Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tracking cookie smartadserver virus


  • This topic is locked This topic is locked
33 replies to this topic

#1 Crimson Fury

Crimson Fury

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 15 June 2015 - 05:07 AM

Hi,

 

I am new to this site so sorry if I am posting in the wrong section!

 

So I have both bitdefender and AVG free installed on my laptop, both of which i installed when i realised i had a virus. Before then i was just using the pre-installed anti-virus software. AVG says the virus is a tracking coookie smartadserver and has located it to the inetcookies folder which is empty. Every day I get at least 8 new pop up warnings telling me there has been another one found and every scan i do it finds minimum 4 every time. My computer is relatively new, just 6 months old, and it is performing terribly so i know that i definitely do have a virus.

 

Please help someone! I have exhausted all of my very limited knowledge of removing viruses and don't have the money to get it sorted by a professional.

 

Thanks in advance,

 

Greg


Edited by hamluis, 15 June 2015 - 10:24 AM.
Moved from MRL to Am I Infected, moved back after FRST request - Hamluis.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 15 June 2015 - 10:11 AM

Hello Crimson Fury and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Multiple antiviruses

Yoy say you have AVG and BitDefender antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

You need to disable one until we’re finished.

Open the AVG Control Center, by right-clicking on the AVG icon on task bar.


  • click on Tools
  • select Advanced
  • in the left hand pane, scroll down to "Resident Shield".
  • in the main pane, deselect the option to "Enable Resident Shield."

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 Crimson Fury

Crimson Fury
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 17 June 2015 - 06:27 AM

Hi Satchfan,

 

First of all thank you so much for offering help!

 

The first problem I have encountered is that I have AVG antivirus free edition 2015 which has a different interface and I don't think there is an option to turn off the resident shield. I have searched a lot but can't seem to find any way of doing it.

 

I don't really want to carry on without doing exactly what you say to the letter so I will wait for your reply before I do anything else, unless I find a way of turning it off, but that seems unlikely at this point.

 

Looking forward to hearing from you,

 

Greg

 

Update. I have found a way of turning the resident shield off so I will not do all of the tests and post everything you asked for ASAP


Edited by Crimson Fury, 17 June 2015 - 06:37 AM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 17 June 2015 - 06:34 AM

It's quickest to uninstall it. You can re-install at the end if you decide on that instead of BitDefender.

 

When you've done that, please complete the other instructions.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Crimson Fury

Crimson Fury
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 17 June 2015 - 07:19 AM

I found a way of turning it off so i disabled bitdefender and turned that off in AVG.

 

Here are the logs you asked for:

 

# AdwCleaner v4.206 - Logfile created 17/06/2015 at 12:47:18
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : greg - GREGS-LAPTOP
# Running from : C:\Users\greg\Desktop\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\5036881046752343278
Folder Deleted : C:\ProgramData\d95cd0b0000007a6
Folder Deleted : C:\ProgramData\{597c1ee4-21c9-0e31-597c-c1ee421c7b90}
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\PrioceCHop
Folder Deleted : C:\Users\greg\AppData\Roaming\OpenCandy
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\384e460f-a5c8-09d1-6dd2-a5175907da4a
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PositiveFinds
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : FABF57D75B09257D7B1F615F60E009BA38A7381E7FFEBF68D4298045E842241B"},"software_reporter":{"prompt_reason":"4DC3BD3891272BD18699D5CF580E71B5445ED90CE9CEC643836E69DDE0F1C8D6","prompt_seed":"F2BC4C01AAECA2A6238144B51DBD0DC42B42F4F7E069445EDF24CD067E0D9272","prompt_version":"FFE677B4FCAE3CA7B6C9915F11EC372DC39E105F28D4DB2C0E0B701174E5B453"},"sync":{"remaining_rollback_tries":"54D8549E0ACD05809AF2DB88C40C8EF476AF8BF45D3C8C7AA8B354C46A9CA37A"}},"super_mac":"8BC9A4CE172200561D2C6D75434122E9A6CCF82EF16DBF702E3969EA6BF1A987"},"safebrowsing":{"incidents_sent":{"2":{"chrome.dll":"3774509266","chrome_child.dll":"3743713718"},"6":{"script_request_incident":"42"}}},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA","hxxp://www.searchnu.com/406
 
*************************
 
AdwCleaner[R0].txt - [7981 bytes] - [17/06/2015 12:39:17]
AdwCleaner[R1].txt - [8040 bytes] - [17/06/2015 12:43:29]
AdwCleaner[S0].txt - [2922 bytes] - [17/06/2015 12:47:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2981  bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.1 (06.17.2015:2)
OS: Windows 8.1 x64
Ran by greg on 17/06/2015 at 12:56:54.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\1432325238.bdinstall.bin
Successfully deleted: [File] C:\Users\greg\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage
Successfully deleted: [File] C:\Users\greg\appdata\local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal
Successfully deleted: [File] C:\Users\greg\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage
Successfully deleted: [File] C:\Users\greg\appdata\local\google\chrome\user data\default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\greg\appdata\local\google\chrome\user data\default\local storage\hxxp_www.lyricsmode.com_0.localstorage
Successfully deleted: [File] C:\Users\greg\appdata\local\google\chrome\user data\default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\greg\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\greg\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\greg\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\greg\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/06/2015 at 13:09:24.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by greg (administrator) on GREGS-LAPTOP on 17-06-2015 13:16:15
Running from C:\Users\greg\Desktop
Loaded Profiles: greg (Available Profiles: greg)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-17] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-01-26] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\Run: [EA Core] => C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\MountPoints2: G - "G:\CDCheck.exe" 
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\MountPoints2: H - "H:\CDCheck.exe" 
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\MountPoints2: {2193d139-d092-11e4-8274-7429af315ebe} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\MountPoints2: {5ad9571f-2cd4-11e4-825c-806e6f6e6963} - "E:\AUTORUN.EXE" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-26]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001 -> {37300C41-8E69-4BA3-9CB6-35547A632710} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001 -> {C74F411B-165B-4549-ACE6-F9D702D6713B} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=924581&p={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\..\Interfaces\{5BD39E38-F91B-467C-A666-5E11624713C8}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\CS0VgsMs.default
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1768010881-1514406458-3837760678-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\CS0VgsMs.default\Extensions\abs@avira.com [2015-02-05]
 
Chrome: 
=======
CHR Profile: C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Retro Robots Theme) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejiklfknjocjccolialojlfhliacoeoo [2015-01-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-07]
CHR Extension: (Google Wallet) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-05-01] (EasyAntiCheat Ltd)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-15] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186560 2015-01-31] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-01-26] (Razer Inc.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-17] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [287200 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [224224 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [285152 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [573144 2014-06-17] (Realtek Semiconductor Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-22] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation                           )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-01-31] (Razer, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-17] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 13:16 - 2015-06-17 13:16 - 00021748 _____ C:\Users\greg\Desktop\FRST.txt
2015-06-17 13:15 - 2015-06-17 13:16 - 00000000 ____D C:\FRST
2015-06-17 13:15 - 2015-06-17 13:15 - 02109952 _____ (Farbar) C:\Users\greg\Desktop\FRST64.exe
2015-06-17 13:09 - 2015-06-17 13:09 - 00002178 _____ C:\Users\greg\Desktop\JRT.txt
2015-06-17 13:00 - 2015-06-17 13:00 - 00003061 _____ C:\Users\greg\Desktop\AdwCleaner[S0].txt
2015-06-17 13:00 - 2015-06-17 13:00 - 00000109 ____H C:\Users\greg\Desktop\.~lock.AdwCleaner[S0].txt#
2015-06-17 12:57 - 2015-06-17 12:57 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GREGS-LAPTOP-Windows-8.1-(64-bit).dat
2015-06-17 12:57 - 2015-06-17 12:57 - 00000000 ____D C:\RegBackup
2015-06-17 12:55 - 2015-06-17 12:56 - 02949914 _____ (Thisisu) C:\Users\greg\Desktop\JRT.exe
2015-06-17 12:39 - 2015-06-17 13:00 - 00000000 ____D C:\AdwCleaner
2015-06-17 12:38 - 2015-06-17 12:38 - 02231296 _____ C:\Users\greg\Desktop\adwcleaner_4.206.exe
2015-06-14 11:32 - 2015-06-14 11:36 - 163636856 _____ C:\Users\greg\Desktop\icsg7yic.exe
2015-06-14 10:22 - 2015-06-14 10:22 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-14 10:21 - 2015-06-14 10:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-06-14 10:21 - 2015-06-14 10:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-06-14 10:19 - 2015-06-14 10:19 - 00000000 ____D C:\Users\greg\AppData\Local\Avg
2015-06-13 14:24 - 2015-05-22 14:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-13 14:24 - 2015-05-21 14:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-13 14:24 - 2015-05-21 14:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-13 14:24 - 2015-05-21 14:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-13 14:24 - 2015-05-21 14:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-13 14:24 - 2015-05-21 14:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-13 14:24 - 2015-05-21 14:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-13 14:24 - 2015-04-16 23:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-12 17:42 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-12 17:42 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-12 17:42 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-12 17:42 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-12 17:42 - 2015-04-08 23:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-12 17:42 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-12 17:42 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-12 17:42 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-12 17:42 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-12 17:42 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-12 17:42 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-12 17:42 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-12 17:42 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-12 17:41 - 2015-04-16 07:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-12 17:41 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-12 17:41 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-12 17:41 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-12 17:41 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-12 17:41 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-12 17:41 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-12 17:41 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-12 17:41 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-12 17:41 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-12 17:41 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-12 17:41 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-12 17:41 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-12 17:41 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-12 17:41 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-12 17:41 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-12 17:41 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-11 20:17 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-11 20:17 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-11 20:17 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-11 20:17 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-11 20:17 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-11 20:17 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-11 20:17 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-11 20:17 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-11 20:17 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-11 20:17 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-11 20:17 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-11 20:17 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 20:17 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-11 20:16 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-11 20:16 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-11 20:16 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-11 20:16 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-11 20:16 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-11 20:16 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-11 20:16 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-11 20:16 - 2015-05-23 03:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-11 20:16 - 2015-05-23 03:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-11 20:16 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-11 20:16 - 2015-05-23 03:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-11 20:16 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-11 20:16 - 2015-05-23 03:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-11 20:16 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-11 20:16 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-11 20:16 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-11 20:16 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-11 20:16 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-11 20:16 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-11 20:16 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-11 20:16 - 2015-05-22 19:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-11 20:16 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-11 20:16 - 2015-05-22 19:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-11 20:16 - 2015-05-22 19:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-11 20:16 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-11 20:16 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-11 20:16 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-11 20:16 - 2015-05-22 18:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-11 20:16 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-11 20:16 - 2015-05-21 17:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-05 12:37 - 2015-06-12 13:42 - 00000000 ____D C:\Users\greg\Desktop\Work
2015-06-05 12:27 - 2015-06-05 12:27 - 00000000 ____D C:\Users\greg\AppData\Roaming\Foxit Software
2015-06-02 12:11 - 2015-06-02 12:11 - 00000000 ____D C:\ProgramData\Avg_Update_0215pi
2015-06-02 12:09 - 2015-06-02 12:09 - 00000000 ____D C:\Users\greg\AppData\Roaming\AVG2015
2015-06-02 12:08 - 2015-06-14 10:21 - 00000948 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-02 12:08 - 2015-06-14 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-02 12:08 - 2015-06-02 12:09 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-02 12:08 - 2015-06-02 12:08 - 00000000 ___HD C:\$AVG
2015-06-02 12:08 - 2015-06-02 12:08 - 00000000 ____D C:\Users\greg\AppData\Roaming\TuneUp Software
2015-06-02 12:07 - 2015-06-02 12:07 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-02 12:05 - 2015-06-17 12:15 - 00000000 ____D C:\ProgramData\MFAData
2015-06-02 12:05 - 2015-06-02 12:18 - 00000000 ____D C:\Users\greg\AppData\Local\Avg2015
2015-06-02 12:05 - 2015-06-02 12:05 - 00000000 ____D C:\Users\greg\AppData\Local\MFAData
2015-06-02 12:04 - 2015-06-02 12:04 - 04928968 _____ (AVG Technologies) C:\Users\greg\Downloads\avg_free_stb_all_5961p1_177.exe
2015-06-01 12:09 - 2015-06-01 12:09 - 00000000 ____D C:\Users\greg\AppData\Local\GWX
2015-05-30 21:13 - 2015-05-30 21:18 - 00002842 _____ C:\Windows\system32\lic2.xml12193
2015-05-29 19:38 - 2015-05-29 19:38 - 00000000 ____D C:\ProgramData\bdch
2015-05-29 02:18 - 2015-05-29 02:18 - 00043695 _____ C:\Users\greg\Downloads\degree-classification-calculator2012-5555.xlsx
2015-05-25 22:34 - 2015-05-25 22:47 - 00002741 ____T C:\Windows\system32\lic2tmp.xml13296
2015-05-25 20:51 - 2015-05-25 20:51 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\greg\Downloads\avira_en_av_55637e8a4d9ae__ws.exe
2015-05-25 18:06 - 2015-05-25 18:06 - 00386383 _____ (http://magiclauncher.com) C:\Users\greg\Downloads\_MagicLauncher_1.2.5.exe
2015-05-25 17:44 - 2015-05-25 17:44 - 00000000 _____ C:\autoexec.bat
2015-05-25 17:42 - 2015-05-25 17:42 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\greg\Downloads\SpyHunter-Installer.exe
2015-05-22 21:08 - 2015-05-22 21:08 - 00002199 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-05-22 21:08 - 2015-05-22 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-05-22 21:08 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-05-22 21:07 - 2015-05-22 21:08 - 00000000 ____D C:\Program Files\Bitdefender
2015-05-22 21:07 - 2015-05-22 21:07 - 00000000 ____D C:\Users\greg\AppData\Roaming\QuickScan
2015-05-22 21:07 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-22 21:07 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-05-22 21:07 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-05-22 21:07 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-05-22 21:06 - 2015-05-22 21:06 - 10447328 _____ C:\Users\greg\Downloads\Antivirus_Free_Edition_x64.exe
2015-05-22 21:06 - 2015-05-22 21:06 - 00162208 _____ C:\Users\greg\Downloads\Antivirus_Free_Edition.exe
2015-05-22 14:20 - 2015-05-22 14:20 - 00000000 __SHD C:\Users\greg\AppData\Local\EmieBrowserModeList
2015-05-22 14:11 - 2015-05-22 14:11 - 00000000 _____ C:\Users\greg\AppData\Local\Temp.dat
2015-05-22 14:00 - 2015-05-22 14:00 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 13:53 - 2015-05-22 17:03 - 00000000 ____D C:\Program Files (x86)\CCTV View
2015-05-21 17:29 - 2015-06-02 12:12 - 00169528 _____ C:\Windows\PFRO.log
2015-05-21 01:59 - 2015-05-21 02:00 - 00455976 _____ C:\Windows\Minidump\052115-45000-01.dmp
2015-05-21 01:59 - 2015-05-21 01:59 - 842450445 _____ C:\Windows\MEMORY.DMP
2015-05-19 09:52 - 2015-05-19 09:52 - 00287200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-05-18 18:53 - 2015-05-18 18:53 - 00000000 ____D C:\ProgramData\Focusrite
2015-05-18 17:51 - 2015-06-17 12:51 - 00012458 _____ C:\Windows\setupact.log
2015-05-18 17:51 - 2015-05-18 17:51 - 00000000 _____ C:\Windows\setuperr.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-17 13:03 - 2015-01-07 15:21 - 01976996 _____ C:\Windows\WindowsUpdate.log
2015-06-17 13:02 - 2015-01-07 15:45 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-17 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-17 12:57 - 2015-01-07 15:48 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1768010881-1514406458-3837760678-1001
2015-06-17 12:55 - 2015-01-07 15:32 - 00000000 ____D C:\Users\greg\Documents\Youcam
2015-06-17 12:53 - 2015-01-07 15:43 - 00000000 ____D C:\Users\greg\OneDrive
2015-06-17 12:52 - 2015-01-07 15:45 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-17 12:51 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-17 12:12 - 2015-01-07 15:44 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2E1B33EA-4863-4F2C-9B9D-79F87262C02C}
2015-06-17 00:00 - 2015-03-29 01:55 - 00000000 ____D C:\Users\greg\AppData\Roaming\vlc
2015-06-16 20:09 - 2015-02-14 22:28 - 00000000 ____D C:\Users\greg\Desktop\Films
2015-06-16 20:09 - 2015-02-12 02:19 - 00000000 ____D C:\Users\greg\AppData\Roaming\uTorrent
2015-06-16 19:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-16 18:58 - 2015-01-16 13:13 - 00003166 _____ C:\Windows\System32\Tasks\HPCeeScheduleForgreg
2015-06-16 18:58 - 2015-01-16 13:13 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForgreg.job
2015-06-15 11:22 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-15 11:20 - 2015-01-09 22:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-15 11:20 - 2015-01-09 22:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-15 11:20 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-13 14:53 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-13 14:52 - 2015-01-09 20:53 - 00000000 ____D C:\Windows\system32\MRT
2015-06-13 14:40 - 2015-01-09 20:53 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-12 23:38 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-06-12 13:42 - 2015-01-09 19:55 - 00000000 ____D C:\Users\greg\AppData\Local\CrashDumps
2015-06-12 13:37 - 2013-08-22 15:44 - 00380744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 13:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-06-12 13:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-06-12 13:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-12 13:32 - 2015-05-13 00:10 - 00000000 ____D C:\Users\greg\AppData\Roaming\Skype
2015-06-12 12:18 - 2015-01-09 13:08 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-11 21:04 - 2015-01-07 15:45 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 20:07 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-06 23:32 - 2015-01-07 15:30 - 00000000 ____D C:\Users\greg
2015-06-06 19:08 - 2015-04-13 03:00 - 00000000 ____D C:\ProgramData\Ableton
2015-06-05 12:28 - 2015-01-11 20:49 - 00000000 ____D C:\Users\greg\AppData\Local\Windows Live
2015-06-03 17:18 - 2015-01-09 22:26 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 17:18 - 2015-01-09 22:26 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-02 12:09 - 2015-01-07 15:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-02 12:08 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-02 12:01 - 2014-08-26 02:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 23:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2015-05-26 20:50 - 2015-05-08 14:51 - 00000000 ____D C:\Users\greg\AppData\Local\LogMeIn Hamachi
2015-05-26 19:06 - 2015-04-04 12:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-26 19:06 - 2015-04-04 12:28 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-26 00:50 - 2014-03-18 10:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-25 19:30 - 2015-05-13 00:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-25 18:06 - 2015-01-07 15:55 - 00000000 ____D C:\Users\greg\AppData\Roaming\.minecraft
2015-05-25 17:51 - 2015-01-08 13:38 - 00000000 ____D C:\Users\greg\Desktop\random
2015-05-22 17:24 - 2015-01-11 20:50 - 00003102 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1768010881-1514406458-3837760678-1001
2015-05-22 13:50 - 2015-01-14 12:59 - 00000000 ____D C:\Users\greg\Desktop\Games
2015-05-22 02:30 - 2015-03-09 20:16 - 00000000 ____D C:\Users\greg\Desktop\New Game
2015-05-21 01:59 - 2015-01-20 16:38 - 00000000 ____D C:\Windows\Minidump
2015-05-18 18:59 - 2015-04-19 01:25 - 00000000 ____D C:\Program Files\Common Files\VST3
2015-05-18 18:59 - 2015-04-12 21:38 - 00000000 ____D C:\Program Files (x86)\VSTPlugIns
 
==================== Files in the root of some directories =======
 
2015-05-01 17:19 - 2015-05-01 17:19 - 0007602 _____ () C:\Users\greg\AppData\Local\Resmon.ResmonCfg
2015-05-22 14:11 - 2015-05-22 14:11 - 0000000 _____ () C:\Users\greg\AppData\Local\Temp.dat
2015-01-11 18:52 - 2015-01-11 18:52 - 0005045 _____ () C:\ProgramData\wmzddnmb.cix
 
Some files in TEMP:
====================
C:\Users\greg\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\greg\AppData\Local\Temp\avgnt.exe
C:\Users\greg\AppData\Local\Temp\Quarantine.exe
C:\Users\greg\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-08 01:36
 
==================== End of log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by greg at 2015-06-17 13:17:03
Running from C:\Users\greg\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1768010881-1514406458-3837760678-500 - Administrator - Disabled)
greg (S-1-5-21-1768010881-1514406458-3837760678-1001 - Administrator - Enabled) => C:\Users\greg
Guest (S-1-5-21-1768010881-1514406458-3837760678-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Ableton Live 9 Lite (HKLM-x32\...\{74A6E854-0D65-4DAB-8DF9-86BE41824EBF}) (Version: 9.0.0.0 - Ableton)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version:  - )
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6030 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6030 - AVG Technologies) Hidden
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EA Download Manager (HKLM-x32\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
FM Genie Scout 12 version 1.2 (HKLM-x32\...\FM Genie Scout 12_is1) (Version: 1.2 - )
FMRTE (HKLM-x32\...\{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}) (Version: 4.3.0 - BraCa Soft)
Football Manager 2011 (HKLM-x32\...\Steam App 34220) (Version:  - Sports Interactive)
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Harry Potter TM (HKLM-x32\...\{3F50AF3B-8997-4916-0095-99D63DDB785A}) (Version:  - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IBM SPSS Statistics 20 (HKLM-x32\...\{2AF8017B-E503-408F-AACE-8A335452CAD2}) (Version: 20.0.0.0 - IBM Corp)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
iTalk Sync 1.0 (HKLM-x32\...\iTalk Sync) (Version: 1.0 116 - Griffin Technology)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Movavi Video Editor 10 (HKLM-x32\...\Movavi Video Editor 10) (Version: 10.0.1 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NBA 2K9 (HKLM-x32\...\Steam App 7740) (Version:  - Visual Concepts)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.3.25.0 - Razer Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.17 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
Red 2 & Red 3 Plug-in Suite version 1.0 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{B35DBBD7-B42E-494A-8913-431A2E448131}) (Version: 6.1.1.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Sims Deluxe Edition (HKLM-x32\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version:  - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Transformice (HKLM-x32\...\Steam App 335240) (Version:  - Atelier 801)
TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Unity Web Player (HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\greg\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\greg\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
12-06-2015 01:19:24 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03F23A3A-CB20-4670-AD69-CDD361BF2C60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {1748DCDD-9AE0-431D-B847-DE1D96B5FEC2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {1A3EC83A-7A13-473C-B033-81166B5B671A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {28C6EF33-8F68-47B2-BCE2-19F2975AE2C0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2E3B3112-84C2-4A8C-B0F9-70CF49B38CE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {436F8C09-EFB3-493B-A4A1-54BE7C72FA5A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {5F4E52F0-BD70-4E38-BE3F-82AEBD12DD6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {66FD6A6B-8D89-4A25-A416-4FFF69D4494C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6B5F7593-927C-4C73-97F0-3C1C68A8F4BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B6E42E1-8064-46BF-B57A-A1D81745DC26} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {749102D2-7D46-4F95-BC84-AB37533FD1C3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {7FAFBB94-D0F1-4100-9B7E-BA450F1EAFC7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {808B3B7C-930C-443E-872F-3847747D5DF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {88652062-A7FD-46E8-B4C1-F70DB53291F2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9EE8F73F-7CC2-4EB4-849B-4B4B8FCC3196} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {B6FCD102-0716-4439-B062-54D336274CA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C247C0B9-1047-4DFD-97D6-BA2427468517} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {C2AF3DBE-C354-4710-A577-054ED8D19B97} - System32\Tasks\HPCeeScheduleForgreg => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CA04B379-679A-49BE-AE53-521CAB8B41CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-13] (Microsoft Corporation)
Task: {CAA5DBCC-4CF9-43D3-9073-C83A2DFBE361} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {F40D0D7E-E797-40F6-B980-4E582F5F7106} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1768010881-1514406458-3837760678-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForgreg.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-22 21:08 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-05-22 21:08 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 08:44 - 2013-12-04 08:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-01-31 01:10 - 2015-01-31 01:10 - 00186560 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-08-13 10:27 - 2014-08-13 10:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2014-07-29 14:34 - 2014-07-29 14:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
2014-08-26 03:11 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-11 21:04 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-11 21:04 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\greg\OneDrive:ms-properties
AlternateDataStreams: C:\Users\greg\Desktop\adwcleaner_4.206.exe:BDU
AlternateDataStreams: C:\Users\greg\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\greg\Desktop\icsg7yic.exe:BDU
AlternateDataStreams: C:\Users\greg\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\greg\Downloads\avg_free_stb_all_5961p1_177.exe:BDU
AlternateDataStreams: C:\Users\greg\Downloads\avira_en_av_55637e8a4d9ae__ws.exe:BDU
AlternateDataStreams: C:\Users\greg\Downloads\_MagicLauncher_1.2.5.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\gumtree.com -> hxxps://www.gumtree.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\greg\Pictures\Swimming in Buda.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_465F4EE86B7E091DC22032F5E04D8508"
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CF894617-F850-40B8-917F-743B3928E250}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E0CED16E-9CC4-439E-822D-349B0FC33492}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{47F787D2-1068-4EB5-A08E-B4D7F9BD78A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E703F942-E001-41F3-9A8A-AD61F732AEED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{533BE816-C929-4E08-A237-CB2F0E9E700C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{28156924-096C-48C6-AF74-FEDA99634D82}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4893DF3B-D33D-4F58-8491-CCCD3E37C817}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F3552FEC-4CE6-4342-B3FD-9AAA6E366687}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{186820AC-698D-435F-99F1-BAA42966E9B5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{335C0EB5-7583-45D0-AF57-57E6AA4C800B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{593A1F88-2FEA-4AE5-B504-98DEB9BBC0C5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0514B1C5-3E1E-47AB-9A85-E5E4D3D678A0}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{2F4D85C1-876C-41DB-B533-C4A1B839C6AD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1D7F1D6-EC16-4E9E-9347-87690523E25A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02DC7713-8B0D-477D-AC9D-1EED3B5DD68D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{97F836E4-C091-461E-BA10-01ACE9FAFA01}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{06DBF8EC-A6A5-4631-966B-8A987457767B}] => (Allow) C:\Users\greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6D6CEA20-1400-4BF6-A40C-9E53618CEA39}] => (Allow) C:\Users\greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{32372357-C52C-48B7-946E-0D8C9D745B45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2011\fm.exe
FirewallRules: [{EC0FFAFF-4B06-4753-B900-B00BBB4BC89B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2011\fm.exe
FirewallRules: [{53F5A95A-CA48-4C8C-89EE-483A547D4223}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{95057E87-FFF7-4911-A0A2-999E8F17CD8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2969F288-DB3D-40C7-AFBB-ACF637068A53}] => (Allow) C:\Users\greg\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{710BDB68-CB2E-4FCB-A4AA-811914CC09A2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C8635524-456C-4BA3-82C6-E9D5D9F012C9}] => (Allow) LPort=2869
FirewallRules: [{8B7BF2D1-1ABA-4762-8CB7-509760483FF9}] => (Allow) LPort=1900
FirewallRules: [{EFE3A486-AD50-43ED-B5AB-285EFEC734BB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3AD94877-8FA5-4940-9268-11E79CFC7CA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA 2K9\nba2k9.exe
FirewallRules: [{B62876D9-EFD4-473A-9174-24E9D1605910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA 2K9\nba2k9.exe
FirewallRules: [{88258AA4-0A88-473D-A9A3-EDF7A204E216}] => (Allow) C:\Users\greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0ADE8C5A-AC7A-47E3-93EE-548909275520}] => (Allow) C:\Users\greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E0ACE47-5AEB-4832-8A7E-123BD9DBAC63}] => (Allow) C:\Users\greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6EC2C08B-1B65-4BF3-A92A-16B9CF53040E}] => (Allow) C:\Users\greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{27E35CA1-9337-45FB-B97C-AFB3478341AB}C:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{25D655B9-87C7-47D7-8C73-084FD9B193F9}C:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\greg\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{A71EB617-8B75-4703-AEBA-9962ADE3DDDE}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{42E31990-F604-47D5-821B-1E1AE0DE3385}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{3CBA9D78-C2D2-4539-82BC-BF9FF168828E}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{838EFBA0-9FA4-4192-9923-902BDAE77351}C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\ borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{CB38F46A-A70E-4213-88D0-5B95A90CEC32}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{B3EA62FD-2783-4547-8D4B-22C2BA4CAD0C}C:\program files (x86)\electronic arts\eadm\core.exe] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{A6613A49-DB2B-4B9E-8829-8C27F8110F09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{880057C3-BC76-4B24-A5C0-C33A8423304B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{E7EBD4D2-F60D-4998-8ADE-2925E31EA56C}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [{3742B705-480D-4124-BCB2-E396786D3002}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{DF764A8D-67B5-4B0D-8B6F-8DD5A637B6FA}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{CE657CBF-49B8-437A-BFFA-1585D8BE9765}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.exe
FirewallRules: [{842564E3-80AB-4815-A408-88BD01D3B22D}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\stats.com
FirewallRules: [{431A5C34-DBDC-4532-97CE-5300FCB05A01}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\20\WinWrapIDE.exe
FirewallRules: [TCP Query User{C3E86FBB-D7DB-4973-A98F-269D74D974B1}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [UDP Query User{097C52BB-28F2-4EAD-83C8-BDC50E934F44}C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\spss\statistics\20\jre\bin\javaw.exe
FirewallRules: [{2FFA086E-0CFB-4535-ADDE-909D91AD1413}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EFCB848B-9ADE-48C8-AEDC-6B45C301801B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{09053568-DC2F-47A7-B447-2736F1F31EE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{88B81C58-A257-4044-B650-F8238D6ACD56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{EC8D107F-0A04-489D-98E1-50DCEB79835F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [TCP Query User{58E6ED67-201E-4E3D-A4FA-2CB4724F44B2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1E898A0E-39BA-4CCE-996B-434690B914A8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{42872C0B-BFAA-4600-A9B9-6BC77C2C5627}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F68FFA8F-DB0E-47B9-BE75-29EBF6B18373}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0DD0C7B9-D7AE-473F-91BB-F0D46804E6F3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B58D4D76-BC55-44BE-9A7A-95DC8E69BD1E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{91E3FAC4-2C02-4936-A02E-077C8DDB7892}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5611A673-E494-413D-89CE-E18EED4BB2B4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7023E7B5-0DC2-445E-8D98-B5D15A6FF752}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{3EFAF8D8-3B40-4E38-9466-3842B3B01223}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{E0D6BFC0-8A22-408A-8259-819F44DF51F0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{FA7225C5-B176-4F60-8676-5E6304C0A938}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{0AB5535E-6B89-422D-B8F3-CA1B3440DE64}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{D323E848-F12D-4344-9C00-8DA8856CCC39}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/17/2015 01:03:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/17/2015 00:32:39 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (06/16/2015 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2359
 
Error: (06/16/2015 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2359
 
Error: (06/16/2015 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/16/2015 08:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187
 
Error: (06/16/2015 08:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187
 
Error: (06/16/2015 08:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/15/2015 10:29:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREGS-LAPTOP)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/15/2015 10:29:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREGS-LAPTOP)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/17/2015 00:59:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/17/2015 00:59:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/17/2015 00:59:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/17/2015 00:59:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (06/17/2015 01:03:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (06/17/2015 00:32:39 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (06/16/2015 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2359
 
Error: (06/16/2015 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2359
 
Error: (06/16/2015 08:09:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/16/2015 08:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187
 
Error: (06/16/2015 08:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187
 
Error: (06/16/2015 08:09:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/15/2015 10:29:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREGS-LAPTOP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024865
 
Error: (06/15/2015 10:29:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREGS-LAPTOP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-22 20:38:09.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-22 20:38:08.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-22 20:38:08.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:40.634
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:40.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:39.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:25.560
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:24.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:22.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-15 12:48:22.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4288U CPU @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 8122.15 MB
Available physical RAM: 6014.19 MB
Total Pagefile: 16122.15 MB
Available Pagefile: 13404.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1375.15 GB) (Free:1123.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.09 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Harry_potter_efg) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 39ED847C)
 
Partition: GPT Partition Type.
 
==================== End of log ============================


#6 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 17 June 2015 - 08:40 AM

A couple of things to mention before we carry on.

Registry cleaners

I see you are using a “Registry Cleaner”, TuneUp Utilities 2014. It may have come as an optional add-on when you downloaded YouTube Downloader App 3.00. However, It's not recommended to use registry cleaners/boosters.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of TuneUp Utilities 2014 and any other cleaner/optimiser/booster/tuneup/tweak type utilities that you have on this or any other  computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here

===================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection. It almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares. Installing multiple antiviruses won’t help.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.


CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001 -> {C74F411B-165B-4549-ACE6-F9D702D6713B} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=924581&p={searchTerms}
FirewallRules: [{593A1F88-2FEA-4AE5-B504-98DEB9BBC0C5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Download Malwarebytes-Anti-Malware

Click here.
 

  • double-click mbam-setup.exe and follow the prompts to install the program – (Note: Vista & Windows 7 users, please right-click and select “Run as Administrator”)
  • select the “Scan” tab at the top
  • there are three scan types; choose Threat Scan, then click on Scan
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me how your computer is now and if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 Crimson Fury

Crimson Fury
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 17 June 2015 - 09:32 AM

Hi Satchfan,
 
Sorry i didn't actually mention this in the original post but I know I didn't download the virus from Utorrent, I downloaded it from a free mod pack for minecraft, I just went on a dodgy site instead of finding a verified one which was foolish but I had never downloaded a mod pack for a game before so didn't really know what i was doing. 
 
I did not actually know i had tuneup utilities on my computer and I can't find it when searching to uninstall a programme, do you know where I can find it to delete it?
 
My laptop is still sluggish and a new problem has occurred where it is difficult to scroll using any method; using two fingers on the touchpad or clicking and dragging on the scroll bar on the right side of the screen. This has only occurred today and is a new problem that is not constantly happening but more often than not. The touchpad will also no longer let me click then drag i.e. to highlight a section of text. Again, this is not a constant problem but more often than not.
 
After running MBAM and restarting the laptop the touchpad problems have gone.
 
Here are the logs you asked for, i'm not sure if i have copied the correct log from MBAM so let me know if you need a different one:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by greg at 2015-06-17 14:53:23 Run:1
Running from C:\Users\greg\Desktop\frst
Loaded Profiles: greg (Available Profiles: greg)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1768010881-1514406458-3837760678-1001 -> {C74F411B-165B-4549-ACE6-F9D702D6713B} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=924581&p={searchTerms}
FirewallRules: [{593A1F88-2FEA-4AE5-B504-98DEB9BBC0C5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
*****************
 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1768010881-1514406458-3837760678-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C74F411B-165B-4549-ACE6-F9D702D6713B}" => key removed successfully
HKCR\CLSID\{C74F411B-165B-4549-ACE6-F9D702D6713B} => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{593A1F88-2FEA-4AE5-B504-98DEB9BBC0C5} => value removed successfully
 
==== End of Fixlog 14:53:23 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 17/06/2015
Scan Time: 15:07:53
Logfile: mb log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.17.03
Rootkit Database: v2015.06.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: greg
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377228
Time Elapsed: 14 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.Multiplug, HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [0178dd66b8d20630864b0c0eff0441bf], 
PUP.Optional.Multiplug, HKU\S-1-5-21-1768010881-1514406458-3837760678-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [c9b02e15f59554e26f62f4260300a35d], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OpenCandy, C:\Users\greg\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe, Quarantined, [20594cf7f09a89adee3b987080868b75], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 17 June 2015 - 10:29 AM

I downloaded it from a free mod pack for minecraft, I just went on a dodgy site instead of finding a verified one which was foolish but I had never downloaded a mod pack for a game

There is  one particular infection doing the rounds massively at the moment and it is not fixable by us or anybody else: this makes downloading anything you are not sure of a HUGE risk, especially where games are involved.

I'll give you more information when we are finished here.
 

I have to go out for a while but meanwhile I'd like you to try another scan.

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Crimson Fury

Crimson Fury
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 17 June 2015 - 10:44 AM

Hi Satchfan,

 

That doesn't sound too promising!

 

Here are the logs you asked for:

 

RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : greg [Administrator]
Started from : C:\Users\greg\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/17/2015  16:41:50
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1500LM006 HN-M151RAD +++++
--- User ---
[MBR] 094e9ee37640a4c200de7d4264d35d0f
[BSP] 86f8fbc4dece3b54b94c707b7bd3aa7c : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 1408158 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 2886035456 | Size: 21597 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
Hope that helps,
 
Greg


#10 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 17 June 2015 - 05:11 PM

Hope that helps,

 

Nope, but I'd have been surprised if it had shown anything - just eliminating a remote possibility..

 

 

I believe that AVG brought in the “Tuneup” programme as ALL “free” antivirus programs, (except Bit Defender), come “bundled” with some unwanted program that they don’t ask your permission to install. I would suggest getting rid of both AVG and Tuneup Utilities 2014.

There are also signs of Avira antivirus in Chrome.

None of the above should be causing your current problems but we’ll eliminate those and run an online scan to see if there is something that I can’t see.


Uninstall programs

Uninstall these programs:

TuneUp Utilities 2014
Any version of AVG

  • hold down the Windows logo key and press X to open a menu at the lower-left area of the screen
  • select Programs and Features from the menu
  • search and select the above programs one by one and click on Uninstall
  • reboot your computer.

Run AVG removal tool

There may still be some remnants on your computer even after the uninstall so please download and run AVG Removal Tool from here.

===================================================

Run Zoek

Download zoek.exe to your Desktop:

Important : Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here
 

  • on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\ flliilndjeohchalpbbcdekjklbdgfkk;chr
    
  • close any open programs
  • click the Run script button, and wait. It takes a few minutes to run
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.
     

===================================================

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

 

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:
 


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:

 


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Please include the zoek-results.log.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Crimson Fury

Crimson Fury
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 18 June 2015 - 07:17 PM

Hi Satchfan,

 

Sorry for not replying sooner, i have been busy most of the day. 

 

The results for the second test came in with 7 viruses but the log doesn't seem like it's going to be very helpful... I'll send it to you anyway but it just seems like gibberish to me!

 

Here are the logs you asked for:

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by greg on 18/06/2015 at 12:44:52.40.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\greg\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
18/06/2015 12:46:59 Zoek.exe System Restore Point Created Successfully.
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.124
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17]
 
Retro Robots Theme - greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejiklfknjocjccolialojlfhliacoeoo
Chrome Hotword Shared Module - greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
==== Chromium Startpages ======================
 
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Preferences
ed"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079015657873207","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.124\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"260A764D69E34B74EFC61EA0F7B18A05AE67DDB26DB99F46C4F37964AC9F4FDC"},"default_search_provider":{"keyword":"C4C773C240F7B008A60888FC92C097323DCCE957502A3871D5BB417D942CA139","name":"31766099140D90608CF328B4BE0E9FCD0D44036490BEE6D6A33B11A8ACAB9A84","search_url":"C753B4AD3B533F5EBEC2B3F65B49C09EF5DE91F62D6FC681C4D3554B23504AB0"},"default_search_provider_data":{"template_url_data":"7D93A147A0CEE80B13400EA2B2EAC680AC84A1F6B673035A38EDCFC006D6B7F5"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"FE10227AA2BEE4885EE8A880A1003B82A254A80ED240C996FDB5322C64A450C5","bepbmhgboaologfdajaanbcjmnhjmhfn":"641ED94A45C8B77904F9BF560F1301C57B8B0BD6A25F9CFB08922023AD781FB3","eemcgdkfndhakfknompkggombfjjjeno":"B506AD35B2C5C6541C48E13CA64B41DABD0FBFF4F00A2975B8AC0425C125652E","ennkphjdgehloodpbhlhldgbnhmacadg":"E9112F371735AF837B409659A120A665EDD798FD78024E1864E4FFE0BFEAC2A1","flliilndjeohchalpbbcdekjklbdgfkk":"966940269B962822057AA7B583993B8EE40632B758F0E7EA4B8D9D75F53A5CA5","gfdkimpbcpahaombhbimeihdjnejgicl":"A85B6849DC9EEFB1894253A2157800FD7E75BAEE276696908297067C3EEE43D4","kmendfapggjehodndflmmgagdbamhnfd":"92B8C46F015B56DCBE0E38365E576FDEFE3FAB52BE7FD8FF159B51B727D6E924","lccekmodgklaepjeofjdjpbminllajkg":"DA76561CFFFF3C125BAD35BB396ED52DB8C38D6E2389360AFCBCBF0B4EFC16D7","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"B726AD505AA5445990114B409EA504E8542C874B68A011BF2F9465C5B01A20E9","mfehgcgbbipciphmccgaenjidiccnmng":"9E5FA9683E5E6925D6B5A59A2C02AF5CF40A031672CDC60C906C94FD82AFDBDF","mfffpogegjflfpflabcdkioaeobkgjik":"9B93751C605FB0874C0CD9EE02AE8795376525E0A926C77FD4EA5A76E8306B0F","mgndgikekgjfcpckkfioiadnlibdjbkf":"8893122F307F8EE1C33796808E9B5CBFEA2BCEDB4CA49D6EA6D84D8B5EDD5BE3","mhjfbmdgcfjbbpaeojofohoefgiehjai":"9C115435FC4714133E136F77DC05FDB8FDCABA0BA4E02BE833BF935642AA3BE0","nbpagnldghgfoolbancepceaanlmhfmd":"2B9105AA619B87EA3BC4AF78D6831763D8893892E62ACB34D54D9495AE66B0C3","neajdppkdcdipfabeoofebfddakdcjhd":"2FB127AAF8FEF07AA5F7CD07294ED5D7BDEA1E34B5BF08BD53E76C2F7700FAAD","nkeimhogjdpnpccoofpliimaahmaaome":"65DE2D1813AA506BFF97F31EF8D8A81E88253E235B3274B024FF75F2D26FBD3C","nmmhkkegccagdldgiimedpiccmgmieda":"418BA73398DF518D319480571521BEFC91CF63651665E23CE6380DFE2962DEBD","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"A965223C9F3DC166C9DB79991C5DFD6F2344F7BFD02263688940616F9FA8642E"}},"google":{"services":{"last_username":"CB650C2D9200310E482B9E094CABD3AA7B22E253B92AB5DEE00F0ECFA8FAD07B","username":"0CA6F29A48988249D8139901C3D5E34AF19282AF898B33E70B59C85D5D93F2EE"}},"homepage":"CDA2027E50964C4D043594017E5B7A5C426EEF954AFB83DD0B29DBE5B0B43DC2","homepage_is_newtabpage":"CB7757E4375BD1255852833947DF48059FCDA32468572C554CE6206BE58B3EAB","pinned_tabs":"0AA2717743F177C50531560804A84FA540CC71BB1FEF5315523B67FCB7435BB5","prefs":{"preference_reset_time":"FC4090510010E5120369D5B8884C5E0A24B7E8B89E71EC6CCC4D91AB69A012F2"},"profile":{"reset_prompt_memento":"CB668D51DC1BDAAF7B147F8C57D15BAA5F27A963689A931926A123D9C91937C9"},"safebrowsing":{"incidents_sent":"CE8C91C401587E8E9D3C582784403F68F5E39B40B851B6348AD3791483810E1D"},"search_provider_overrides":"9A125A937931C78B03E31B9F1D183ACBA3F1A15169A27AAE68AF6B90F7958AD3","session":{"restore_on_startup":"B7A482C5AEAD630AEB3FB998F601790CB2508ABFD26FC2A51C94285401573622","startup_urls":"79C28A756359E8CCBE06C496AD9E8E7395493AF4ACD5062D511BBEDECB117037"},"software_reporter":{"prompt_reason":"E331CD0F7179895E3E54E71C95DC27981D813F6169A5265A7423E294DCDA6681","prompt_seed":"F2BC4C01AAECA2A6238144B51DBD0DC42B42F4F7E069445EDF24CD067E0D9272","prompt_version":"F679549B9715E542432E0AFAB450D945D2B7FF507EE7B958645878D6928E1377"},"sync":{"remaining_rollback_tries":"0980DBC427CE39B9A8D3B590B5D71F87DB6681A22F1641F0F97FA7A8FC3CA158"}},"super_mac":"F2F76542B1346A53C68E42502F809E1B4398335B2EC5ACB93E65CA03DF08E6D3"}}
 
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on 18/06/2015 at 12:47:17.77 ======================
 
 
ESET Results
 
ÿþC#:#\#U#s#e#r#s#\#g#r#e#g#\#A#p#p#D#a#t#a#\#L#o#c#a#l#\#M#i#c#r#o#s#o#f#t#\#W#i#n#d#o#w#s#\#I#N#e#t#C#a#c#h#e#\#I#E#\#U#K#N#W#R#J#Z#9#\#c#6#2#9#6#d#d#b#5#6#1#f#8#4#5#3#f#1#9#9#7#4#6#5#2#3#1#5#4#4#0#b#4#5#2#1#3#c#4#8#[#1#]#.#h#t#m# #H#T#M#L#/#I#f#r#a#m#e#.#B#.#G#e#n# #v#i#r#u#s#
 
Thankss,
 
Greg


#12 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 19 June 2015 - 11:51 AM

it just seems like gibberish to me!

 

:P  me too until I sussed what it said between the hashes.

 

On a Windows 8.1 system this is unlikely to be a problem but we'll clear it anyway.

 

Please run Zoek again.

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe.

  • on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    autoclean;
    emptyalltemp;
    emptyclsid;
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

When you post the log, can you let me know if all is OK now and if so, we'll tidy up.#

Satchfan

 

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 Crimson Fury

Crimson Fury
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 19 June 2015 - 02:41 PM

Hi Sashfan,

 

I'm glad you managed to decipher the log!

 

Here is the log you asked for:

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by greg on 19/06/2015 at 20:21:05.40.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\greg\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-06-18-114717.log 6745 bytes
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Acro Software deleted successfully
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Users\greg\AppData\Roaming\dlg deleted successfully
C:\Users\greg\AppData\Roaming\hpqlog deleted successfully
C:\Users\greg\AppData\Roaming\QuickScan deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1768010881-1514406458-3837760678-1001\Software\Microsoft\Internet Explorer\SearchScopes\{37300C41-8E69-4BA3-9CB6-35547A632710} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{37300C41-8E69-4BA3-9CB6-35547A632710} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Borderlands The Pre-Sequel not found
C:\PROGRA~2\Acro Software not found
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\SystemRequirementsLab deleted
C:\PROGRA~2\CCTV View deleted
C:\PROGRA~3\Avg_Update_0215pi deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\RENC16F.tmp deleted
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\CS0VgsMs.default\extensions\staged deleted
C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\CS0VgsMs.default\extensions\abs@avira.com deleted
"C:\windows\Installer\23c71.msi" deleted
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.124
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/05/2015 11:17]
 
Retro Robots Theme - greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejiklfknjocjccolialojlfhliacoeoo
AdBlock - greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Fix ======================
 
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shoppinglifestyle.com_0.localstorage deleted successfully
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.shoppinglifestyle.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7A6F2EDADB7E5594DB660309B322D3FD deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7A6F2EDADB7E5594DB660309B322D3FD deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\greg\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\greg\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\greg\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\greg\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=153 folders=44 326333718 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\greg\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\greg\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
 
==== EOF on 19/06/2015 at 20:36:11.65 ======================
 
 
Before that final test/clean my computer had quite a lot of new advertisements online but from what I can tell it seems to now be removed. So yeah even though I don't 100% believe it you may well have healed my virus-ridden laptop! The next clean-up stage sounds rather appealing as my laptop is now pretty full of programmes I have only used once, during that if there are still any problems that come up I'll let you know.
 
Thanks!!
 
Greg


#14 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 20 June 2015 - 10:16 AM

Hi Greg

Sorry for the late reply but I received no notification of your reply again, (don't know if it's something to do with my email).

I have to go out for a while but will send the instructions to tidy up later on.

 

Nina


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,790 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:31 PM

Posted 20 June 2015 - 10:24 AM

Sorry for the extra post but I just remembered that before we tidy up I’d like a final scan.


Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Thanks.

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users