DE5-B4FC-592BD9219EBB&SearchSource=55&CUI=&UM=8&UP=SP3290269C-3061-4936-B4F9-BFD772A175AD&D=040615&SSPV="
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-21]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (CoupScanner) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\degcpipiiggomhhejjdfomnlnakodadc [2014-10-29]
CHR Extension: (Chinese English Dictionary) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eibhgnpocflidkjpcgjafalpiffkpice [2014-07-10]
CHR Extension: (Torrents MD extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlnpobgnjhnmagffpnmadhdeoklolijb [2014-10-28]
CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-01]
CHR Extension: (Extensions new tab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk [2014-09-28]
CHR Extension: (Recycle Bin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfbchidonfnclempkcojlpijhmoalhi [2014-07-10]
CHR Extension: (Cloud Bookmarks in WeChat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnjgaddipkimeheeiodoejgpopaemdk [2014-10-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (FindWide Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liaclfkkakmlabklhhcjenldjpnejbkk [2014-06-19]
CHR Extension: (Todays Schedule in Google Calendar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaaneppndljkmpgdcglnpfagfhjhipc [2014-08-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-10-31]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR Extension: (CinemaPlus-3.2cV05.04) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-04-05]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-13]
CHR Extension: (Second Home) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmemlnpjmfkcddknibchodllhnnidlp [2014-09-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 542bb8ed; c:\Program Files (x86)\Optimizer Pro 3.75\OptProMon.dll [2292264 2015-04-06] ()
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [120040 2014-10-07] (Insoft LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 qybisoly; C:\Users\User\AppData\Local\2C556222-1428275680-2E39-B6FE-2ECE6CEF2262\cnsrCFB7.tmp [141312 2015-04-05] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-11-04] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 DeskScapes8; C:\Users\User\Desktop\ds8srv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [60408 2014-07-28] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-24] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-05] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-13] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141230.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141230.001\ENG64.SYS [129752 2014-12-12] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141230.001\EX64.SYS [2137304 2014-12-12] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 11:39 - 2015-04-09 11:39 - 00024212 _____ () C:\Users\User\Downloads\FRST.txt
2015-04-09 11:38 - 2015-04-09 11:39 - 00000000 ____D () C:\FRST
2015-04-09 11:38 - 2015-04-09 11:38 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-04-09 11:37 - 2015-04-09 11:37 - 01135104 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-04-08 19:52 - 2015-04-08 19:52 - 00029037 _____ () C:\Users\User\Desktop\mbam2.txt
2015-04-08 14:54 - 2015-04-08 14:54 - 00298256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 05:29 - 2015-04-08 05:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Compete
2015-04-08 05:27 - 2015-04-08 05:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Eppink
2015-04-08 05:27 - 2015-04-08 05:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\2C556222-1428485249-2E39-B6FE-2ECE6CEF2262
2015-04-06 04:56 - 2015-04-06 05:05 - 00000000 ____D () C:\ProgramData\NetEngine
2015-04-06 02:28 - 2015-04-06 02:28 - 00004010 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-04-06 02:28 - 2015-04-06 02:28 - 00001969 _____ () C:\Users\User\Desktop\Sync Folder.lnk
2015-04-06 01:53 - 2015-04-06 01:53 - 00000000 ____D () C:\ProgramData\Origin
2015-04-06 01:23 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-06 01:21 - 2015-04-06 01:21 - 00001179 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2015-04-06 00:53 - 2015-04-06 00:53 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsi3C0B.tmp
2015-04-06 00:52 - 2015-04-08 21:17 - 00003248 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-04-06 00:52 - 2015-04-06 00:52 - 00000000 ____D () C:\Users\User\Documents\Optimizer Pro
2015-04-06 00:52 - 2015-04-06 00:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Optimizer Pro
2015-04-06 00:52 - 2015-04-06 00:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-06 00:52 - 2015-04-06 00:52 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.75
2015-04-06 00:51 - 2015-04-07 15:04 - 00000000 ____D () C:\ProgramData\gDsNyIUkr
2015-04-06 00:50 - 2015-04-06 02:42 - 00000000 ____D () C:\Program Files (x86)\The Sims 4
2015-04-06 00:44 - 2015-04-06 00:44 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsf1F11.tmp
2015-04-06 00:27 - 2015-04-06 00:27 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 00:22 - 2015-04-06 00:22 - 00628688 _____ (CMI Limited) C:\Users\User\AppData\Local\nsp3B86.tmp
2015-04-05 23:28 - 2015-04-06 05:05 - 00000000 ____D () C:\Program Files (x86)\f44af668-5571-4efa-be58-5e112b516bdb
2015-04-05 23:27 - 2015-04-09 11:34 - 00001348 _____ () C:\Windows\Tasks\GHCTS.job
2015-04-05 23:27 - 2015-04-06 05:06 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-05 23:27 - 2015-04-05 23:28 - 00004350 _____ () C:\Windows\System32\Tasks\GHCTS
2015-04-05 23:27 - 2015-04-05 23:27 - 00000000 ____D () C:\Users\User\AppData\Local\globalUpdate
2015-04-05 23:26 - 2015-04-05 23:27 - 00000000 ____D () C:\Users\User\AppData\Local\2C556222-1428276407-2E39-B6FE-2ECE6CEF2262
2015-04-05 23:26 - 2015-04-05 23:26 - 00003552 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-05 23:25 - 2015-04-05 23:25 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-05 23:24 - 2015-04-05 23:24 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-05 23:14 - 2015-04-05 23:14 - 00000000 ____D () C:\Users\User\AppData\Local\2C556222-1428275680-2E39-B6FE-2ECE6CEF2262
2015-04-05 23:14 - 2015-04-05 23:14 - 00000000 ____D () C:\Users\User\AppData\Local\2C556222-1428275669-2E39-B6FE-2ECE6CEF2262
2015-04-05 23:11 - 2015-04-05 23:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-04-05 23:11 - 2015-04-05 23:11 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-05 23:11 - 2015-04-05 23:11 - 00001743 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-04-05 23:11 - 2015-04-05 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-04-05 23:10 - 2015-04-05 23:11 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-04-05 23:10 - 2015-04-05 23:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-05 15:35 - 2015-04-06 02:51 - 00000000 ____D () C:\Users\User\Desktop\The.Sims.4-RELOADED[rarbg]
2015-04-05 15:33 - 2015-04-05 15:33 - 01709792 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller.exe
2015-04-05 15:32 - 2015-04-05 15:32 - 00000869 _____ () C:\Users\User\Desktop\BitTorrent.lnk
2015-04-05 15:31 - 2015-04-06 01:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2015-04-05 15:31 - 2015-04-05 15:31 - 01743960 _____ (BitTorrent Inc.) C:\Users\User\Downloads\BitTorrent.exe
2015-04-05 13:39 - 2015-04-05 13:39 - 00805144 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 768507 (1).crdownload
2015-04-04 09:08 - 2015-04-04 09:08 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 456078.crdownload
2015-04-02 12:28 - 2015-04-02 12:28 - 00000379 _____ () C:\Users\User\Downloads\ias (1)
2015-04-01 04:32 - 2015-04-01 04:32 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 962780.crdownload
2015-04-01 04:31 - 2015-04-01 04:32 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 77552.crdownload
2015-04-01 04:31 - 2015-04-01 04:31 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 609894.crdownload
2015-04-01 04:31 - 2015-04-01 04:31 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 304776.crdownload
2015-04-01 01:35 - 2015-04-01 01:35 - 00000379 _____ () C:\Users\User\Downloads\ias
2015-03-31 19:32 - 2015-03-31 19:33 - 00009396 _____ () C:\Users\User\Documents\dreary.odt
2015-03-29 04:33 - 2015-03-29 04:33 - 00801416 _____ (Installer Web software ) C:\Users\User\Downloads\Unconfirmed 359651.crdownload
2015-03-29 04:32 - 2015-03-29 04:33 - 00801416 _____ (Installer Web software ) C:\Users\User\Downloads\Unconfirmed 390429.crdownload
2015-03-28 21:31 - 2015-03-28 21:31 - 00001156 _____ () C:\Users\User\Desktop\swriter - Shortcut.lnk
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\User\AppData\Roaming\GHCTS
2015-03-26 01:03 - 2015-03-26 01:03 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-03-23 06:54 - 2015-03-23 06:54 - 01429680 _____ () C:\Users\User\Downloads\Unconfirmed 894831.crdownload
2015-03-18 13:38 - 2015-03-18 13:38 - 09781483 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 76845.crdownload
2015-03-15 03:14 - 2015-03-15 03:17 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 921793.crdownload
2015-03-15 03:14 - 2015-03-15 03:15 - 00985840 _____ (Installer Setup) C:\Users\User\Downloads\Unconfirmed 970747.crdownload
2015-03-15 03:14 - 2015-03-15 03:14 - 00733872 _____ () C:\Users\User\Downloads\Unconfirmed 247392.crdownload
2015-03-15 03:13 - 2015-03-15 03:13 - 00733872 _____ () C:\Users\User\Downloads\Unconfirmed 394124.crdownload
2015-03-15 03:13 - 2015-03-15 03:13 - 00733872 _____ () C:\Users\User\Downloads\Unconfirmed 27313.crdownload
2015-03-13 21:27 - 2015-03-13 21:27 - 00777992 _____ (Internet ) C:\Users\User\Downloads\Unconfirmed 68934.crdownload
2015-03-13 21:26 - 2015-03-13 21:26 - 00796720 _____ (Installer Soft Prog ) C:\Users\User\Downloads\Unconfirmed 324405.crdownload
2015-03-13 20:53 - 2015-03-13 20:53 - 00796720 _____ (Installer Soft Prog ) C:\Users\User\Downloads\Unconfirmed 621413.crdownload
2015-03-13 19:50 - 2015-03-13 19:50 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 840118.crdownload
2015-03-13 19:49 - 2015-03-13 19:49 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 696206.crdownload
2015-03-13 19:49 - 2015-03-13 19:49 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 583336.crdownload
2015-03-13 19:48 - 2015-03-13 19:48 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 614768.crdownload
2015-03-13 19:34 - 2015-03-13 19:34 - 01439096 _____ () C:\Users\User\Downloads\Unconfirmed 821949.crdownload
2015-03-13 19:00 - 2015-03-13 19:03 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 476699.crdownload
2015-03-13 18:59 - 2015-03-13 19:00 - 03861439 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 96524.crdownload
2015-03-13 18:59 - 2015-03-13 19:00 - 01962821 _____ () C:\Users\User\Downloads\CBFOX012015CELEB_done.mp4
2015-03-13 18:51 - 2015-02-12 19:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-13 17:04 - 2015-03-13 17:06 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 830497.crdownload
2015-03-13 17:03 - 2015-02-23 06:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 17:03 - 2015-02-23 06:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 17:03 - 2015-02-23 06:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 17:03 - 2015-02-23 06:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 17:03 - 2015-02-23 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 17:03 - 2015-02-23 05:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-13 17:03 - 2015-02-23 04:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 17:03 - 2015-02-21 01:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 17:03 - 2015-02-21 01:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 17:03 - 2015-02-21 01:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 17:03 - 2015-02-21 01:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-13 17:03 - 2015-02-21 01:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 17:03 - 2015-02-21 01:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 17:03 - 2015-02-21 01:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 17:03 - 2015-02-21 01:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 17:03 - 2015-02-21 01:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-13 17:03 - 2015-02-21 00:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 17:03 - 2015-02-20 23:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-13 17:03 - 2015-01-29 04:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 17:03 - 2015-01-24 02:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 17:03 - 2015-01-24 01:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 17:02 - 2015-03-06 03:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-13 17:02 - 2015-03-06 03:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 17:02 - 2015-03-06 01:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-13 17:02 - 2015-03-06 01:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 17:02 - 2015-02-02 19:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 17:01 - 2015-02-17 02:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 17:01 - 2015-02-17 01:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 17:01 - 2015-01-29 04:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 17:01 - 2015-01-29 02:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 17:01 - 2015-01-24 02:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 17:01 - 2015-01-24 01:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 16:59 - 2015-02-20 09:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 16:59 - 2015-02-20 07:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 16:59 - 2015-02-20 04:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 16:59 - 2015-02-20 03:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 16:53 - 2015-01-24 00:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 16:53 - 2015-01-20 02:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 16:53 - 2015-01-20 01:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 16:34 - 2015-02-26 00:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 22:14 - 2015-03-12 22:14 - 00008661 _____ () C:\Users\User\Documents\mindsoul.odt
2015-03-12 22:14 - 2015-03-12 22:14 - 00008204 _____ () C:\Users\User\Documents\casino.odt
2015-03-10 03:44 - 2015-03-10 03:46 - 01899748 _____ () C:\Users\User\Downloads\CBFLASH010815CELEBIFIED_done.mp4
2015-03-10 03:35 - 2015-03-10 03:35 - 00924847 _____ () C:\Users\User\Downloads\Unconfirmed 797149.crdownload
2015-03-10 03:30 - 2015-03-10 03:35 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 207741.crdownload
2015-03-10 03:19 - 2015-03-10 03:20 - 00965242 _____ () C:\Users\User\Downloads\Unconfirmed 985505.crdownload
2015-03-10 03:16 - 2015-03-10 03:16 - 00001051 _____ () C:\Users\User\Downloads\Download-setup.website
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 11:39 - 2014-06-13 15:14 - 01284322 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 11:36 - 2014-06-26 18:33 - 00000000 ____D () C:\ProgramData\Adguard
2015-04-09 11:35 - 2015-02-22 22:22 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 11:35 - 2014-06-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Adguard
2015-04-09 11:34 - 2012-08-03 18:23 - 00908774 _____ () C:\Windows\PFRO.log
2015-04-09 11:34 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 02:06 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2015-04-08 21:18 - 2014-12-12 14:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 19:56 - 2014-07-09 15:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 19:27 - 2015-02-22 22:22 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 15:38 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2015-04-08 15:27 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-08 14:50 - 2014-07-30 19:18 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job
2015-04-08 13:09 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Globalization
2015-04-07 21:30 - 2014-11-20 04:29 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-04-07 15:04 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AppCompat
2015-04-06 05:05 - 2014-12-15 18:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-06 01:47 - 2015-02-10 17:50 - 00124928 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-04-06 01:23 - 2014-06-26 18:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 23:28 - 2012-07-26 03:21 - 00576475 _____ () C:\Windows\setupact.log
2015-04-02 12:56 - 2015-02-22 22:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 12:14 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-02 12:10 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-28 21:17 - 2014-02-24 20:51 - 00000000 ____D () C:\Users\User\Documents\Worthy Fanfics
2015-03-28 21:07 - 2014-06-13 17:04 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-69296176-4156326211-4257001618-1001
2015-03-26 03:07 - 2014-06-14 16:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-26 03:00 - 2014-06-14 16:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-26 00:48 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-26 00:45 - 2014-10-31 15:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-03-26 00:45 - 2014-10-31 15:57 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-03-26 00:45 - 2013-04-03 05:17 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-26 00:45 - 2013-04-03 05:16 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-03-24 12:48 - 2014-07-08 11:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-23 21:45 - 2014-10-22 20:24 - 00025132 _____ () C:\Users\User\Documents\Weather.odt
2015-03-19 12:51 - 2012-07-26 03:28 - 00941178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 22:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
 
==================== Files in the root of some directories =======
 
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\User\AppData\Roaming\GHCTS
2015-04-06 00:44 - 2015-04-06 00:44 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsf1F11.tmp
2015-04-06 00:53 - 2015-04-06 00:53 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsi3C0B.tmp
2015-04-06 00:22 - 2015-04-06 00:22 - 0628688 _____ (CMI Limited) C:\Users\User\AppData\Local\nsp3B86.tmp
2014-06-26 18:34 - 2014-06-26 18:34 - 0000281 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\2370.exe
C:\Users\User\AppData\Local\Temp\3413A47A-FE79-534A-D203-99D54E849C01.exe
C:\Users\User\AppData\Local\Temp\81466F03-D0F7-23B0-81D6-DF67B6CE38F8.dll
C:\Users\User\AppData\Local\Temp\81466F03-D0F7-23B0-81D6-DF67B6CE38F8.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\compete.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\Extract.exe
C:\Users\User\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\User\AppData\Local\Temp\jue9051.exe
C:\Users\User\AppData\Local\Temp\OnlineBackup.exe
C:\Users\User\AppData\Local\Temp\setup.exe
C:\Users\User\AppData\Local\Temp\SP58460.exe
C:\Users\User\AppData\Local\Temp\SP59202.exe
C:\Users\User\AppData\Local\Temp\SP59708.exe
C:\Users\User\AppData\Local\Temp\SP59927.exe
C:\Users\User\AppData\Local\Temp\SP61277.exe
C:\Users\User\AppData\Local\Temp\SP61565.exe
C:\Users\User\AppData\Local\Temp\SP62310.exe
C:\Users\User\AppData\Local\Temp\SP62364.exe
C:\Users\User\AppData\Local\Temp\SP63599.exe
C:\Users\User\AppData\Local\Temp\SP63752.exe
C:\Users\User\AppData\Local\Temp\sp64126.exe
C:\Users\User\AppData\Local\Temp\SP65793.exe
C:\Users\User\AppData\Local\Temp\SP66089.exe
C:\Users\User\AppData\Local\Temp\SP69401.exe
C:\Users\User\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\User\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-03 03:03
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by User at 2015-04-09 11:41:28
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adguard (HKLM-x32\...\{8b71e75a-9529-4f42-8867-d6f336b84bc9}) (Version: 5.9.1081.5529 - Insoft LLC)
Adguard (x32 Version: 5.10.1167.5997 - Insoft LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\BitTorrent) (Version: 7.9.2.39745 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Cache Switch (HKLM-x32\...\igsc) (Version: 1.0.0.0 - Cache Switch)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.5 - Ashisoft)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Eppink (HKLM-x32\...\Eppink) (Version: 1.0.0.0 - Eppink)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Idle Crawler (HKLM-x32\...\66DBF94F-B134-DF4C-8905-68845218CDDC) (Version: 133.0.0.477 - OVERTON GLOBAL LLP) <==== ATTENTION
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Live Instruction (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Live Instruction)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
mstasker (HKLM-x32\...\{6DC792DB-FE40-4BA2-942A-EA74122C8EE2}) (Version: 1.0.0 - Default Company Name)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
RoyalShopperAPp (HKLM-x32\...\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}) (Version:  - "") <==== ATTENTION
Spotify (HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Square Bracket Close (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - Square Bracket Close) <==== ATTENTION
Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.20 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yula (HKLM\...\Yula) (Version: 2014.06.19.181057 - Yula) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-69296176-4156326211-4257001618-1001_Classes\CLSID\{A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E}\InprocServer32 -> C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
 
==================== Restore Points  =========================
 
08-04-2015 03:38:23 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2242DEBF-A38A-428E-8561-ABC4E70E55B3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {2B037DEE-3750-46B1-A39B-F9F8E5C7CB14} - \Microsoft\Windows\Maintenance\Advanced IC Updating No Task File <==== ATTENTION
Task: {319D0AAE-B534-4ADF-9966-0B3694BBDD7B} - \Special IC Runner No Task File <==== ATTENTION
Task: {473FB6A6-4272-45CB-BC58-6CE2DAA182A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4AA6C482-DE6A-4854-A90B-0A232402DB34} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {544758D0-AC3C-4E78-8874-A94984D22A40} - \gtaUpt No Task File <==== ATTENTION
Task: {6DFB1008-E56F-4360-8F25-BF99939023F8} - System32\Tasks\GHCTS => C:\Users\User\AppData\Roaming\GHCTS.exe <==== ATTENTION
Task: {750A6F62-674C-4761-A417-F198BB0F63CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {76B29B4E-4AEB-439D-A70B-8D4083A218D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {78B10CE3-77EF-4352-A307-EEC1B4F47659} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: {8D73882F-0232-4322-8D96-4208A1F5AC12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {91718F4C-9F9F-4943-9F1B-59843604EDE7} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.75\OptProLauncher.exe [2015-03-31] () <==== ATTENTION
Task: {98B11C2C-1393-4CEC-8A69-6626C961985B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9A060DC5-E046-48DF-AA7E-4073E33E952B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {9F7D3F23-8B0F-40FA-BF0E-C1FCF585AC34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {9FF577F4-DCF8-4002-A753-2E1B7029C4F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A70DC245-2EAD-40CA-B8C7-4C3FAB58BF11} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {BEE27949-7CC9-46EF-9ED8-EC495F271C32} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {C497F129-10AB-4304-99BF-58B3006198B1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {C578292E-FA2E-4285-A05D-CA87637C1822} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C7D50C1C-12CA-4A5D-9E73-52659430A231} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D18D5FF8-474E-4A73-AB35-AE14B0CAC812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {D7A889A9-B517-411D-9B53-F76D843B28B5} - \avaavaxvyy No Task File <==== ATTENTION
Task: {DA296E86-FFF3-43DD-82B3-1EA74A066F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F07E0FA4-5ECF-4CFD-84FE-5F53FC661EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {F2E5FC72-982A-46DE-9FD1-73AA345E07E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-26] (Microsoft Corporation)
Task: {F3745A81-AB66-46A9-A0E3-BD684040E186} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GHCTS.job => C:\Users\User\AppData\Roaming\GHCTS.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-05 23:14 - 2015-04-05 23:14 - 00141312 _____ () C:\Users\User\AppData\Local\2C556222-1428275680-2E39-B6FE-2ECE6CEF2262\cnsrCFB7.tmp
2012-08-08 16:17 - 2012-08-08 16:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-05 19:17 - 2015-04-05 19:17 - 02799616 _____ () C:\Users\User\AppData\Local\2C556222-1428275680-2E39-B6FE-2ECE6CEF2262\ansvCE4E.exe
2015-04-06 00:52 - 2015-04-06 00:52 - 02292264 _____ () c:\Program Files (x86)\Optimizer Pro 3.75\OptProMon.dll
2014-06-24 00:29 - 2014-06-24 00:29 - 01230568 _____ () C:\Program Files (x86)\Adguard\ProtocolFilters.DLL
2014-06-24 00:29 - 2014-06-24 00:29 - 00104168 _____ () C:\Program Files (x86)\Adguard\nfapi.DLL
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2014-09-11 00:21 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-03 04:49 - 2012-06-26 05:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-69296176-4156326211-4257001618-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-69296176-4156326211-4257001618-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-69296176-4156326211-4257001618-1003 - Limited - Enabled)
User (S-1-5-21-69296176-4156326211-4257001618-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2015 11:38:18 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:38:18 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:37:38 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:37:38 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:36:52 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 11:36:52 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
 
System errors:
=============
Error: (04/09/2015 11:38:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:38:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:37:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:37:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:37:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:37:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:37:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:37:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:36:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 11:36:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2015 11:38:18 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:38:18 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:37:38 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:37:38 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:37:16 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:36:52 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 11:36:52 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B980 @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 3983.27 MB
Available physical RAM: 1311.86 MB
Total Pagefile: 6159.27 MB
Available Pagefile: 3099.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.51 GB) (Free:293.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.48 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (The Sims 4) (CDROM) (Total:8.8 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 

 

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:02 PM

Posted 09 April 2015 - 10:50 AM

Hi there,

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Buzzdock
    Consumer Input Update Helper
    Idle Crawler
    Optimizer Pro v3.2
    RoyalShopperAPp
    Square Bracket Close
    Yula
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.(NEW VERSION)
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 canale

canale
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 09 April 2015 - 11:34 AM

# AdwCleaner v4.201 - Logfile created 09/04/2015 at 12:29:36
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8  (x64)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner_4.201 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NetEngine
Folder Deleted : C:\ProgramData\a730aab800002c3e
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Yula
Folder Deleted : C:\Users\User\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\User\AppData\Local\Temp\Yula
Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
Folder Deleted : C:\Users\User\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnjgaddipkimeheeiodoejgpopaemdk
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\degcpipiiggomhhejjdfomnlnakodadc
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kcnjgaddipkimeheeiodoejgpopaemdk_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kcnjgaddipkimeheeiodoejgpopaemdk_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Users\User\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\User\Desktop\Sync Folder.lnk
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default\user.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : APSnotifierPP2
Task Deleted : gtaUpt
Task Deleted : LaunchSignup
Task Deleted : SmartWeb Upgrade Trigger Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Key Deleted : HKLM\SOFTWARE\b78f8729-7485-0960-3b67-e1fa18e4e0b8
Key Deleted : HKLM\SOFTWARE\db694f43-75e1-4ce3-8d2e-fe7b0930c478
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\IGS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\igsc
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17267
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : kcnjgaddipkimeheeiodoejgpopaemdk
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : papbadoldddalgcjcicnikcfenodpghp
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : degcpipiiggomhhejjdfomnlnakodadc
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6E5C20AC-39EE-4DE5-B4FC-592BD9219EBB&SearchSource=55&CUI=&UM=8&UP=SP3290269C-3061-4936-B4F9-BFD772A175AD&D=040615&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [10737 bytes] - [09/04/2015 12:15:31]
AdwCleaner[R1].txt - [10801 bytes] - [09/04/2015 12:29:02]
AdwCleaner[S0].txt - [10438 bytes] - [09/04/2015 12:29:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10498  bytes] ##########


#6 canale

canale
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 09 April 2015 - 12:15 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/9/2015
Scan Time: 12:38:25 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.09.06
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: User
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398228
Time Elapsed: 35 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 canale

canale
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 09 April 2015 - 12:19 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 09-04-2015 13:17:40
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available profiles: User & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Insoft LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Insoft LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\User\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2014-11-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-29] (Spotify Ltd)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [1985256 2014-10-07] (Insoft LLC)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [Power2GoExpress8] => [X]
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\MountPoints2: G - "G:\setup.exe" 
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\MountPoints2: {904fa716-dbad-11e4-bf51-2c59e5a17156} - "F:\setup.exe" 
HKU\S-1-5-18\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [1985256 2014-10-07] (Insoft LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.findwide.com/v/2/?guid={BBB95132-B426-4A10-971C-2E63DC5DCED3}&serpv=6
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-69296176-4156326211-4257001618-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: BetterPrriceChEcu -> {c0bd0d4b-e5a9-428b-90a5-64b79e4c30af} -> C:\ProgramData\BetterPrriceChEcu\eZ7z5jAItFeicE.x64.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-69296176-4156326211-4257001618-1001 -> FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Extension: YouTube™ Flash® Player - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tjmcaysw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-04-09]
FF HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-13]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-13]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-13]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-13]
CHR Extension: (Norton Identity Safe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (FindWide Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liaclfkkakmlabklhhcjenldjpnejbkk [2014-06-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [120040 2014-10-07] (Insoft LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-11-04] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 DeskScapes8; C:\Users\User\Desktop\ds8srv.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworktdi; C:\Windows\System32\drivers\adgnetworktdi.sys [60408 2014-07-28] ()
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-24] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-05] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-13] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141230.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141230.001\ENG64.SYS [129752 2014-12-12] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141230.001\EX64.SYS [2137304 2014-12-12] (Symantec Corporation)
U0 obid; C:\Windows\System32\drivers\aaols.sys [79064 2015-04-09] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-31] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 13:17 - 2015-04-09 13:17 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe
2015-04-09 13:14 - 2015-04-09 13:14 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\aaols.sys
2015-04-09 12:48 - 2015-04-09 12:48 - 00000000 ____D () C:\ProgramData\Update2343200959509
2015-04-09 12:34 - 2015-04-09 12:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-09 12:28 - 2015-04-09 12:28 - 02217984 _____ () C:\Users\User\Downloads\adwcleaner_4.201 (1).exe
2015-04-09 12:15 - 2015-04-09 12:29 - 00000000 ____D () C:\AdwCleaner
2015-04-09 12:13 - 2015-04-09 12:13 - 02217984 _____ () C:\Users\User\Downloads\adwcleaner_4.201.exe
2015-04-09 11:54 - 2015-04-09 11:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup.exe
2015-04-09 11:54 - 2015-04-09 11:54 - 00001264 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-04-09 11:54 - 2015-04-09 11:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-09 11:41 - 2015-04-09 11:42 - 00028523 _____ () C:\Users\User\Downloads\Addition.txt
2015-04-09 11:39 - 2015-04-09 13:18 - 00020624 _____ () C:\Users\User\Downloads\FRST.txt
2015-04-09 11:38 - 2015-04-09 13:17 - 00000000 ____D () C:\FRST
2015-04-09 11:38 - 2015-04-09 11:38 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-04-09 11:37 - 2015-04-09 11:37 - 01135104 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-04-08 19:52 - 2015-04-08 19:52 - 00029037 _____ () C:\Users\User\Desktop\mbam2.txt
2015-04-08 14:54 - 2015-04-08 14:54 - 00298256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 05:27 - 2015-04-08 05:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Eppink
2015-04-06 01:53 - 2015-04-06 01:53 - 00000000 ____D () C:\ProgramData\Origin
2015-04-06 01:23 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-04-06 01:21 - 2015-04-06 01:21 - 00001179 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2015-04-06 00:53 - 2015-04-06 00:53 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsi3C0B.tmp
2015-04-06 00:52 - 2015-04-06 00:52 - 00000000 ____D () C:\Users\User\Documents\Optimizer Pro
2015-04-06 00:51 - 2015-04-07 15:04 - 00000000 ____D () C:\ProgramData\gDsNyIUkr
2015-04-06 00:50 - 2015-04-06 02:42 - 00000000 ____D () C:\Program Files (x86)\The Sims 4
2015-04-06 00:44 - 2015-04-06 00:44 - 00613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsf1F11.tmp
2015-04-06 00:27 - 2015-04-06 00:27 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 00:22 - 2015-04-06 00:22 - 00628688 _____ (CMI Limited) C:\Users\User\AppData\Local\nsp3B86.tmp
2015-04-05 23:28 - 2015-04-06 05:05 - 00000000 ____D () C:\Program Files (x86)\f44af668-5571-4efa-be58-5e112b516bdb
2015-04-05 23:27 - 2015-04-09 12:31 - 00001348 _____ () C:\Windows\Tasks\GHCTS.job
2015-04-05 23:27 - 2015-04-05 23:28 - 00004350 _____ () C:\Windows\System32\Tasks\GHCTS
2015-04-05 23:26 - 2015-04-05 23:26 - 00003552 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-05 23:25 - 2015-04-09 13:14 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-05 23:24 - 2015-04-05 23:24 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-05 23:14 - 2015-04-05 23:14 - 00000000 ____D () C:\Users\User\AppData\Local\2C556222-1428275669-2E39-B6FE-2ECE6CEF2262
2015-04-05 23:11 - 2015-04-05 23:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2015-04-05 23:11 - 2015-04-05 23:11 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-05 23:11 - 2015-04-05 23:11 - 00001743 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-04-05 23:11 - 2015-04-05 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-04-05 23:10 - 2015-04-05 23:11 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-04-05 23:10 - 2015-04-05 23:10 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-04-05 15:35 - 2015-04-06 02:51 - 00000000 ____D () C:\Users\User\Desktop\The.Sims.4-RELOADED[rarbg]
2015-04-05 15:33 - 2015-04-05 15:33 - 01709792 _____ (Disc Soft Ltd.) C:\Users\User\Downloads\DTLiteInstaller.exe
2015-04-05 15:32 - 2015-04-05 15:32 - 00000869 _____ () C:\Users\User\Desktop\BitTorrent.lnk
2015-04-05 15:31 - 2015-04-06 01:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2015-04-05 15:31 - 2015-04-05 15:31 - 01743960 _____ (BitTorrent Inc.) C:\Users\User\Downloads\BitTorrent.exe
2015-04-05 13:39 - 2015-04-05 13:39 - 00805144 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 768507 (1).crdownload
2015-04-04 09:08 - 2015-04-04 09:08 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 456078.crdownload
2015-04-02 12:28 - 2015-04-02 12:28 - 00000379 _____ () C:\Users\User\Downloads\ias (1)
2015-04-01 04:32 - 2015-04-01 04:32 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 962780.crdownload
2015-04-01 04:31 - 2015-04-01 04:32 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 77552.crdownload
2015-04-01 04:31 - 2015-04-01 04:31 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 609894.crdownload
2015-04-01 04:31 - 2015-04-01 04:31 - 00458272 _____ (InstallerTech Corp) C:\Users\User\Downloads\Unconfirmed 304776.crdownload
2015-04-01 01:35 - 2015-04-01 01:35 - 00000379 _____ () C:\Users\User\Downloads\ias
2015-03-31 19:32 - 2015-03-31 19:33 - 00009396 _____ () C:\Users\User\Documents\dreary.odt
2015-03-29 04:33 - 2015-03-29 04:33 - 00801416 _____ (Installer Web software ) C:\Users\User\Downloads\Unconfirmed 359651.crdownload
2015-03-29 04:32 - 2015-03-29 04:33 - 00801416 _____ (Installer Web software ) C:\Users\User\Downloads\Unconfirmed 390429.crdownload
2015-03-28 21:31 - 2015-03-28 21:31 - 00001156 _____ () C:\Users\User\Desktop\swriter - Shortcut.lnk
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\User\AppData\Roaming\GHCTS
2015-03-26 01:03 - 2015-03-26 01:03 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-03-23 06:54 - 2015-03-23 06:54 - 01429680 _____ () C:\Users\User\Downloads\Unconfirmed 894831.crdownload
2015-03-18 13:38 - 2015-03-18 13:38 - 09781483 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 76845.crdownload
2015-03-15 03:14 - 2015-03-15 03:17 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 921793.crdownload
2015-03-15 03:14 - 2015-03-15 03:15 - 00985840 _____ (Installer Setup) C:\Users\User\Downloads\Unconfirmed 970747.crdownload
2015-03-13 21:27 - 2015-03-13 21:27 - 00777992 _____ (Internet ) C:\Users\User\Downloads\Unconfirmed 68934.crdownload
2015-03-13 21:26 - 2015-03-13 21:26 - 00796720 _____ (Installer Soft Prog ) C:\Users\User\Downloads\Unconfirmed 324405.crdownload
2015-03-13 20:53 - 2015-03-13 20:53 - 00796720 _____ (Installer Soft Prog ) C:\Users\User\Downloads\Unconfirmed 621413.crdownload
2015-03-13 19:50 - 2015-03-13 19:50 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 840118.crdownload
2015-03-13 19:49 - 2015-03-13 19:49 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 696206.crdownload
2015-03-13 19:49 - 2015-03-13 19:49 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 583336.crdownload
2015-03-13 19:48 - 2015-03-13 19:48 - 00798024 _____ (Program ) C:\Users\User\Downloads\Unconfirmed 614768.crdownload
2015-03-13 19:34 - 2015-03-13 19:34 - 01439096 _____ () C:\Users\User\Downloads\Unconfirmed 821949.crdownload
2015-03-13 19:00 - 2015-03-13 19:03 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 476699.crdownload
2015-03-13 18:59 - 2015-03-13 19:00 - 03861439 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 96524.crdownload
2015-03-13 18:59 - 2015-03-13 19:00 - 01962821 _____ () C:\Users\User\Downloads\CBFOX012015CELEB_done.mp4
2015-03-13 18:51 - 2015-02-12 19:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-13 17:04 - 2015-03-13 17:06 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 830497.crdownload
2015-03-13 17:03 - 2015-02-23 06:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-13 17:03 - 2015-02-23 06:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-13 17:03 - 2015-02-23 06:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-13 17:03 - 2015-02-23 06:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-13 17:03 - 2015-02-23 06:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-13 17:03 - 2015-02-23 06:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-13 17:03 - 2015-02-23 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-13 17:03 - 2015-02-23 05:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2015-03-13 17:03 - 2015-02-23 04:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-13 17:03 - 2015-02-21 01:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-13 17:03 - 2015-02-21 01:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-13 17:03 - 2015-02-21 01:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-13 17:03 - 2015-02-21 01:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-13 17:03 - 2015-02-21 01:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-13 17:03 - 2015-02-21 01:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-13 17:03 - 2015-02-21 01:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-13 17:03 - 2015-02-21 01:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-13 17:03 - 2015-02-21 01:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-13 17:03 - 2015-02-21 01:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2015-03-13 17:03 - 2015-02-21 00:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-13 17:03 - 2015-02-20 23:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-03-13 17:03 - 2015-01-29 04:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-13 17:03 - 2015-01-24 02:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-13 17:03 - 2015-01-24 01:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-13 17:02 - 2015-03-06 03:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-13 17:02 - 2015-03-06 03:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-13 17:02 - 2015-03-06 01:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-13 17:02 - 2015-03-06 01:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-13 17:02 - 2015-02-02 19:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-13 17:01 - 2015-02-17 02:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-13 17:01 - 2015-02-17 01:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-13 17:01 - 2015-01-29 04:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-13 17:01 - 2015-01-29 02:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-13 17:01 - 2015-01-24 02:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-13 17:01 - 2015-01-24 01:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-13 16:59 - 2015-02-20 09:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-13 16:59 - 2015-02-20 07:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-13 16:59 - 2015-02-20 04:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-13 16:59 - 2015-02-20 03:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-13 16:53 - 2015-01-24 00:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-13 16:53 - 2015-01-20 02:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-13 16:53 - 2015-01-20 01:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-13 16:34 - 2015-02-26 00:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 22:14 - 2015-03-12 22:14 - 00008661 _____ () C:\Users\User\Documents\mindsoul.odt
2015-03-12 22:14 - 2015-03-12 22:14 - 00008204 _____ () C:\Users\User\Documents\casino.odt
2015-03-10 03:44 - 2015-03-10 03:46 - 01899748 _____ () C:\Users\User\Downloads\CBFLASH010815CELEBIFIED_done.mp4
2015-03-10 03:35 - 2015-03-10 03:35 - 00924847 _____ () C:\Users\User\Downloads\Unconfirmed 797149.crdownload
2015-03-10 03:30 - 2015-03-10 03:35 - 32167704 _____ (VideoLan ) C:\Users\User\Downloads\Unconfirmed 207741.crdownload
2015-03-10 03:19 - 2015-03-10 03:20 - 00965242 _____ () C:\Users\User\Downloads\Unconfirmed 985505.crdownload
2015-03-10 03:16 - 2015-03-10 03:16 - 00001051 _____ () C:\Users\User\Downloads\Download-setup.website
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 13:18 - 2014-12-12 14:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 13:14 - 2012-08-17 13:54 - 00000000 ____D () C:\Windows\en
2015-04-09 13:05 - 2014-06-26 18:33 - 00000000 ____D () C:\ProgramData\Adguard
2015-04-09 13:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2015-04-09 12:47 - 2014-06-13 15:14 - 01359875 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 12:38 - 2014-07-09 15:49 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 12:36 - 2014-10-31 15:58 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-09 12:36 - 2014-07-09 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-09 12:36 - 2014-07-09 15:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-09 12:36 - 2014-06-13 17:04 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-69296176-4156326211-4257001618-1001
2015-04-09 12:33 - 2014-06-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Adguard
2015-04-09 12:32 - 2015-02-22 22:22 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 12:32 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-09 12:31 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 12:30 - 2012-08-03 18:23 - 00909338 _____ () C:\Windows\PFRO.log
2015-04-09 12:27 - 2015-02-22 22:22 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 15:38 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2015-04-08 15:27 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-08 14:52 - 2012-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-08 14:50 - 2014-07-30 19:18 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser.job
2015-04-08 13:09 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Globalization
2015-04-07 21:30 - 2014-11-20 04:29 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-04-07 15:04 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AppCompat
2015-04-06 05:05 - 2014-12-15 18:53 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-06 01:47 - 2015-02-10 17:50 - 00124928 ___SH () C:\Users\User\Downloads\Thumbs.db
2015-04-06 01:23 - 2014-06-26 18:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 23:28 - 2012-07-26 03:21 - 00576475 _____ () C:\Windows\setupact.log
2015-04-02 12:56 - 2015-02-22 22:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 12:14 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-28 21:17 - 2014-02-24 20:51 - 00000000 ____D () C:\Users\User\Documents\Worthy Fanfics
2015-03-26 03:07 - 2014-06-14 16:17 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-26 03:00 - 2014-06-14 16:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-26 00:48 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-26 00:45 - 2014-10-31 15:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-03-26 00:45 - 2014-10-31 15:57 - 00002501 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-03-26 00:45 - 2013-04-03 05:17 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-26 00:45 - 2013-04-03 05:16 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-03-24 12:48 - 2014-07-08 11:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-23 21:45 - 2014-10-22 20:24 - 00025132 _____ () C:\Users\User\Documents\Weather.odt
2015-03-19 12:51 - 2012-07-26 03:28 - 00941178 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 06:15 - 2014-07-09 15:49 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-09 15:49 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-07-09 15:49 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-13 22:20 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
 
==================== Files in the root of some directories =======
 
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\User\AppData\Roaming\GHCTS
2015-04-06 00:44 - 2015-04-06 00:44 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsf1F11.tmp
2015-04-06 00:53 - 2015-04-06 00:53 - 0613255 _____ (CMI Limited) C:\Users\User\AppData\Local\nsi3C0B.tmp
2015-04-06 00:22 - 2015-04-06 00:22 - 0628688 _____ (CMI Limited) C:\Users\User\AppData\Local\nsp3B86.tmp
2014-06-26 18:34 - 2014-06-26 18:34 - 0000281 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\2370.exe
C:\Users\User\AppData\Local\Temp\3413A47A-FE79-534A-D203-99D54E849C01.exe
C:\Users\User\AppData\Local\Temp\81466F03-D0F7-23B0-81D6-DF67B6CE38F8.dll
C:\Users\User\AppData\Local\Temp\81466F03-D0F7-23B0-81D6-DF67B6CE38F8.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\compete.exe
C:\Users\User\AppData\Local\Temp\cw.exe
C:\Users\User\AppData\Local\Temp\Extract.exe
C:\Users\User\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\User\AppData\Local\Temp\jue9051.exe
C:\Users\User\AppData\Local\Temp\OnlineBackup.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\setup.exe
C:\Users\User\AppData\Local\Temp\SP58460.exe
C:\Users\User\AppData\Local\Temp\SP59202.exe
C:\Users\User\AppData\Local\Temp\SP59708.exe
C:\Users\User\AppData\Local\Temp\SP59927.exe
C:\Users\User\AppData\Local\Temp\SP61277.exe
C:\Users\User\AppData\Local\Temp\SP61565.exe
C:\Users\User\AppData\Local\Temp\SP62310.exe
C:\Users\User\AppData\Local\Temp\SP62364.exe
C:\Users\User\AppData\Local\Temp\SP63599.exe
C:\Users\User\AppData\Local\Temp\SP63752.exe
C:\Users\User\AppData\Local\Temp\sp64126.exe
C:\Users\User\AppData\Local\Temp\SP65793.exe
C:\Users\User\AppData\Local\Temp\SP66089.exe
C:\Users\User\AppData\Local\Temp\SP69401.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-03 03:03
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by User at 2015-04-09 13:18:30
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adguard (HKLM-x32\...\{8b71e75a-9529-4f42-8867-d6f336b84bc9}) (Version: 5.9.1081.5529 - Insoft LLC)
Adguard (x32 Version: 5.10.1167.5997 - Insoft LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\BitTorrent) (Version: 7.9.2.39745 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.5 - Ashisoft)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Eppink (HKLM-x32\...\Eppink) (Version: 1.0.0.0 - Eppink)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
mstasker (HKLM-x32\...\{6DC792DB-FE40-4BA2-942A-EA74122C8EE2}) (Version: 1.0.0 - Default Company Name)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.20 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yula (HKLM\...\Yula) (Version: 2014.06.19.181057 - Yula) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-69296176-4156326211-4257001618-1001_Classes\CLSID\{A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E}\InprocServer32 -> C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
 
==================== Restore Points  =========================
 
08-04-2015 03:38:23 Scheduled Checkpoint
09-04-2015 11:58:17 Revo Uninstaller's restore point - Idle Crawler
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {473FB6A6-4272-45CB-BC58-6CE2DAA182A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6DFB1008-E56F-4360-8F25-BF99939023F8} - System32\Tasks\GHCTS => C:\Users\User\AppData\Roaming\GHCTS.exe <==== ATTENTION
Task: {750A6F62-674C-4761-A417-F198BB0F63CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {76B29B4E-4AEB-439D-A70B-8D4083A218D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8D73882F-0232-4322-8D96-4208A1F5AC12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {98B11C2C-1393-4CEC-8A69-6626C961985B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9A060DC5-E046-48DF-AA7E-4073E33E952B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {9F7D3F23-8B0F-40FA-BF0E-C1FCF585AC34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {9FF577F4-DCF8-4002-A753-2E1B7029C4F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A70DC245-2EAD-40CA-B8C7-4C3FAB58BF11} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {BEE27949-7CC9-46EF-9ED8-EC495F271C32} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe
Task: {C497F129-10AB-4304-99BF-58B3006198B1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {C578292E-FA2E-4285-A05D-CA87637C1822} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C7D50C1C-12CA-4A5D-9E73-52659430A231} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D18D5FF8-474E-4A73-AB35-AE14B0CAC812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {D7A889A9-B517-411D-9B53-F76D843B28B5} - \avaavaxvyy No Task File <==== ATTENTION
Task: {DA296E86-FFF3-43DD-82B3-1EA74A066F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DA470292-47D6-4864-9A49-519C6B72714B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-26] (Microsoft Corporation)
Task: {F07E0FA4-5ECF-4CFD-84FE-5F53FC661EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {F3745A81-AB66-46A9-A0E3-BD684040E186} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GHCTS.job => C:\Users\User\AppData\Roaming\GHCTS.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-08-08 16:17 - 2012-08-08 16:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-24 00:29 - 2014-06-24 00:29 - 01230568 _____ () C:\Program Files (x86)\Adguard\ProtocolFilters.DLL
2014-06-24 00:29 - 2014-06-24 00:29 - 00104168 _____ () C:\Program Files (x86)\Adguard\nfapi.DLL
2015-04-02 12:55 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-11 00:21 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-03 04:49 - 2012-06-26 05:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-69296176-4156326211-4257001618-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-69296176-4156326211-4257001618-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-69296176-4156326211-4257001618-1003 - Limited - Enabled)
User (S-1-5-21-69296176-4156326211-4257001618-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:03 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:33:14 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
 
System errors:
=============
Error: (04/09/2015 01:14:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:37 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:37 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 00:35:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:35:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:35:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:35:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:34:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:03 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:33:14 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B980 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3983.27 MB
Available physical RAM: 2588.66 MB
Total Pagefile: 6159.27 MB
Available Pagefile: 4671.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.51 GB) (Free:293.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.48 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (The Sims 4) (CDROM) (Total:8.8 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#8 canale

canale
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 09 April 2015 - 12:24 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by User at 2015-04-09 13:18:30
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adguard (HKLM-x32\...\{8b71e75a-9529-4f42-8867-d6f336b84bc9}) (Version: 5.9.1081.5529 - Insoft LLC)
Adguard (x32 Version: 5.10.1167.5997 - Insoft LLC) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitTorrent (HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\BitTorrent) (Version: 7.9.2.39745 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.5 - Ashisoft)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Eppink (HKLM-x32\...\Eppink) (Version: 1.0.0.0 - Eppink)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
mstasker (HKLM-x32\...\{6DC792DB-FE40-4BA2-942A-EA74122C8EE2}) (Version: 1.0.0 - Default Company Name)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-69296176-4156326211-4257001618-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.20 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yula (HKLM\...\Yula) (Version: 2014.06.19.181057 - Yula) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-69296176-4156326211-4257001618-1001_Classes\CLSID\{A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E}\InprocServer32 -> C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
 
==================== Restore Points  =========================
 
08-04-2015 03:38:23 Scheduled Checkpoint
09-04-2015 11:58:17 Revo Uninstaller's restore point - Idle Crawler
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {473FB6A6-4272-45CB-BC58-6CE2DAA182A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6DFB1008-E56F-4360-8F25-BF99939023F8} - System32\Tasks\GHCTS => C:\Users\User\AppData\Roaming\GHCTS.exe <==== ATTENTION
Task: {750A6F62-674C-4761-A417-F198BB0F63CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {76B29B4E-4AEB-439D-A70B-8D4083A218D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8D73882F-0232-4322-8D96-4208A1F5AC12} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {98B11C2C-1393-4CEC-8A69-6626C961985B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9A060DC5-E046-48DF-AA7E-4073E33E952B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {9F7D3F23-8B0F-40FA-BF0E-C1FCF585AC34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {9FF577F4-DCF8-4002-A753-2E1B7029C4F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A70DC245-2EAD-40CA-B8C7-4C3FAB58BF11} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {BEE27949-7CC9-46EF-9ED8-EC495F271C32} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe
Task: {C497F129-10AB-4304-99BF-58B3006198B1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {C578292E-FA2E-4285-A05D-CA87637C1822} - System32\Tasks\HPCeeScheduleForUser => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C7D50C1C-12CA-4A5D-9E73-52659430A231} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D18D5FF8-474E-4A73-AB35-AE14B0CAC812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {D7A889A9-B517-411D-9B53-F76D843B28B5} - \avaavaxvyy No Task File <==== ATTENTION
Task: {DA296E86-FFF3-43DD-82B3-1EA74A066F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DA470292-47D6-4864-9A49-519C6B72714B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-26] (Microsoft Corporation)
Task: {F07E0FA4-5ECF-4CFD-84FE-5F53FC661EB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {F3745A81-AB66-46A9-A0E3-BD684040E186} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GHCTS.job => C:\Users\User\AppData\Roaming\GHCTS.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-08-08 16:17 - 2012-08-08 16:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-24 00:29 - 2014-06-24 00:29 - 01230568 _____ () C:\Program Files (x86)\Adguard\ProtocolFilters.DLL
2014-06-24 00:29 - 2014-06-24 00:29 - 00104168 _____ () C:\Program Files (x86)\Adguard\nfapi.DLL
2015-04-02 12:55 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-11 00:21 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-02 12:55 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2009-04-16 13:02 - 2009-04-16 13:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-04-03 04:49 - 2012-06-26 05:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-69296176-4156326211-4257001618-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-69296176-4156326211-4257001618-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-69296176-4156326211-4257001618-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-69296176-4156326211-4257001618-1003 - Limited - Enabled)
User (S-1-5-21-69296176-4156326211-4257001618-1001 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:34:03 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
Error: (04/09/2015 00:33:14 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0x80070005
6.2.9200.16693
 
 
System errors:
=============
Error: (04/09/2015 01:14:39 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:38 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:37 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 01:14:37 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "USER-PC        :0" could not be registered on the interface with IP address 10.0.0.6.
The computer with the IP address 10.0.0.13 did not allow the name to be claimed by
this computer.
 
Error: (04/09/2015 00:35:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:35:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:35:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:35:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
Error: (04/09/2015 00:34:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Software Protection service terminated with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:35:16 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:35:04 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:26 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:15 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:34:03 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
Error: (04/09/2015 00:33:14 PM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: 0x800700056.2.9200.16693
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B980 @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 3983.27 MB
Available physical RAM: 2588.66 MB
Total Pagefile: 6159.27 MB
Available Pagefile: 4671.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.51 GB) (Free:293.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.48 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (The Sims 4) (CDROM) (Total:8.8 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:02 PM

Posted 09 April 2015 - 04:10 PM

Hi there,
 
Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Task: {6DFB1008-E56F-4360-8F25-BF99939023F8} - System32\Tasks\GHCTS => C:\Users\User\AppData\Roaming\GHCTS.exe 
    Task: {BEE27949-7CC9-46EF-9ED8-EC495F271C32} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe
    Task: {D7A889A9-B517-411D-9B53-F76D843B28B5} - \avaavaxvyy No Task File 
    Task: C:\Windows\Tasks\GHCTS.job => C:\Users\User\AppData\Roaming\GHCTS.exe 
    C:\Users\User\AppData\Roaming\GHCTS.exe 
    C:\ProgramData\688bac24d8294ddc9b97a10de5058423
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-69296176-4156326211-4257001618-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-69296176-4156326211-4257001618-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.findwide.com/v/2/?guid={BBB95132-B426-4A10-971C-2E63DC5DCED3}&serpv=6
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-69296176-4156326211-4257001618-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
    BHO: BetterPrriceChEcu -> {c0bd0d4b-e5a9-428b-90a5-64b79e4c30af} -> C:\ProgramData\BetterPrriceChEcu\eZ7z5jAItFeicE.x64.dll No File
    Toolbar: HKLM - FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
    Toolbar: HKLM-x32 - FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport.dll No File
    Toolbar: HKU\S-1-5-21-69296176-4156326211-4257001618-1001 -> FindWide Toolbar - {A79F576D-C71F-4260-BC7D-E3AEA2AA5F5E} - C:\Users\User\AppData\Local\TNT2\Profiles\10412\passport64.dll No File
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Do you know how to make zip files? :)
 

  • Locate the file or folder that you want to compress.
  • Right-click the file or folder, point to Send to, and then click Compressed (zipped) folder.
    A new compressed folder is created in the same location. To rename it, right-click the folder, click Rename, and then type the new name.

I want you to do following:

Please search for that folder and create a zip-files of it. Please upload the zip-file to my channel.

C:\FRST\Quarantine

Thank you!


Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Edited by deeprybka, 09 April 2015 - 04:11 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:02 PM

Posted 12 April 2015 - 04:37 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:02 PM

Posted 14 April 2015 - 03:33 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users