Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open any of my antivirus or antispyware programs


  • This topic is locked This topic is locked
26 replies to this topic

#1 keorynx

keorynx

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 24 June 2015 - 12:23 PM

Hello everyone. I am in need of some help concerning something that my computer has been experiencing.

 

Everytime when I try to open my antivirus (I have webroot secure anywhere antivirus) I double click it but it doesnt open, the same thing happens when I try to open Malwarebytes, I double click it but nothing happens.

 

I tried opening webroot secure anywhere on safe mode and it did open and when I scanned my computer, it removed like 5 threats, however now that I am running my computer normally I still cant open any of my security programs. (malwarebytes, webroot, etc..)

 

My computer is running normally, It hasn't slowed down or anything but I'm feeling alright in knowing that my antivirus isn't opening and I cant even use it.

 

When I tried to download a new antivirus or security program, it never loads or anything.

 

Help!!

 

I have Windows 7.

 

I have used FRST.exe and attached the Addition.txt and here is the report of the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Keoryn (administrator) on KEORYN-PC on 24-06-2015 13:12:18
Running from C:\Users\Keoryn\Desktop
Loaded Profiles: Keoryn (Available Profiles: Keoryn)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(TorchMedia Inc.) C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Users\Keoryn\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(G.V. Knowledge Centre Pvt. Ltd.) C:\Program Files (x86)\Multi EMail Notifier\MultiEMailNotifier.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(KARPOLAN) C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Program Files (x86)\Compuware\Compuware Peer\bin\GomezPEER.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Compuware\Compuware Peer\jre\bin\java.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Update\42.0.0.9757\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [749056 2014-11-27] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [0 ] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer\Run: [2121930226] => C:\ProgramData\msitb.exe [91131904 2010-11-20] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [Multi EMail Notifier] => C:\Program Files (x86)\Multi EMail Notifier\MultiEMailNotifier.exe [528384 2011-03-06] (G.V. Knowledge Centre Pvt. Ltd.)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] ()
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [Spotify Web Helper] => C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [Spotify] => C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compuware Peer.lnk [2015-03-13]
ShortcutTarget: Compuware Peer.lnk -> C:\Program Files (x86)\Compuware\Compuware Peer\bin\GomezPEER.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> DefaultScope {08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} URL = http://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> {08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} URL = http://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> {78C89511-1D6A-4354-8F50-E56E521E103D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11147
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-08-06] (www.flashget.com)
BHO-x32: SearchPredictObj Class -> {389943B0-C3A2-4E69-82CB-8596A84CB3DC} -> C:\Program Files (x86)\SearchPredict\SearchPredict.dll [2012-10-02] (SpeedBit Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: SBCONVERT Class -> {92A9ACF4-9333-43AE-9698-DB283326F87F} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll [2015-03-10] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-05-18] (www.flashget.com)
BHO-x32: GrabberObj Class -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll [2015-03-10] (SPEEDbit)
Toolbar: HKLM - No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File
Toolbar: HKLM-x32 - No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File
Toolbar: HKLM-x32 - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll [2015-03-10] ()
Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File
Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default
FF Homepage: yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: TorchVLC -> C:\Users\Keoryn\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Extension: Video DownloadHelper - C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-31]
FF Extension: DownThemAll! - C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-03-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-01-30]
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox
FF Extension: SearchPredict - C:\Program Files (x86)\SearchPredict\PRFireFox [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF Extension: SPEEDbit Video Downloader - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2015-03-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-09]
CHR Extension: (Google Slides) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09]
CHR Extension: (Internet Speed Test) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2015-03-30]
CHR Extension: (Google Docs) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09]
CHR Extension: (YouTube) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09]
CHR Extension: (Adblock Plus) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-09]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-03-30]
CHR Extension: (Google Search) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09]
CHR Extension: (SpeedBit Video Downloader) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2015-03-10]
CHR Extension: (Adblock Plus) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\edbkcdlajmcohpeldejolahbohonfkfh [2015-01-10]
CHR Extension: (Video Downloader professional) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-27]
CHR Extension: (Hola Better Internet Engine) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-01-09]
CHR Extension: (Google Sheets) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-01-09]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-01-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (SpeedBit Search Predict) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2015-03-10]
CHR Extension: (Ashish Mishra) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-01-24]
CHR Extension: (MuteTab) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-01-09]
CHR Extension: (FoxClocks) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\obcbigljfpgappaaofailjjoabiikckk [2015-01-09]
CHR Extension: (Adblock Pro) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-01-10]
CHR Extension: (Gmail) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09]
CHR HKLM-x32\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - C:\Program Files (x86)\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2015-03-10]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.2.42.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files (x86)\SearchPredict\Chrome\SearchPredictChrome.crx [2015-03-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows ® Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 TorchCrashHandler; C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-06-09] (TorchMedia Inc.) <==== ATTENTION
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
R2 VSSS; C:\Users\Keoryn\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103214464 2015-06-23] (Microsoft Corporation) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (Qualcomm Atheros)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [File not signed]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-26] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-09] (Webroot)
R3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 13:12 - 2015-06-24 13:12 - 00037539 _____ C:\Users\Keoryn\Desktop\FRST.txt
2015-06-24 13:06 - 2015-06-24 13:06 - 00000000 ___RD C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-24 13:00 - 2015-06-24 13:12 - 00000000 ____D C:\FRST
2015-06-24 13:00 - 2015-06-24 13:00 - 02109952 _____ (Farbar) C:\Users\Keoryn\Desktop\FRST64.exe
2015-06-24 12:38 - 2015-06-24 12:38 - 00286680 _____ C:\Windows\Minidump\062415-19734-01.dmp
2015-06-24 12:33 - 2015-06-24 12:33 - 00286680 _____ C:\Windows\Minidump\062415-18314-01.dmp
2015-06-24 12:22 - 2015-06-24 12:22 - 01415680 _____ (wj32) C:\Program Files\CCRLILCC.exe
2015-06-24 12:21 - 2015-06-24 12:21 - 01415680 _____ (wj32) C:\Program Files\X3FOU3IL.exe
2015-06-24 12:21 - 2015-06-24 12:21 - 01415680 _____ (wj32) C:\Program Files\5EKT2BHZ.exe
2015-06-24 12:20 - 2015-06-24 12:38 - 447386921 _____ C:\Windows\MEMORY.DMP
2015-06-24 12:20 - 2015-06-24 12:38 - 00000000 ____D C:\Windows\Minidump
2015-06-24 12:20 - 2015-06-24 12:21 - 00286680 _____ C:\Windows\Minidump\062415-22245-01.dmp
2015-06-24 12:19 - 2015-06-24 12:36 - 00000944 _____ C:\Users\Keoryn\Desktop\Rkill.txt
2015-06-24 12:19 - 2015-06-24 12:19 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Downloads\rkill (1).exe
2015-06-24 12:19 - 2015-06-24 12:19 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Desktop\rkill (1)64.exe
2015-06-24 12:08 - 2015-06-24 12:08 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Downloads\rkill.exe.torchdownload
2015-06-24 12:07 - 2015-06-24 12:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Downloads\rkill.com.torchdownload
2015-06-24 07:23 - 2015-06-24 07:23 - 01415680 _____ (wj32) C:\Program Files\EKT28K8K.exe
2015-06-24 06:59 - 2015-06-24 06:59 - 00000000 ____D C:\Windows\pss
2015-06-24 06:55 - 2015-06-24 06:55 - 01415680 _____ (wj32) C:\Program Files\EB2WTNTK.exe
2015-06-24 06:48 - 2015-06-24 06:48 - 01415680 _____ (wj32) C:\Program Files\88KEE8EH.exe
2015-06-24 06:42 - 2015-06-24 06:42 - 00817072 _____ (Webroot) C:\Users\Keoryn\Downloads\wsainstall (1).exe
2015-06-24 06:31 - 2015-06-24 13:06 - 00000728 _____ C:\Windows\setupact.log
2015-06-24 06:31 - 2015-06-24 13:05 - 00003288 _____ C:\Windows\PFRO.log
2015-06-24 06:31 - 2015-06-24 06:31 - 00000000 _____ C:\Windows\setuperr.log
2015-06-24 06:18 - 2015-06-24 06:18 - 01415680 _____ (wj32) C:\Program Files\PY1DMS7D.exe
2015-06-24 00:27 - 2015-06-24 00:27 - 01415680 _____ (wj32) C:\Program Files\DY1A1D17.exe
2015-06-24 00:25 - 2015-06-24 06:27 - 00000000 ____D C:\Program Files (x86)\USBAntivirus
2015-06-23 21:57 - 2015-06-23 21:57 - 01415680 _____ (wj32) C:\Program Files\2ENZ5EW5.exe
2015-06-23 15:20 - 2015-06-23 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-22 21:49 - 2015-06-22 21:49 - 00400511 _____ C:\Users\Keoryn\Downloads\2.5.49_0.crx
2015-06-22 21:20 - 2015-06-22 21:20 - 00892945 _____ C:\Users\Keoryn\Desktop\bookmarks_6_22_15.html
2015-06-20 00:01 - 2015-06-20 00:02 - 00001878 _____ C:\Users\Keoryn\Desktop\sc-cleaner.txt
2015-06-17 14:38 - 2015-06-17 14:38 - 00001908 _____ C:\Windows\diagwrn.xml
2015-06-17 14:38 - 2015-06-17 14:38 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-17 14:26 - 2015-06-17 14:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-11 23:32 - 2015-06-11 23:32 - 00000000 ____D C:\Users\Keoryn\Tracing
2015-06-11 23:28 - 2015-06-15 17:09 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\Skype
2015-06-11 23:28 - 2015-06-11 23:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-11 23:28 - 2015-06-11 23:28 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-11 23:28 - 2015-06-11 23:28 - 00000000 ____D C:\Users\Keoryn\AppData\Local\Skype
2015-06-11 23:28 - 2015-06-11 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-11 23:27 - 2015-06-11 23:28 - 00000000 ____D C:\ProgramData\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 13:11 - 2015-01-09 20:58 - 02084694 _____ C:\Windows\WindowsUpdate.log
2015-06-24 13:08 - 2015-01-10 13:04 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\Spotify
2015-06-24 13:06 - 2015-02-16 13:23 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2015-06-24 13:06 - 2015-01-30 07:25 - 00000707 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-06-24 13:06 - 2015-01-10 13:27 - 00000000 ____D C:\Users\Keoryn\AppData\Local\Spotify
2015-06-24 13:06 - 2015-01-09 19:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 13:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 13:04 - 2009-07-14 00:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 13:04 - 2009-07-14 00:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 12:55 - 2015-01-10 15:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 12:35 - 2015-01-09 19:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 12:08 - 2015-01-17 16:52 - 00000000 ____D C:\Users\Keoryn\AppData\Local\CrashDumps
2015-06-24 11:37 - 2015-01-10 13:07 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2015-06-24 10:57 - 2015-01-10 13:07 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-2111322326-2708872261-1706214852-1000.job
2015-06-24 09:04 - 2015-01-10 13:00 - 00000000 ____D C:\Users\Keoryn\Desktop\My Work Samples And Crap!
2015-06-24 08:15 - 2015-01-10 14:45 - 00000000 _RSHD C:\Backup6271395048
2015-06-24 08:15 - 2015-01-10 14:43 - 00000000 _RSHD C:\Users\Keoryn\Documents\FreeFolderHiderData
2015-06-24 07:16 - 2015-01-28 08:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-24 07:04 - 2015-01-30 07:09 - 00000000 ____D C:\ProgramData\WRData
2015-06-24 06:28 - 2015-01-10 13:16 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\Azureus
2015-06-24 06:17 - 2015-01-18 22:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-24 00:24 - 2015-01-10 09:32 - 00000000 ____D C:\Users\Keoryn\Desktop\Extracted Things
2015-06-23 23:55 - 2015-01-10 15:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 23:55 - 2015-01-10 15:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 23:55 - 2015-01-10 15:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 22:05 - 2015-01-09 21:25 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\vlc
2015-06-23 08:16 - 2009-07-14 01:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 21:38 - 2015-03-14 12:55 - 00001405 _____ C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-06-22 21:13 - 2015-02-16 11:12 - 00000000 ____D C:\Users\Keoryn\AppData\Local\Torch
2015-06-22 16:40 - 2015-01-09 22:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 21:38 - 2015-01-11 01:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-06-19 08:34 - 2015-04-18 09:42 - 00000000 ____D C:\Users\Keoryn\AppData\Local\JDownloader 2.0
2015-06-18 08:55 - 2015-01-10 03:34 - 00000000 ____D C:\Users\Keoryn\Desktop\Trabajos Y Bainas De La Universidad (APEC)
2015-06-11 23:32 - 2015-01-09 21:01 - 00000000 ____D C:\Users\Keoryn
2015-06-11 23:27 - 2015-01-10 13:30 - 00000000 ____D C:\ProgramData\Unchecky
2015-06-10 17:29 - 2015-01-09 19:02 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420844539
2015-06-10 17:29 - 2015-01-09 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-09 14:27 - 2015-02-26 09:41 - 00041040 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-05-31 16:05 - 2015-01-10 03:34 - 00000000 ____D C:\Users\Keoryn\Desktop\Subtitles Folder
2015-05-28 16:47 - 2015-01-20 09:51 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\MiniLyrics
2015-05-28 16:47 - 2015-01-20 09:51 - 00000000 ____D C:\Lyrics
2015-05-26 20:51 - 2015-03-20 20:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-26 20:51 - 2015-03-20 20:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-26 15:27 - 2015-01-30 07:10 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-05-26 15:27 - 2015-01-30 07:10 - 00116224 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-05-26 15:27 - 2015-01-30 07:10 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
 
==================== Files in the root of some directories =======
 
2015-06-23 21:57 - 2015-06-23 21:57 - 1415680 _____ (wj32) C:\Program Files\2ENZ5EW5.exe
2015-06-24 12:21 - 2015-06-24 12:21 - 1415680 _____ (wj32) C:\Program Files\5EKT2BHZ.exe
2015-06-24 06:48 - 2015-06-24 06:48 - 1415680 _____ (wj32) C:\Program Files\88KEE8EH.exe
2015-06-24 12:22 - 2015-06-24 12:22 - 1415680 _____ (wj32) C:\Program Files\CCRLILCC.exe
2015-06-24 00:27 - 2015-06-24 00:27 - 1415680 _____ (wj32) C:\Program Files\DY1A1D17.exe
2015-06-24 06:55 - 2015-06-24 06:55 - 1415680 _____ (wj32) C:\Program Files\EB2WTNTK.exe
2015-06-24 07:23 - 2015-06-24 07:23 - 1415680 _____ (wj32) C:\Program Files\EKT28K8K.exe
2015-06-24 06:18 - 2015-06-24 06:18 - 1415680 _____ (wj32) C:\Program Files\PY1DMS7D.exe
2015-06-24 12:21 - 2015-06-24 12:21 - 1415680 _____ (wj32) C:\Program Files\X3FOU3IL.exe
2015-04-12 13:29 - 2015-04-12 13:29 - 0003584 _____ () C:\Users\Keoryn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 13:07 - 2015-01-10 13:07 - 0000003 _____ () C:\Users\Keoryn\AppData\Local\updater.log
2015-01-10 13:07 - 2015-04-22 14:59 - 0000424 _____ () C:\Users\Keoryn\AppData\Local\UserProducts.xml
2010-11-20 23:24 - 2010-11-20 23:24 - 91131904 ___SH () C:\ProgramData\msitb.exe
 
Files to move or delete:
====================
C:\ProgramData\msitb.exe
 
 
Some files in TEMP:
====================
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll
C:\Users\Keoryn\AppData\Local\Temp\cdo2316882333.dll
C:\Users\Keoryn\AppData\Local\Temp\cdo2672385648.dll
C:\Users\Keoryn\AppData\Local\Temp\KERNEL.DLL
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-13 06:00
 
==================== End of log ============================
 
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 27 June 2015 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(TorchMedia Inc.) C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Update\42.0.0.9757\TorchUpdate.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> DefaultScope {08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} URL = http://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> {08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} URL = http://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}
BHO-x32: SearchPredictObj Class -> {389943B0-C3A2-4E69-82CB-8596A84CB3DC} -> C:\Program Files (x86)\SearchPredict\SearchPredict.dll [2012-10-02] (SpeedBit Ltd.)
BHO-x32: SBCONVERT Class -> {92A9ACF4-9333-43AE-9698-DB283326F87F} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll [2015-03-10] ()
Toolbar: HKLM - No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File
Toolbar: HKLM-x32 - No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File
Toolbar: HKLM-x32 - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll [2015-03-10] ()
Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File
Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox
FF Extension: SearchPredict - C:\Program Files (x86)\SearchPredict\PRFireFox [2015-03-10]
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF Extension: SPEEDbit Video Downloader - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2015-03-10]
CHR Extension: (SpeedBit Video Downloader) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2015-03-10]
CHR Extension: (SpeedBit Search Predict) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2015-03-10]
CHR HKLM-x32\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - C:\Program Files (x86)\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2015-03-10]
CHR HKLM-x32\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files (x86)\SearchPredict\Chrome\SearchPredictChrome.crx [2015-03-10]
R2 TorchCrashHandler; C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-06-09] (TorchMedia Inc.) <==== ATTENTION
R3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Keoryn\AppData\Local\Torch
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll
C:\Users\Keoryn\AppData\Local\Temp\cdo2316882333.dll
C:\Users\Keoryn\AppData\Local\Temp\cdo2672385648.dll
C:\Users\Keoryn\AppData\Local\Temp\KERNEL.DLL

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Please let me know what problem persists.

#3 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 27 June 2015 - 01:07 PM

Hi, thanks for responding. This is the report from farbar tool after I pressed the ''Fix'' button, this is the report that it generated:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Keoryn at 2015-06-27 13:31:49 Run:1

Running from C:\Users\Keoryn\Desktop\farbar tool

Loaded Profiles: Keoryn (Available Profiles: Keoryn)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

(TorchMedia Inc.) C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Update\42.0.0.9757\TorchUpdate.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

(Torch Media Inc.) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe

HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> DefaultScope {08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} URL = http://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}

SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> {08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} URL = http://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}

BHO-x32: SearchPredictObj Class -> {389943B0-C3A2-4E69-82CB-8596A84CB3DC} -> C:\Program Files (x86)\SearchPredict\SearchPredict.dll [2012-10-02] (SpeedBit Ltd.)

BHO-x32: SBCONVERT Class -> {92A9ACF4-9333-43AE-9698-DB283326F87F} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll [2015-03-10] ()

Toolbar: HKLM - No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File

Toolbar: HKLM-x32 - No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File

Toolbar: HKLM-x32 - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll [2015-03-10] ()

Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} -  No File

Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

Toolbar: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox

FF Extension: SearchPredict - C:\Program Files (x86)\SearchPredict\PRFireFox [2015-03-10]

FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox

FF Extension: SPEEDbit Video Downloader - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [2015-03-10]

CHR Extension: (SpeedBit Video Downloader) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb [2015-03-10]

CHR Extension: (SpeedBit Search Predict) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea [2015-03-10]

CHR HKLM-x32\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - C:\Program Files (x86)\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2015-03-10]

CHR HKLM-x32\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files (x86)\SearchPredict\Chrome\SearchPredictChrome.crx [2015-03-10]

R2 TorchCrashHandler; C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-06-09] (TorchMedia Inc.) <==== ATTENTION

R3 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

U0 SR; No ImagePath

U2 srservice; No ImagePath

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Users\Keoryn\AppData\Local\Torch

C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll

C:\Users\Keoryn\AppData\Local\Temp\cdo2316882333.dll

C:\Users\Keoryn\AppData\Local\Temp\cdo2672385648.dll

C:\Users\Keoryn\AppData\Local\Temp\KERNEL.DLL

 

End

*****************

 

Error: (0) Failed to create a restore point.

Processes closed successfully.

C:\Users\Keoryn\AppData\Local\Torch\Update\TorchCrashHandler.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Update\42.0.0.9757\TorchUpdate.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe => No running process found

"HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223}" => key removed successfully

HKCR\CLSID\{08B41DBB-B8E5-4B5C-9F54-E2FEB6ACB223} => key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} => value removed successfully

HKCR\CLSID\{0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} => value removed successfully

HKCR\Wow6432Node\CLSID\{0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} => key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value removed successfully

"HKCR\Wow6432Node\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}" => key removed successfully

HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} => value removed successfully

HKCR\CLSID\{0B7486B9-AC3F-450F-9CCB-D7AB337E9EE3} => key not found.

HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully

HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.

HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value removed successfully

HKCR\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => key not found.

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\searchpredict@speedbit.com => value removed successfully

C:\Program Files (x86)\SearchPredict\PRFireFox => moved successfully.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} => value removed successfully

C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox => moved successfully.

C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb => moved successfully.

C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea => moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb" => key removed successfully

C:\Program Files (x86)\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx => moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea" => key removed successfully

C:\Program Files (x86)\SearchPredict\Chrome\SearchPredictChrome.crx => moved successfully.

TorchCrashHandler => Service removed successfully

KProcessHacker2 => Service stopped successfully.

KProcessHacker2 => Service removed successfully

SR => Service removed successfully

srservice => Service removed successfully

VGPU => Service removed successfully

C:\Users\Keoryn\AppData\Local\Torch => moved successfully.

C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll => moved successfully.

C:\Users\Keoryn\AppData\Local\Temp\cdo2316882333.dll => moved successfully.

C:\Users\Keoryn\AppData\Local\Temp\cdo2672385648.dll => moved successfully.

C:\Users\Keoryn\AppData\Local\Temp\KERNEL.DLL => moved successfully.

EmptyTemp: => 725.5 MB temporary data Removed.

 

 

The system needed a reboot..

 

==== End of Fixlog 13:32:11 ====

 

This is the report from adware cleaner:

 

# AdwCleaner v4.207 - Logfile created 27/06/2015 at 13:56:18

# Updated 21/06/2015 by Xplode

# Database : 2015-06-23.1 [Server]

# Operating system : Windows 7 Enterprise Service Pack 1 (x64)

# Username : Keoryn - KEORYN-PC

# Running from : C:\Users\Keoryn\Desktop\Downloads\adwcleaner_4.207.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage

File Found : C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal

File Found : C:\Users\Keoryn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PDF to Word Converter.lnk

File Found : C:\Users\Keoryn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Torch.lnk

File Found : C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

File Found : C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

File Found : C:\Users\Keoryn\Desktop\My Video Downloads.lnk

File Found : C:\Users\Keoryn\Desktop\SPEEDbit Video Downloader.lnk

File Found : C:\Users\Keoryn\Desktop\Torch.lnk

File Found : C:\Users\Public\Desktop\PDF to Word Converter.lnk

Folder Found : C:\Program Files (x86)\MiniLyrics

Folder Found : C:\Program Files (x86)\SearchPredict

Folder Found : C:\Program Files (x86)\Speedbit Video Downloader

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader

Folder Found : C:\ProgramData\torchcrashhandler

Folder Found : C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

Folder Found : C:\Users\Keoryn\AppData\LocalLow\Toolbar4

Folder Found : C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch

Folder Found : C:\Users\Keoryn\AppData\Roaming\MiniLyrics

 

***** [ Scheduled tasks ] *****

 

Task Found : update-sys

Task Found : update-S-1-5-21-2111322326-2708872261-1706214852-1000

Task Found : update-sys

Task Found : update-S-1-5-21-2111322326-2708872261-1706214852-1000

Task Found : update-sys

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch

Key Found : HKCU\Software\MiniLyrics

Key Found : HKCU\Software\SpeedBit

Key Found : HKCU\Software\TNT2

Key Found : HKCU\Software\torch

Key Found : [x64] HKCU\Software\MiniLyrics

Key Found : [x64] HKCU\Software\SpeedBit

Key Found : [x64] HKCU\Software\TNT2

Key Found : [x64] HKCU\Software\torch

Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4580AB54-3C2F-4970-9A77-8628FA182F03}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{46B5EE7F-3B6B-4079-A756-5EFC10B1F50B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler

Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Found : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter

Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert

Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3

Key Found : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj

Key Found : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiniLyrics

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader

Key Found : HKLM\SOFTWARE\MozillaPlugins\TorchVLC

Key Found : HKLM\SOFTWARE\SpeedBit

Key Found : HKLM\SOFTWARE\torch

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17496

 

 

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

 

[hgrfua9p.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"d\":\"C:\\\\Users\\\\Keoryn\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hgrfua9p.defaul[...]

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var1", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var10", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var2", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var3", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var4", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var5", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var6", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var7", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var8", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.Var9", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "46/21/26/5/115");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.guid", "%7B1E76AB67-E4F8-48E7-76E1-4EC594AF453B%7D");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader.userId", "%12");

[hgrfua9p.default] - Line Found : user_pref("speedbitvideodownloader_installed_version", "3.2.0");

 

-\\ Google Chrome v43.0.2357.130

 

[C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.findwide.com/serp?guid={9AF03925-525A-4298-92DF-9FEBFEF9071D}&action=default_search&k={searchTerms}

[C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.iminent.com/?appId=6CF57981-28A7-4BB6-95E2-480015344392&ref=toolbox&q={searchTerms}

[C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

 

-\\ Opera v30.0.1835.88

 

 

*************************

 

AdwCleaner[R0].txt - [16060 bytes] - [27/06/2015 13:41:51]

AdwCleaner[R1].txt - [15695 bytes] - [27/06/2015 13:56:18]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [15755 bytes] ##########

 

By the way, after I pressed the cleaning button from adware cleaner, my computer restarted automatically and it got the blue screen of death. I don't think any cleaning process could be done as my computer just restarted and i saw the blue screen of death before any cleaning could be done.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 27 June 2015 - 01:32 PM

Restart the computer normally again.

Run the AdwCleaner.

Any luck?

#5 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 27 June 2015 - 01:54 PM

I restarted the computer normally and ran adware cleaner again and when I pressed the clean button it got the blue screen of death again. No cleaning process was done as my computer just restarted and got the BSOD again before anything could be done.

 

By the way, my antivirus pops up on the taskbar when I start my computer (webroot secure anywhere) but when I scroll my mouse over to the antivirus, it closes.


Edited by keorynx, 27 June 2015 - 01:55 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 28 June 2015 - 07:20 AM


Turn System Restore on - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7

If you get an error message please make a note of it and post it in your next reply.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

C:\Windows\Minidump\062415-19734-01.dmp
C:\Windows\Minidump\062415-18314-01.dmp
C:\Program Files\CCRLILCC.exe
C:\Program Files\X3FOU3IL.exe
C:\Program Files\5EKT2BHZ.exe
C:\Windows\MEMORY.DMP
C:\Program Files\EKT28K8K.exe
C:\Program Files\EB2WTNTK.exe
C:\Program Files\88KEE8EH.exe
C:\Program Files\PY1DMS7D.exe
C:\Program Files\DY1A1D17.exe
C:\Program Files\2ENZ5EW5.exe
C:\Program Files\2ENZ5EW5.exe
C:\Program Files\5EKT2BHZ.exe
C:\Program Files\88KEE8EH.exe
C:\Program Files\CCRLILCC.exe
C:\Program Files\DY1A1D17.exe
C:\Program Files\EB2WTNTK.exe
C:\Program Files\EKT28K8K.exe
C:\Program Files\PY1DMS7D.exe
C:\Program Files\X3FOU3IL.exe
C:\Program Files (x86)\MiniLyrics
C:\Program Files (x86)\SearchPredict
C:\Program Files (x86)\Speedbit Video Downloader
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
C:\ProgramData\torchcrashhandler
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
C:\Users\Keoryn\AppData\LocalLow\Toolbar4
C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
C:\Users\Keoryn\AppData\Roaming\MiniLyrics

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Do not run the AdwCleaning at this time.

Also please run the Farbar tool and post a fresh FRST log for my review.

#7 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 28 June 2015 - 08:20 AM

i turned on system restore and no error messages emerged.

 

Here is the Fixlog.txt report:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Keoryn at 2015-06-28 09:01:00 Run:3
Running from C:\Users\Keoryn\Desktop\farbar tool
Loaded Profiles: Keoryn (Available Profiles: Keoryn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
EmptyTemp:
CloseProcesses:
 
C:\Windows\Minidump\062415-19734-01.dmp
C:\Windows\Minidump\062415-18314-01.dmp
C:\Program Files\CCRLILCC.exe
C:\Program Files\X3FOU3IL.exe
C:\Program Files\5EKT2BHZ.exe
C:\Windows\MEMORY.DMP
C:\Program Files\EKT28K8K.exe
C:\Program Files\EB2WTNTK.exe
C:\Program Files\88KEE8EH.exe
C:\Program Files\PY1DMS7D.exe
C:\Program Files\DY1A1D17.exe
C:\Program Files\2ENZ5EW5.exe
C:\Program Files\2ENZ5EW5.exe
C:\Program Files\5EKT2BHZ.exe
C:\Program Files\88KEE8EH.exe
C:\Program Files\CCRLILCC.exe
C:\Program Files\DY1A1D17.exe
C:\Program Files\EB2WTNTK.exe
C:\Program Files\EKT28K8K.exe
C:\Program Files\PY1DMS7D.exe
C:\Program Files\X3FOU3IL.exe
C:\Program Files (x86)\MiniLyrics
C:\Program Files (x86)\SearchPredict
C:\Program Files (x86)\Speedbit Video Downloader
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
C:\ProgramData\torchcrashhandler
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
C:\Users\Keoryn\AppData\LocalLow\Toolbar4
C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
C:\Users\Keoryn\AppData\Roaming\MiniLyrics
 
End
*****************
 
Processes closed successfully.
"C:\Windows\Minidump\062415-19734-01.dmp" => File/Folder not found.
"C:\Windows\Minidump\062415-18314-01.dmp" => File/Folder not found.
"C:\Program Files\CCRLILCC.exe" => File/Folder not found.
"C:\Program Files\X3FOU3IL.exe" => File/Folder not found.
"C:\Program Files\5EKT2BHZ.exe" => File/Folder not found.
"C:\Windows\MEMORY.DMP" => File/Folder not found.
"C:\Program Files\EKT28K8K.exe" => File/Folder not found.
"C:\Program Files\EB2WTNTK.exe" => File/Folder not found.
"C:\Program Files\88KEE8EH.exe" => File/Folder not found.
"C:\Program Files\PY1DMS7D.exe" => File/Folder not found.
"C:\Program Files\DY1A1D17.exe" => File/Folder not found.
"C:\Program Files\2ENZ5EW5.exe" => File/Folder not found.
"C:\Program Files\2ENZ5EW5.exe" => File/Folder not found.
"C:\Program Files\5EKT2BHZ.exe" => File/Folder not found.
"C:\Program Files\88KEE8EH.exe" => File/Folder not found.
"C:\Program Files\CCRLILCC.exe" => File/Folder not found.
"C:\Program Files\DY1A1D17.exe" => File/Folder not found.
"C:\Program Files\EB2WTNTK.exe" => File/Folder not found.
"C:\Program Files\EKT28K8K.exe" => File/Folder not found.
"C:\Program Files\PY1DMS7D.exe" => File/Folder not found.
"C:\Program Files\X3FOU3IL.exe" => File/Folder not found.
"C:\Program Files (x86)\MiniLyrics" => File/Folder not found.
"C:\Program Files (x86)\SearchPredict" => File/Folder not found.
"C:\Program Files (x86)\Speedbit Video Downloader" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniLyrics" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader" => File/Folder not found.
"C:\ProgramData\torchcrashhandler" => File/Folder not found.
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel => moved successfully.
"C:\Users\Keoryn\AppData\LocalLow\Toolbar4" => File/Folder not found.
"C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch" => File/Folder not found.
"C:\Users\Keoryn\AppData\Roaming\MiniLyrics" => File/Folder not found.
EmptyTemp: => 17.4 MB temporary data Removed.
 
 
The system needed a reboot.. 
 

 

==== End of Fixlog 09:01:04 ====
 
Here is the FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Keoryn (administrator) on KEORYN-PC on 28-06-2015 09:09:12
Running from C:\Users\Keoryn\Desktop\farbar tool
Loaded Profiles: Keoryn (Available Profiles: Keoryn)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Users\Keoryn\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(G.V. Knowledge Centre Pvt. Ltd.) C:\Program Files (x86)\Multi EMail Notifier\MultiEMailNotifier.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(KARPOLAN) C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [749056 2014-11-27] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [0 ] (Webroot)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer\Run: [2121930226] => C:\ProgramData\msitb.exe [91131904 2010-11-20] ()
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [Multi EMail Notifier] => C:\Program Files (x86)\Multi EMail Notifier\MultiEMailNotifier.exe [528384 2011-03-06] (G.V. Knowledge Centre Pvt. Ltd.)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] ()
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [Spotify Web Helper] => C:\Users\Keoryn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [KeyboardLeds.exe] => C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe [912896 2012-09-05] (KARPOLAN)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [Spotify] => C:\Users\Keoryn\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compuware Peer.lnk [2015-03-13]
ShortcutTarget: Compuware Peer.lnk -> C:\Program Files (x86)\Compuware\Compuware Peer\bin\GomezPEER.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2111322326-2708872261-1706214852-1000 -> {78C89511-1D6A-4354-8F50-E56E521E103D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11147
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll [2007-08-06] (www.flashget.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2007-05-18] (www.flashget.com)
BHO-x32: GrabberObj Class -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default
FF Homepage: yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: TorchVLC -> C:\Users\Keoryn\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll No File
FF Extension: Video DownloadHelper - C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-31]
FF Extension: DownThemAll! - C:\Users\Keoryn\AppData\Roaming\Mozilla\Firefox\Profiles\hgrfua9p.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-03-10]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-11]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-01-30]
FF Extension: No Name - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-09]
CHR Extension: (Google Slides) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-09]
CHR Extension: (Internet Speed Test) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2015-03-30]
CHR Extension: (Google Docs) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-09]
CHR Extension: (Google Drive) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-09]
CHR Extension: (YouTube) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-09]
CHR Extension: (Adblock Plus) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-09]
CHR Extension: (No Name) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-06-28]
CHR Extension: (Google Search) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-09]
CHR Extension: (Adblock Plus) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\edbkcdlajmcohpeldejolahbohonfkfh [2015-01-10]
CHR Extension: (Video Downloader professional) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-27]
CHR Extension: (Hola Better Internet Engine) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2015-01-09]
CHR Extension: (Google Sheets) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-09]
CHR Extension: (AdBlock) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2015-01-09]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-01-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Ashish Mishra) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2015-01-24]
CHR Extension: (MuteTab) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2015-01-24]
CHR Extension: (Google Wallet) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-09]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2015-01-09]
CHR Extension: (FoxClocks) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\obcbigljfpgappaaofailjjoabiikckk [2015-01-09]
CHR Extension: (Adblock Pro) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-01-10]
CHR Extension: (Gmail) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-09]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.2.42.crx [2015-01-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows ® Win 7 DDK provider) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-17] (Reason Software Company Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [164600 2015-05-05] (RaMMicHaeL)
R2 VSSS; C:\Users\Keoryn\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [103214464 2015-06-23] (Microsoft Corporation) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (Qualcomm Atheros)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [File not signed]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-26] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-09] (Webroot)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 09:03 - 2015-06-28 09:03 - 00000000 ___RD C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-06-28 08:54 - 2015-06-28 08:54 - 01415680 _____ (wj32) C:\Program Files\T288EK58.exe
2015-06-28 08:54 - 2015-06-28 08:54 - 01415680 _____ (wj32) C:\Program Files\SP1DPJ74.exe
2015-06-28 07:59 - 2015-06-28 07:59 - 00003538 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2015-06-28 07:59 - 2015-06-28 07:59 - 00003420 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2015-06-28 07:58 - 2015-06-28 07:58 - 00000871 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-06-28 07:58 - 2015-06-28 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-06-28 07:58 - 2015-06-28 07:58 - 00000000 ____D C:\Program Files\Reason
2015-06-28 07:11 - 2015-06-28 07:11 - 00286624 _____ C:\Windows\Minidump\062815-18220-01.dmp
2015-06-28 06:53 - 2015-06-28 06:53 - 01415680 _____ (wj32) C:\Program Files\RLFCIXU3.exe
2015-06-28 06:53 - 2015-06-28 06:53 - 01415680 _____ (wj32) C:\Program Files\LIFR3FXC.exe
2015-06-28 06:48 - 2015-06-28 06:48 - 01415680 _____ (wj32) C:\Program Files\6IOLU636.exe
2015-06-28 06:29 - 2015-06-28 07:05 - 00000000 ____D C:\UsbFix
2015-06-28 06:29 - 2015-06-28 06:29 - 00001448 _____ C:\Users\Keoryn\Desktop\UsbFix.lnk
2015-06-28 06:24 - 2015-06-28 08:54 - 00000000 ____D C:\ProgramData\MCShield
2015-06-28 06:24 - 2015-06-28 06:43 - 00000000 ____D C:\Program Files (x86)\MCShield
2015-06-28 06:24 - 2015-06-28 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2015-06-27 20:14 - 2015-06-27 20:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-27 20:14 - 2015-06-27 20:14 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-27 20:14 - 2015-06-27 20:14 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-27 20:14 - 2015-06-27 20:14 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\TeamViewer
2015-06-27 15:02 - 2015-06-27 15:02 - 00002543 _____ C:\Users\Keoryn\Desktop\twitter.lnk
2015-06-27 15:02 - 2015-06-27 15:02 - 00002537 _____ C:\Users\Keoryn\Desktop\espnfc.lnk
2015-06-27 15:01 - 2015-06-27 15:01 - 00000000 ____D C:\Users\Keoryn\AppData\Local\Torch
2015-06-27 14:49 - 2015-06-27 14:49 - 00286624 _____ C:\Windows\Minidump\062715-16582-01.dmp
2015-06-27 13:49 - 2015-06-27 13:49 - 00282368 _____ C:\Windows\Minidump\062715-19266-01.dmp
2015-06-27 13:45 - 2015-06-27 13:45 - 01415680 _____ (wj32) C:\Program Files\SMYVSSJ4.exe
2015-06-27 13:23 - 2015-06-28 09:09 - 00000000 ____D C:\Users\Keoryn\Desktop\farbar tool
2015-06-27 13:21 - 2015-06-28 08:32 - 00001357 _____ C:\Users\Keoryn\Desktop\fixlist.txt
2015-06-25 19:58 - 2015-06-25 19:58 - 00037376 _____ C:\Users\Keoryn\Downloads\Calificaciones a la Fecha NEG 157 Ene-Abr 2015 v2.xls
2015-06-24 18:15 - 2015-06-24 18:15 - 01415680 _____ (wj32) C:\Program Files\N28WEKBK.exe
2015-06-24 13:13 - 2015-06-24 13:13 - 00033197 _____ C:\Users\Keoryn\Desktop\Addition.txt
2015-06-24 13:12 - 2015-06-24 13:13 - 00049067 _____ C:\Users\Keoryn\Desktop\FRST.txt
2015-06-24 13:00 - 2015-06-28 09:09 - 00000000 ____D C:\FRST
2015-06-24 12:20 - 2015-06-28 08:52 - 00000000 ____D C:\Windows\Minidump
2015-06-24 12:20 - 2015-06-24 12:21 - 00286680 _____ C:\Windows\Minidump\062415-22245-01.dmp
2015-06-24 12:19 - 2015-06-24 12:36 - 00000944 _____ C:\Users\Keoryn\Desktop\Rkill.txt
2015-06-24 12:19 - 2015-06-24 12:19 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Downloads\rkill (1).exe
2015-06-24 12:19 - 2015-06-24 12:19 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Desktop\rkill (1)64.exe
2015-06-24 12:08 - 2015-06-24 12:08 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Downloads\rkill.exe.torchdownload
2015-06-24 12:07 - 2015-06-24 12:07 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Keoryn\Downloads\rkill.com.torchdownload
2015-06-24 06:59 - 2015-06-24 06:59 - 00000000 ____D C:\Windows\pss
2015-06-24 06:42 - 2015-06-24 06:42 - 00817072 _____ (Webroot) C:\Users\Keoryn\Downloads\wsainstall (1).exe
2015-06-24 06:31 - 2015-06-28 09:02 - 00002184 _____ C:\Windows\setupact.log
2015-06-24 06:31 - 2015-06-27 13:33 - 00011590 _____ C:\Windows\PFRO.log
2015-06-24 06:31 - 2015-06-24 06:31 - 00000000 _____ C:\Windows\setuperr.log
2015-06-24 00:25 - 2015-06-24 06:27 - 00000000 ____D C:\Program Files (x86)\USBAntivirus
2015-06-23 15:20 - 2015-06-23 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-22 21:49 - 2015-06-22 21:49 - 00400511 _____ C:\Users\Keoryn\Downloads\2.5.49_0.crx
2015-06-22 21:20 - 2015-06-22 21:20 - 00892945 _____ C:\Users\Keoryn\Desktop\bookmarks_6_22_15.html
2015-06-20 00:01 - 2015-06-20 00:02 - 00001878 _____ C:\Users\Keoryn\Desktop\sc-cleaner.txt
2015-06-17 14:38 - 2015-06-17 14:38 - 00001908 _____ C:\Windows\diagwrn.xml
2015-06-17 14:38 - 2015-06-17 14:38 - 00001908 _____ C:\Windows\diagerr.xml
2015-06-17 14:26 - 2015-06-17 14:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-11 23:32 - 2015-06-11 23:32 - 00000000 ____D C:\Users\Keoryn\Tracing
2015-06-11 23:28 - 2015-06-15 17:09 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\Skype
2015-06-11 23:28 - 2015-06-11 23:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-11 23:28 - 2015-06-11 23:28 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-11 23:28 - 2015-06-11 23:28 - 00000000 ____D C:\Users\Keoryn\AppData\Local\Skype
2015-06-11 23:28 - 2015-06-11 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-11 23:27 - 2015-06-11 23:28 - 00000000 ____D C:\ProgramData\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-28 09:05 - 2015-01-09 20:58 - 01077202 _____ C:\Windows\WindowsUpdate.log
2015-06-28 09:04 - 2015-01-10 13:04 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\Spotify
2015-06-28 09:03 - 2015-01-10 13:27 - 00000000 ____D C:\Users\Keoryn\AppData\Local\Spotify
2015-06-28 09:02 - 2015-01-09 19:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-28 09:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 08:55 - 2015-01-10 15:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 08:40 - 2015-01-09 18:51 - 00000000 ____D C:\Program Files (x86)\JDownloader
2015-06-28 08:39 - 2015-04-18 09:42 - 00000000 ____D C:\Users\Keoryn\AppData\Local\JDownloader 2.0
2015-06-28 08:39 - 2015-01-10 03:33 - 00000000 ____D C:\Users\Keoryn\Desktop\Setup Of Just About Everything
2015-06-28 08:38 - 2015-01-12 22:48 - 00000000 ____D C:\Program Files (x86)\SPMT
2015-06-28 08:37 - 2009-07-14 00:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-28 08:37 - 2009-07-14 00:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-28 08:35 - 2015-01-09 19:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-28 07:37 - 2015-01-10 13:07 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2015-06-28 06:57 - 2015-01-10 13:07 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-2111322326-2708872261-1706214852-1000.job
2015-06-28 06:47 - 2015-01-09 19:03 - 00109296 _____ C:\Users\Keoryn\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-28 06:46 - 2009-07-14 00:45 - 00409552 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-28 06:45 - 2015-01-10 13:00 - 00000000 ____D C:\Users\Keoryn\Desktop\My Work Samples And Crap!
2015-06-27 15:54 - 2015-01-10 03:34 - 00000000 ____D C:\Users\Keoryn\Desktop\Trabajos Y Bainas De La Universidad (APEC)
2015-06-27 15:01 - 2015-02-17 11:00 - 00001823 _____ C:\Users\Keoryn\Desktop\Torch (3).lnk
2015-06-27 14:49 - 2015-01-30 07:25 - 00000707 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2015-06-27 14:47 - 2015-01-28 08:25 - 00000000 ____D C:\AdwCleaner
2015-06-27 13:13 - 2015-01-10 14:45 - 00000000 _RSHD C:\Backup6271395048
2015-06-27 13:13 - 2015-01-10 14:43 - 00000000 _RSHD C:\Users\Keoryn\Documents\FreeFolderHiderData
2015-06-26 21:04 - 2015-01-10 09:47 - 00000000 ____D C:\Users\Keoryn\AppData\Local\MultiEmailNotifier
2015-06-25 17:30 - 2015-01-09 19:02 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420844539
2015-06-25 17:30 - 2015-01-09 18:51 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-25 14:40 - 2015-01-10 13:16 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\Azureus
2015-06-24 20:59 - 2015-01-17 16:52 - 00000000 ____D C:\Users\Keoryn\AppData\Local\CrashDumps
2015-06-24 07:16 - 2015-01-28 08:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-24 07:04 - 2015-01-30 07:09 - 00000000 ____D C:\ProgramData\WRData
2015-06-24 06:17 - 2015-01-18 22:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-24 00:24 - 2015-01-10 09:32 - 00000000 ____D C:\Users\Keoryn\Desktop\Extracted Things
2015-06-23 23:55 - 2015-01-10 15:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 23:55 - 2015-01-10 15:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 23:55 - 2015-01-10 15:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-23 22:05 - 2015-01-09 21:25 - 00000000 ____D C:\Users\Keoryn\AppData\Roaming\vlc
2015-06-23 08:16 - 2009-07-14 01:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 21:38 - 2015-03-14 12:55 - 00001405 _____ C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2015-06-22 16:40 - 2015-01-09 22:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 21:38 - 2015-01-11 01:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-06-11 23:32 - 2015-01-09 21:01 - 00000000 ____D C:\Users\Keoryn
2015-06-11 23:27 - 2015-01-10 13:30 - 00000000 ____D C:\ProgramData\Unchecky
2015-06-09 14:27 - 2015-02-26 09:41 - 00041040 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-05-31 16:05 - 2015-01-10 03:34 - 00000000 ____D C:\Users\Keoryn\Desktop\Subtitles Folder
 
==================== Files in the root of some directories =======
 
2015-06-28 06:48 - 2015-06-28 06:48 - 1415680 _____ (wj32) C:\Program Files\6IOLU636.exe
2015-06-28 06:53 - 2015-06-28 06:53 - 1415680 _____ (wj32) C:\Program Files\LIFR3FXC.exe
2015-06-24 18:15 - 2015-06-24 18:15 - 1415680 _____ (wj32) C:\Program Files\N28WEKBK.exe
2015-06-28 06:53 - 2015-06-28 06:53 - 1415680 _____ (wj32) C:\Program Files\RLFCIXU3.exe
2015-06-27 13:45 - 2015-06-27 13:45 - 1415680 _____ (wj32) C:\Program Files\SMYVSSJ4.exe
2015-06-28 08:54 - 2015-06-28 08:54 - 1415680 _____ (wj32) C:\Program Files\SP1DPJ74.exe
2015-06-28 08:54 - 2015-06-28 08:54 - 1415680 _____ (wj32) C:\Program Files\T288EK58.exe
2015-04-12 13:29 - 2015-04-12 13:29 - 0003584 _____ () C:\Users\Keoryn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-10 13:07 - 2015-01-10 13:07 - 0000003 _____ () C:\Users\Keoryn\AppData\Local\updater.log
2015-01-10 13:07 - 2015-04-22 14:59 - 0000424 _____ () C:\Users\Keoryn\AppData\Local\UserProducts.xml
2010-11-20 23:24 - 2010-11-20 23:24 - 91131904 ___SH () C:\ProgramData\msitb.exe
 
Files to move or delete:
====================
C:\ProgramData\msitb.exe
 
 
Some files in TEMP:
====================
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-25 06:40
 
==================== End of log ============================
Here is the Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Keoryn at 2015-06-28 09:11:09
Running from C:\Users\Keoryn\Desktop\farbar tool
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2111322326-2708872261-1706214852-500 - Administrator - Disabled)
Guest (S-1-5-21-2111322326-2708872261-1706214852-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2111322326-2708872261-1706214852-1002 - Limited - Enabled)
Keoryn (S-1-5-21-2111322326-2708872261-1706214852-1000 - Administrator - Enabled) => C:\Users\Keoryn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
erLT (x32 Version: 1.12.0117 - Logitech, Inc.) Hidden
FlashGet 1.9.6.1073 (HKLM-x32\...\FlashGet) (Version: 1.9.6.1073 - http://www.FlashGet.com)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
Free Folder Hider 12.03 (HKLM-x32\...\Free Folder Hider_is1) (Version:  - AuoBAUP, Inc.)
Free YouTube Downloader 4.0.312 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
GomezPEER (HKLM-x32\...\GomezPEER) (Version: 3.2 - Compuware Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Keyboard LEDs (HKLM-x32\...\Keyboard LEDs) (Version: 2.7 - KARPOLAN)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.4.2000 - Maxthon International Limited)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniLyrics (HKLM-x32\...\MiniLyrics) (Version: 7.6.44 - Crintsoft)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
Multi Email Notifier (HKLM-x32\...\{5BB696CA-62A5-4EAD-876A-87606CB54874}) (Version: 3.6.2 - G.V. Knowledge Centre Pvt. Ltd.)
Opera Stable 30.0.1835.88 (HKLM-x32\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
PDF To Word Converter V3.1 (HKLM-x32\...\PDF To Word Converter_is1) (Version:  - http://www.PDFWordConverter.net)
PDFMate PDF Converter 1.7.5 (HKLM-x32\...\PDFMate PDF Converter_is1) (Version:  - pdfmate.com)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Songbird 2.2.0 (Build 2453) (HKLM-x32\...\Songbird-release-2453) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedBit Video Downloader (HKLM-x32\...\SPEEDbit Video Downloader) (Version: 1155(build_502) - SPEEDbit Ltd.)
SPMT (HKLM-x32\...\{A2C3A640-2B29-4772-BC76-AA5989FFB532}) (Version: 3.1.0 - SPMT)
Spotify (HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Spotify) (Version: 1.0.7.157.g2a6526f9 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Syncios version 4.1.9 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.1.9 - Anvsoft, Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Torch (HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\...\Torch) (Version: 42.0.0.9757 - Torch Media, Inc)
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
UniPDF 1.2 (HKLM-x32\...\UniPDF) (Version: 1.2 - UniPDF.com)
UsbFix (HKLM-x32\...\Usbfix) (Version: 7.965 - El Desaparecido - www.usbfix.net - www.sosvirus.net)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.88 - Webroot)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
Wise Folder Hider 3.13 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 3.13 - WiseCleaner.com, Inc.)
WizMouse v1.6.0.2 (HKLM-x32\...\WizMouse_is1) (Version:  - Antibody Software)
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-06-28 09:02 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08C3F057-EEAA-4A24-8B4F-8C847CF7D64C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {14F0EC02-E1D8-4A4F-A6FB-2F521E81E2F6} - System32\Tasks\{D0AC6CF4-F6E9-41E1-9976-4D69E32397B2} => D:\MIDTOWN.EXE
Task: {3ED6B355-F2C7-474E-93B7-2013262CC74E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {48AB8B21-E961-4384-96C7-28DBCE83E516} - System32\Tasks\update-S-1-5-21-2111322326-2708872261-1706214852-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {507E5FA8-2553-449C-951C-EC494AE0C4DE} - System32\Tasks\{B228063C-480E-48EC-A034-1B9E672A1B12} => D:\MIDTOWN.EXE
Task: {7532E5E4-A9E5-4C63-A3B8-44F488A588D1} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {94DFF197-49E6-4920-8996-64D4CE4E91B0} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
Task: {A55A6F00-1860-4375-B914-C77E98B9321A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: {A9A307CD-8400-4A37-BA15-514C8A5326DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ACC98FC8-B4F2-42B1-B169-2083D8F0B2FB} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2015-01-09] (Microsoft Corporation)
Task: {BA9F2011-CBE7-4A70-B718-3AA0D79649AB} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-05-17] (Reason Software Company Inc.)
Task: {C669DB00-0295-4918-8D2A-2AC226EF7459} - System32\Tasks\Opera scheduled Autoupdate 1420844539 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {C7E5C26B-E33F-4249-A04E-D3BDA7C0B506} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {DD587CEA-A07E-4302-BB7C-31058EBC2825} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-06-02] (Maxthon International ltd.)
Task: {EB261ECC-2D89-4186-B810-D6C248585B47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2111322326-2708872261-1706214852-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 23:17 - 2010-01-09 23:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 04:40 - 2010-01-21 04:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-03 01:51 - 2013-07-03 01:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2015-01-10 13:05 - 2011-09-30 12:51 - 00121648 _____ () C:\Program Files (x86)\WizMouse\WizMouse.exe
2015-01-17 15:48 - 2014-11-27 14:38 - 00749056 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-06 19:20 - 2015-06-17 16:04 - 41287224 _____ () C:\Users\Keoryn\AppData\Roaming\Spotify\libcef.dll
2015-03-06 19:20 - 2015-06-17 16:04 - 01488440 _____ () C:\Users\Keoryn\AppData\Roaming\Spotify\libglesv2.dll
2015-03-06 19:20 - 2015-06-17 16:04 - 00079928 _____ () C:\Users\Keoryn\AppData\Roaming\Spotify\libegl.dll
2015-03-06 19:20 - 2015-03-20 11:02 - 09305656 _____ () C:\Users\Keoryn\AppData\Roaming\Spotify\pdf.dll
2015-01-17 15:48 - 2014-12-18 16:04 - 00386560 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2015-01-17 15:48 - 2013-03-01 10:30 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2015-01-17 15:48 - 2013-03-01 10:30 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2015-01-17 15:48 - 2014-01-06 11:24 - 00671744 _____ () C:\Program Files (x86)\Syncios\hashab.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-06-22 16:40 - 2015-06-20 01:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 16:40 - 2015-06-20 01:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
AlternateDataStreams: C:\Users\Keoryn\Desktop\wsainstall.exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\bitdefender_tsecurity_Vb9ie0GD1l0LTmJUXsGRuezs1p0.exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\chromeinstall-8u31.exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\Firefox Setup 34.0.5.exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\MiniLyrics.exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\SetPoint6.65.62_smart (2).exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\SUPERAntiSpyware.exe:BDU
AlternateDataStreams: C:\Users\Keoryn\Downloads\wsainstall.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Keoryn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{74EFCE40-028B-4BCA-AA71-69E2C29E8344}] => (Allow) C:\Users\Keoryn\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{6DB86624-C0AA-4AEA-B795-9C7A8A3B7F32}] => (Allow) C:\Users\Keoryn\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{C9098CDF-0C6A-41DB-B428-AB4B1763AC65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D37897EE-0466-458A-B632-63D0DCE804B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5FAC725-BD2F-4555-9712-395BAB175590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B312B951-9539-4B12-B2F2-BEA8A804179A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{666975D7-42A1-42B8-BEDD-7AE1076FBF17}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FC4008B2-07D4-4F81-9B49-0CCCF8BFB6F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB2198D0-31A6-4FD6-AE5F-824AA0CBDB3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E9E6571-EBED-4AEF-8B7A-46B46C7C4DA9}] => (Allow) C:\Users\Keoryn\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{C338F1E5-F4BE-4D81-B112-5E2C373744F1}] => (Allow) C:\Users\Keoryn\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{891CA595-D79D-4406-9298-750F5264E49C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{6ADCB5D8-FE14-45DF-A161-D28B826D5088}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{FAE54FF2-5F96-41A9-B3BD-BAEF48FA456D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{C1820917-609E-4983-AA72-AF1F856952E1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{5F6BC2BC-AD3C-4F18-9163-6B3B61FB87A8}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{A2A55776-6D20-412F-B945-513AB2EC5098}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C5307EFC-EF41-46CB-9A29-0542E7D37A20}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E60187B5-F83D-45BD-BF8C-63EC080052ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A38D5C32-CA39-47B0-A6CF-2DDAB40031DD}] => (Allow) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{282EC9C5-C227-410A-9374-5890AD58C751}] => (Allow) C:\Users\Keoryn\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{C17D8301-8748-4641-BAEF-5089612A5377}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5181987A-F7AF-4777-8BF5-5088A6C9F981}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{99B32C32-2694-479D-A586-73AF72426C21}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FDD23A00-1309-4A69-BE55-1452869919B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2015 09:02:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 08:54:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 08:46:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 07:13:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 06:52:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 06:48:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 10:22:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/27/2015 02:51:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 02:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 01:51:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/28/2015 09:01:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (06/28/2015 09:01:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (06/28/2015 09:01:14 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\athihvs.dll
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Unchecky service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Reason Core Security Engine Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/28/2015 09:01:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Foxit Cloud Safe Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (06/28/2015 09:02:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 08:54:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 08:46:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 07:13:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 06:52:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/28/2015 06:48:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 10:22:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Keoryn\Desktop\Downloads\SoftonicDownloader_para_nero-burning-rom.exe
 
Error: (06/27/2015 02:51:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 02:43:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/27/2015 01:51:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 28%
Total physical RAM: 7916.36 MB
Available physical RAM: 5691.23 MB
Total Pagefile: 15830.9 MB
Available Pagefile: 13264.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:235.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Keoryn's External Hard Drive) (Fixed) (Total:931.48 GB) (Free:414.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5CFCCFF0)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E50AC0CB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 28 June 2015 - 10:21 AM


Your latest Addition text reports that your restore point is still disabled.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

BHO-x32: GrabberObj Class -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll No File
FF Plugin-x32: TorchVLC -> C:\Users\Keoryn\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll No File
FF Extension: No Name - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [not found]
CHR Extension: (No Name) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-06-28]
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
C:\Windows\WiseFs64.sys
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

It looks like the AdwCleaner tool cleaned your system.

Please run a scan with the tool and post the log for my review.

How is the computer running now?

#9 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 28 June 2015 - 10:40 AM

Please run a scan with the tool and post the log for my review.

 

You want me to run a scan with adware cleaner? or what tool?

 

I tried pressing the ''fix'' button of FRST and I got a message that said: Warning: Looks you don't know what to do. To prevent damage to the system, the tool will exit.

 

Here is the screenshot of the message: http://prntscr.com/7mcj5u 


Edited by keorynx, 28 June 2015 - 10:45 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 28 June 2015 - 12:24 PM

CloseProcesses:

BHO-x32: GrabberObj Class -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll No File
FF Plugin-x32: TorchVLC -> C:\Users\Keoryn\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll No File
FF Extension: No Name - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [not found]
CHR Extension: (No Name) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-06-28]
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
C:\Windows\WiseFs64.sys
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Edit the fixlist.txt file you have created with just the entries in the code box above.

Run the fix.

#11 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 28 June 2015 - 12:52 PM

Ok, I edited the fixlist.txt with those codes in the box and then ran the fix and this is the fixlog.txt that it generated:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Keoryn at 2015-06-28 13:42:38 Run:4
Running from C:\Users\Keoryn\Desktop\farbar tool
Loaded Profiles: Keoryn (Available Profiles: Keoryn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
BHO-x32: GrabberObj Class -> {FF7C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll No File
FF Plugin-x32: TorchVLC -> C:\Users\Keoryn\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll No File
FF Extension: No Name - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox [not found]
CHR Extension: (No Name) - C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-06-28]
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [File not signed]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
C:\Windows\WiseFs64.sys
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\TorchVLC" => key removed successfully
C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox not found.
C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel => moved successfully.
WiseFS => Service stopped successfully.
WiseFS => Service removed successfully
KProcessHacker2 => Service stopped successfully.
KProcessHacker2 => Service removed successfully
"C:\Users\Keoryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel" => File/Folder not found.
C:\Windows\WiseFs64.sys => moved successfully.
C:\Users\Keoryn\AppData\Local\Temp\cdo2166552809.dll => moved successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
"HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-2111322326-2708872261-1706214852-1000\Software\Classes\exefile => key not found. 
 
 
The system needed a reboot.. 
 
==== End of Fixlog 13:42:41 ====


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 29 June 2015 - 06:36 AM

Good that worked.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 29 June 2015 - 06:45 AM

what should I do now? my antivirus still doesn't work after I double click it :(



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:03 PM

Posted 29 June 2015 - 07:15 AM

Re install the application.

Keep me posted

#15 keorynx

keorynx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 29 June 2015 - 07:36 AM

It works!!!

 

Thank you so much!!!!!!! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users