Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to remove mystartsearch.com


  • This topic is locked This topic is locked
5 replies to this topic

#1 mrxxx1

mrxxx1

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 19 July 2015 - 10:14 AM

every time i open my browser this website comes up http://www.mystartsearch.com/?type=sc&ts=1437142454&z=1cefa28baaaebe914cda494gbz3c2megbz6o0zeoac&from=cmi&uid=WDCXWD10EZEX-21M2NA0_WCC3F0662194F0662194

 

i have ran Malwarebytes Anti-Malware (Premium) AVG internet security 2015 & Spybot - Search & Destroy all these programs have picked up malware viruses adware etc.. an successfully remove everything BUT not this mystartsearch.com



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 20 July 2015 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running now?
Wait for further instructions.

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:38 PM

Posted 20 July 2015 - 09:19 AM

EDIT: Nadaq was first


Edited by TB-Psychotic, 20 July 2015 - 09:20 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 mrxxx1

mrxxx1
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 20 July 2015 - 05:03 PM

# AdwCleaner v4.208 - Logfile created 20/07/2015 at 16:37:54
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Family - HOME
# Running from : C:\Users\Family\Downloads\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\vghd
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\The AdBlocker
Folder Deleted : C:\ProgramData\5854472071928000823
Folder Deleted : C:\ProgramData\{0af78ef6-54de-f549-0af7-78ef654d3bd9}
Folder Deleted : C:\ProgramData\{2d84f405-eebb-0f83-2d84-4f405eebd017}
Folder Deleted : C:\ProgramData\{30d35a49-1069-b89f-30d3-35a491066924}
Folder Deleted : C:\ProgramData\{39e6f018-915d-9638-39e6-6f018915c062}
Folder Deleted : C:\ProgramData\{65287009-490a-e57d-6528-87009490c025}
Folder Deleted : C:\ProgramData\{857cc437-967f-92e5-857c-cc43796710de}
Folder Deleted : C:\ProgramData\{aa796a64-1733-7294-aa79-96a64173a990}
Folder Deleted : C:\ProgramData\{bca15d4f-15f7-0b0a-bca1-15d4f15f753c}
Folder Deleted : C:\ProgramData\{c37225b2-dff5-71f9-c372-225b2dff96cb}
Folder Deleted : C:\ProgramData\{e1a96a35-5e90-61cc-e1a9-96a355e9a8d5}
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Program Files (x86)\ShowMyPCService
Folder Deleted : C:\Program Files (x86)\TampaGeneration
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Program Files (x86)\TerminusDefender
Folder Deleted : C:\Program Files (x86)\BeStSAveFoRYouu
Folder Deleted : C:\Program Files (x86)\DiGiCooupouN
Folder Deleted : C:\Program Files (x86)\DOwnSavE
Folder Deleted : C:\Program Files (x86)\Fuun2Save
Folder Deleted : C:\Program Files (x86)\PPriCeMinus
Folder Deleted : C:\Program Files (x86)\PProicEiMinus
Folder Deleted : C:\Program Files (x86)\PRicceeMinus
Folder Deleted : C:\Program Files (x86)\SaaleePlus
Folder Deleted : C:\Program Files (x86)\SoftwarePlus
Folder Deleted : C:\Program Files (x86)\SualePllus
Folder Deleted : C:\Program Files (x86)\UniiSales
Folder Deleted : C:\Program Files (x86)\unissaless
Folder Deleted : C:\Users\Family\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Family\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Program Files\FreeFixer
[x] Not Deleted : C:\Program Files\vghd
Folder Deleted : C:\Users\Family\AppData\Local\FreeFixer
Folder Deleted : C:\Users\Family\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\Family\AppData\Local\StormFall
Folder Deleted : C:\Users\Family\AppData\Local\pokki
Folder Deleted : C:\Users\Family\AppData\LocalLow\visi_coupon
Folder Deleted : C:\Users\Family\AppData\LocalLow\YahooCouponAddOn
Folder Deleted : C:\Users\Family\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Family\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\Family\AppData\Roaming\iWin
Folder Deleted : C:\Users\Family\AppData\Roaming\Search Protection
[x] Not Deleted : C:\Users\Family\AppData\Roaming\vghd
Folder Deleted : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
Folder Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\Extensions\g9KnkV@A.edu
Folder Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\Extensions\I7N@XeFJ.edu
Folder Deleted : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\Extensions\iLLD7G@2.org
Folder Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Folder Deleted : C:\ProgramData\dingkmkhgakfcobflmjginadkfknhpdl
Folder Deleted : C:\ProgramData\gcojdohohhcdgnapncomlnbnebkcbocj
Folder Deleted : C:\ProgramData\gjpgafaiifkblpnjinonpfialldoddcj
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : gameo_update
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy.com\Rummy.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy.com\Uninstall Rummy.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rummy.com\Rummy Portable.lnk
Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rummy.com\Uninstall Rummy Portable.lnk
Shortcut Disinfected : C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\2222234f-79e2-ee66-2d1a-c53e4117883c
Key Deleted : HKLM\SOFTWARE\6315EBB8-4968-4AE5-8956-C5CABDE87E54
Key Deleted : HKLM\SOFTWARE\adcc7647-d22d-1aed-1575-29b74a9bf2d0
Key Deleted : HKLM\SOFTWARE\c213372b-d8b2-3b8a-c1ee-dea83bb5efbf
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\searchult
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Astromenda
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\homepage-web.com
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1437142554&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=WDCXWD10EZEX-21M2NA0_WCC3F0662194F0662[...]
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[c8ts1jja.default-1423617873768\prefs.js] - Line Deleted : user_pref("extensions.fDqnGzhZ3B3hGuLJ.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjgFqds7qjCGqHa6rjY4rTCErds\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
 
-\\ Google Chrome v43.0.2357.134
 
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 27A77131FAA2B346DB5ED42C496A056C8ACCB95C0B1F8EC41695E9BC14E87D78"},"software_reporter":{"prompt_reason":"187DDEC6D2C2039D9E454DE9FBC7FD47FD5C585100BA8C38BAEE34DA8C05B24F","prompt_seed":"8DA94DCF40CEDFEA1D075C40E4A6F7D68E7364691203AA1980AC16BA18CCD28A","prompt_version":"5C1E364E1AA0CFA8DA6863346C0525CF8DDD509EE3B79A4BF5BA2CE75ED3ADF5"},"sync":{"remaining_rollback_tries":"2DE0AA287F9CFC359566576B73B82CE7AD3E658CE301E15058B1CBC0C8099A7A"}},"super_mac":"0FC23D62E59E2C3EF159EFA85D3F655A1DC6865790D08AD910BD9C9B6FF8B515"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://www.mystartsearch.com/?type=hp&ts=1437142454&z=1cefa28baaaebe914cda494gbz3c2megbz6o0zeoac&from=cmi&uid=WDCXWD10EZEX-21M2NA0_WCC3F0662194F0662194
 
*************************
 
AdwCleaner[R0].txt - [13772 bytes] - [20/07/2015 16:31:13]
AdwCleaner[S0].txt - [13656 bytes] - [20/07/2015 16:37:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13716  bytes] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Family (administrator) on HOME on 20-07-2015 16:49:42
Running from C:\Users\Family\Desktop
Loaded Profiles: Family (Available Profiles: Family)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
() C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Farbar) C:\Users\Family\Desktop\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13654744 2013-09-30] (Realtek Semiconductor)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-06] (Acer Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1104384 2014-01-21] (Spotify Ltd)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [Facebook Update] => "C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2574080 2015-05-06] (Acer)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [Auto Hide IP] => C:\Program Files (x86)\AutoHideIP\AutoHideIP.exe
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [Hide ALL IP] => "C:\Program Files (x86)\Hide ALL IP\HideAllIP.exe"
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [1406376 2015-06-26] (ExpressVPN)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk [2015-06-20]
ShortcutTarget: Who Is On My Wifi.lnk -> C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe ()
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (1).lnk [2015-01-26]
ShortcutTarget: Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (1).lnk -> C:\ProgramData\{30d35a49-1069-b89f-30d3-35a491066924}\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (1).exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (2).lnk [2015-01-26]
ShortcutTarget: Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (2).lnk -> C:\ProgramData\{857cc437-967f-92e5-857c-cc43796710de}\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (2).exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents.lnk [2015-01-26]
ShortcutTarget: Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents.lnk -> C:\ProgramData\{e1a96a35-5e90-61cc-e1a9-96a355e9a8d5}\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents.exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HL-DT-ST GHB0N Driver.lnk [2015-05-02]
ShortcutTarget: HL-DT-ST GHB0N Driver.lnk -> C:\ProgramData\{0af78ef6-54de-f549-0af7-78ef654d3bd9}\HL-DT-ST GHB0N Driver.exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2015-05-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Trash Keys Finder 3.9.2.0 Full.lnk [2015-01-15]
ShortcutTarget: Registry Trash Keys Finder 3.9.2.0 Full.lnk -> C:\ProgramData\{2d84f405-eebb-0f83-2d84-4f405eebd017}\Registry Trash Keys Finder 3.9.2.0 Full.exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sevenzip-setup-rx.lnk [2015-04-20]
ShortcutTarget: sevenzip-setup-rx.lnk -> C:\ProgramData\{c37225b2-dff5-71f9-c372-225b2dff96cb}\sevenzip-setup-rx.exe (No File)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-12] (Acer Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {93FED9AE-45AD-4582-A7CF-BFC91B65526D} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{08D6B42E-137B-46EC-BD37-56E0C2A66CD8}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{A53B8FF3-9431-4AFB-93EE-2C36BC0A5B1F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{F7D0A7F7-5876-4B87-B325-F7599B47DCA3}: [DhcpNameServer] 71.10.216.1 71.10.216.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2013-07-15] ( )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-4061471432-1510629354-1952062893-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-4061471432-1510629354-1952062893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-06] (Apple Inc.)
FF Extension: Default SearchProtected  - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\Extensions\defsearchp@gmail.com [2015-07-17]
FF Extension: Video AdBlock for Firefox - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\Extensions\{a00bef25-f21a-4539-adbb-b179b29e2b92} [2015-07-17]
FF Extension: Adblock Plus - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\extensions\defsearchp@gmail.com
FF Extension: No Name - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\extensions\sweetsearch@gmail.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-28]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (JunkFill) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\cajejbcjfkhgmfbapmhopccephhjedeb [2015-05-28]
CHR Extension: (Ebates Cash Back) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-05-29]
CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (AdBlock) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-29]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-06-20]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Family\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-17]
CHR HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - Chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1528432 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-05] (Acer Incorporated)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [222168 2013-01-29] (Soluto)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [295400 2015-06-15] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-28] (Disc Soft Ltd)
R0 fixustor; C:\Windows\System32\DRIVERS\fixustor.sys [52408 2015-05-02] (Genesys Logic)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)
R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 16:49 - 2015-07-20 16:50 - 00028068 _____ C:\Users\Family\Desktop\FRST.txt
2015-07-20 16:49 - 2015-07-20 16:50 - 00000000 ____D C:\FRST
2015-07-20 16:47 - 2015-07-20 16:47 - 00013817 _____ C:\Users\Family\Desktop\AdwCleaner[S0].txt
2015-07-20 16:44 - 2015-07-20 16:44 - 02135552 _____ (Farbar) C:\Users\Family\Desktop\FRST64 (1).exe
2015-07-20 16:30 - 2015-07-20 16:39 - 00000000 ____D C:\AdwCleaner
2015-07-20 16:30 - 2015-07-20 16:30 - 02135552 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2015-07-20 16:26 - 2015-07-20 16:26 - 02248704 _____ C:\Users\Family\Downloads\adwcleaner_4.208.exe
2015-07-20 16:21 - 2015-07-20 16:21 - 02248704 _____ C:\Users\Family\Downloads\A8A9.tmp
2015-07-20 09:26 - 2015-07-20 09:26 - 00001688 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-20 09:26 - 2015-07-20 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-20 09:26 - 2015-07-20 09:26 - 00000000 ____D C:\Program Files\iPod
2015-07-20 09:26 - 2015-07-20 09:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-20 09:25 - 2015-07-20 09:26 - 00000000 ____D C:\Program Files\iTunes
2015-07-18 09:57 - 2015-07-18 09:57 - 00000000 _____ C:\autoexec.bat
2015-07-18 09:55 - 2015-07-18 09:55 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Family\Downloads\SpyHunter-Installer.exe
2015-07-17 15:04 - 2015-07-17 15:04 - 00028055 _____ C:\Users\Family\Downloads\[kickass.proxyindex.net]harry.potter.complete.series.1.7.torrent
2015-07-17 13:28 - 2015-07-17 13:28 - 00000000 ____D C:\ProgramData\TEMP
2015-07-17 09:15 - 2015-07-17 09:15 - 00000000 _____ C:\Windows\prleth.sys
2015-07-17 09:15 - 2015-07-17 09:15 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-17 08:52 - 2015-07-18 15:55 - 00000000 ____D C:\Users\Family\AppData\Roaming\uTorrent
2015-07-17 08:52 - 2015-07-17 08:52 - 00000898 _____ C:\Users\Family\Desktop\µTorrent.lnk
2015-07-17 08:52 - 2015-07-17 08:52 - 00000878 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-07-17 08:51 - 2015-07-17 08:52 - 01996896 _____ (BitTorrent Inc.) C:\Users\Family\Downloads\uTorrent.exe
2015-07-17 08:42 - 2015-06-28 19:54 - 00451543 ____R C:\Windows\system32\Drivers\etc\hp.bak
2015-07-17 08:37 - 2015-07-17 08:51 - 00000000 ____D C:\Program Files (x86)\uTorrentPro 3.4.3 (build 40633)
2015-07-16 16:43 - 2015-07-16 16:43 - 00057325 _____ C:\Users\Family\Downloads\[kat.cr]blow.2001.dvdrip.eng.missripz.torrent
2015-07-16 16:07 - 2015-07-16 16:07 - 00089050 _____ C:\Users\Family\Downloads\Terminator.TrilogyDvDrip.aXXo.1000404.seventorrents.com.torrent
2015-07-16 16:05 - 2015-07-16 16:05 - 00016033 _____ C:\Users\Family\Downloads\[kickass.proxyindex.net]terminator.salvation.2009.720p.dc.brrip.xvid.ac3.vision.avi.torrent
2015-07-16 16:01 - 2015-07-16 16:01 - 00025817 _____ C:\Users\Family\Downloads\Terminator Anthology (1984-2009) 1080p BluRay x264 Dual Audio [English 5.1 + Hindi 2.0 + 5.1] - TBI ---[www.bts.to]--- .torrent
2015-07-16 15:56 - 2015-07-16 15:56 - 00026833 _____ C:\Users\Family\Downloads\The_Terminator_Trilogy_All_Extras-(demonoid.pw).TORRENT
2015-07-16 11:28 - 2015-07-16 11:28 - 00016506 _____ C:\Users\Family\Downloads\Night.at.the.Museum.Secret.of.the.Tomb.2014.BRRip.XviD.AC3.EVO.1079456.seventorrents.com.torrent
2015-07-15 11:39 - 2015-07-15 11:39 - 00028656 _____ C:\Users\Family\Downloads\Terminator+Genisys+1080p+WEB-DL+DD5+1+H264-RARBG.torrent
2015-07-15 08:09 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 08:09 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 08:09 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 08:09 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 08:09 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 08:09 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 08:09 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 08:09 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 08:04 - 2015-07-09 14:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 08:04 - 2015-07-09 13:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 08:04 - 2015-07-09 11:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 08:04 - 2015-07-09 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 08:04 - 2015-07-09 10:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 08:04 - 2015-07-09 10:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-15 08:04 - 2015-07-09 10:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 08:04 - 2015-07-09 10:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 08:04 - 2015-07-09 10:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 08:04 - 2015-07-09 10:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 08:04 - 2015-07-09 10:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 08:04 - 2015-07-09 10:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 08:04 - 2015-07-09 10:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 08:04 - 2015-06-28 00:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 08:04 - 2015-06-28 00:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 08:04 - 2015-06-28 00:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 08:04 - 2015-06-28 00:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 08:04 - 2015-06-27 11:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 08:04 - 2015-06-26 22:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 08:04 - 2015-06-26 22:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 08:04 - 2015-06-26 22:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 08:04 - 2015-06-26 22:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 08:04 - 2015-06-26 22:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 08:04 - 2015-06-26 21:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-15 08:04 - 2015-06-26 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 08:04 - 2015-06-26 21:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 08:04 - 2015-06-26 21:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 08:04 - 2015-06-26 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-15 08:04 - 2015-06-26 20:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 08:04 - 2015-06-24 21:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 08:04 - 2015-04-29 18:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-15 08:03 - 2015-07-03 08:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 08:03 - 2015-07-03 08:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 08:03 - 2015-07-03 08:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 08:03 - 2015-07-03 08:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 08:03 - 2015-07-01 17:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 08:03 - 2015-07-01 16:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 08:03 - 2015-06-29 17:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 08:03 - 2015-06-29 10:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 08:03 - 2015-06-29 10:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 08:03 - 2015-06-29 10:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 08:03 - 2015-06-29 10:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 08:03 - 2015-06-29 10:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 08:03 - 2015-06-26 18:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 08:03 - 2015-06-26 18:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 08:03 - 2015-06-15 17:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 08:03 - 2015-06-15 17:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 08:03 - 2015-06-15 17:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 08:03 - 2015-06-15 17:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 08:03 - 2015-06-15 17:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 08:03 - 2015-06-15 17:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 08:03 - 2015-06-15 17:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-15 08:03 - 2015-06-15 16:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 08:03 - 2015-06-15 16:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 08:03 - 2015-06-15 16:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-15 08:03 - 2015-06-15 16:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 08:03 - 2015-06-15 16:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 08:03 - 2015-06-15 16:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-15 08:03 - 2015-06-15 16:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 08:03 - 2015-06-15 16:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 08:03 - 2015-06-15 16:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-15 08:03 - 2015-06-15 16:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 08:03 - 2015-06-15 16:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 08:03 - 2015-06-15 16:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 08:03 - 2015-06-15 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 08:03 - 2015-06-15 16:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 08:03 - 2015-06-15 16:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 08:03 - 2015-06-15 16:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 08:03 - 2015-06-15 15:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 08:03 - 2015-06-15 15:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 08:03 - 2015-06-15 15:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-15 08:03 - 2015-06-15 15:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 08:03 - 2015-06-15 15:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 08:03 - 2015-06-15 15:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-15 08:03 - 2015-06-15 15:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 08:03 - 2015-06-15 15:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-15 08:03 - 2015-06-15 15:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-15 08:03 - 2015-06-15 15:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 08:03 - 2015-06-15 15:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 08:03 - 2015-06-15 15:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 08:03 - 2015-06-15 15:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-15 08:03 - 2015-06-15 15:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 08:03 - 2015-06-15 15:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 08:03 - 2015-06-15 14:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 08:03 - 2015-05-30 16:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-15 08:03 - 2015-05-30 14:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-15 08:03 - 2015-05-30 14:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-15 08:03 - 2015-05-11 13:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-15 08:03 - 2015-05-07 12:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-15 08:03 - 2015-05-07 12:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-15 08:03 - 2015-05-07 11:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-15 08:03 - 2015-05-07 11:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-15 08:03 - 2015-05-07 10:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-15 08:03 - 2015-05-07 10:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-15 08:03 - 2015-05-03 10:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 08:03 - 2015-05-03 09:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 08:03 - 2015-05-03 09:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-15 08:03 - 2015-05-03 09:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-15 08:03 - 2015-05-02 19:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-15 08:03 - 2015-04-24 21:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-15 08:03 - 2014-11-04 14:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-15 08:03 - 2014-11-04 14:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-15 08:03 - 2014-11-04 01:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-15 08:03 - 2014-11-04 01:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-15 08:03 - 2014-11-04 01:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-15 08:03 - 2014-11-04 01:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-15 08:01 - 2015-06-16 00:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 08:01 - 2015-06-16 00:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 08:01 - 2015-06-10 22:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 08:01 - 2015-06-10 11:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 08:01 - 2015-05-12 08:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-15 08:01 - 2015-05-01 18:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-15 08:01 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-15 08:01 - 2015-04-28 08:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-15 08:00 - 2015-05-11 11:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-15 08:00 - 2015-05-03 10:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-15 08:00 - 2015-05-03 09:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 07:59 - 2015-05-07 11:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-15 07:58 - 2015-04-23 10:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-15 07:58 - 2015-04-23 10:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-14 20:43 - 2015-07-14 20:43 - 00033568 _____ C:\Users\Family\Downloads\Terminator Genisys (2015) 720p BluRay x264 YIFY.torrent
2015-07-14 11:22 - 2015-07-14 11:22 - 00000125 _____ C:\Users\Family\Desktop\youtube.txt
2015-07-13 21:00 - 2015-07-13 21:01 - 00000000 ____D C:\Users\Family\Documents\EncryptStick lite
2015-07-13 15:16 - 2015-07-13 15:16 - 00129355 _____ C:\Users\Family\Downloads\C5A307C62078E929F98E4E254A69BC52F98FFBDE.torrent
2015-07-13 15:13 - 2015-07-13 15:13 - 00016558 _____ C:\Users\Family\Downloads\F70267776BBB12DBC54650250F0EFA86CDF23833.torrent
2015-07-13 11:29 - 2015-07-13 11:29 - 00003790 _____ C:\Windows\System32\Tasks\klcp_update
2015-07-13 11:28 - 2015-07-13 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-07-13 11:28 - 2015-07-13 11:28 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2015-07-13 10:52 - 2015-07-13 10:52 - 00033064 _____ C:\Users\Family\Downloads\Terminator Genisys 2015.torrent
2015-07-13 10:52 - 2015-07-13 10:52 - 00033064 _____ C:\Users\Family\Downloads\Terminator Genisys 2015 (1).torrent
2015-07-12 20:37 - 2015-07-12 23:16 - 1762673246 ____R C:\Users\Family\Desktop\Get.Hard.2015.1080p.BluRay.x264.YIFY.mp4
2015-07-12 20:36 - 2015-07-12 20:36 - 00017571 _____ C:\Users\Family\Downloads\a49552_Get Hard (2015) [1080p] YIFY - YTS.torrent
2015-07-12 18:30 - 2015-07-12 18:30 - 00138919 _____ C:\Users\Family\Downloads\Terminator Genisys 2015 HD-TS XVID AC3 HQ Hive-CM8 ---[www.bts.to]--- .torrent
2015-07-12 18:26 - 2015-07-12 18:26 - 00151962 _____ C:\Users\Family\Downloads\F46E8C10B4C9AB0EB4A25108D9E6727BD5EDE7A7.torrent
2015-07-11 12:50 - 2015-07-11 12:50 - 00000000 ____D C:\Users\Family\AppData\Local\ExpressVPN
2015-07-11 12:46 - 2015-07-11 12:46 - 00001942 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2015-07-11 12:46 - 2015-07-11 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2015-07-11 12:46 - 2015-07-11 12:46 - 00000000 ____D C:\ProgramData\ExpressVPN
2015-07-11 12:46 - 2015-07-11 12:46 - 00000000 ____D C:\Program Files (x86)\ExpressVPN
2015-07-11 12:44 - 2015-07-11 12:44 - 08251240 _____ (ExpressVPN) C:\Users\Family\Documents\expressvpn_4.0.4.234.exe
2015-07-11 12:42 - 2015-07-11 12:43 - 00000156 _____ C:\Users\Family\Desktop\express-vpn.txt
2015-07-11 12:17 - 2015-07-11 12:17 - 00000000 ____D C:\Users\Family\AppData\Roaming\Hide.me
2015-07-09 17:39 - 2015-07-09 17:39 - 20935653 _____ C:\Users\Family\Desktop\Nelly-Country-Grammar-Hot.mp4
2015-07-09 15:49 - 2015-07-17 07:12 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-07-09 15:49 - 2015-07-11 09:25 - 00000000 ____D C:\Program Files\TAP-Windows
2015-07-09 10:44 - 2015-07-09 10:44 - 00000105 _____ C:\Users\Family\Desktop\pc info.txt
2015-07-09 10:31 - 2015-07-09 10:31 - 27410968 _____ (OpenVPN Technologies) C:\Users\Family\Downloads\privatetunnel-win-2.4.exe
2015-07-09 09:04 - 2015-07-09 09:04 - 00000232 _____ C:\Users\Family\Downloads\MPN USA.ovpn
2015-07-09 07:59 - 2015-07-09 08:00 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\Family\Downloads\CG_5.0.15.14 (1).exe
2015-07-09 07:58 - 2015-07-09 07:58 - 00000266 _____ C:\Users\Family\Documents\cyberghostvpn.txt
2015-07-09 07:47 - 2015-07-09 07:48 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\Family\Downloads\CG_5.0.15.14.exe
2015-07-08 12:33 - 2015-07-08 12:33 - 00025629 _____ C:\Users\Family\Downloads\Paul.Blart.Mall.Cops.2.2015.BRRip.XviD.MP3-RARBG.torrent
2015-07-08 12:30 - 2015-07-08 12:30 - 00015437 _____ C:\Users\Family\Downloads\8d6e40_Paul Blart Mall Cop 2 (2015) [1080p] YIFY - YTS.torrent
2015-07-08 12:28 - 2015-07-08 12:28 - 00121203 _____ C:\Users\Family\Downloads\a6ce15_[kat.cr]english.minions.2015.hd.ts.xvid.ac3.hq.hive.cm8.torrent
2015-07-08 12:27 - 2015-07-08 12:27 - 00015412 _____ C:\Users\Family\Downloads\685c82_DoctorAdventures - Britney Amber - The Nuru Nurse-[rarbg.com].torrent
2015-07-08 12:26 - 2015-07-08 12:26 - 00019904 _____ C:\Users\Family\Downloads\8aa035_Teachers 2 2015 XXX WEB-DL SPLIT SCENES-[rarbg.com].torrent
2015-07-08 12:23 - 2015-07-08 12:23 - 00006896 _____ C:\Users\Family\Downloads\fd03e3_TeenCurves - Kelsi Monroe 4 july 2015 mp4-[rarbg.com].torrent
2015-07-06 13:11 - 2015-07-06 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-03 20:02 - 2015-07-03 20:02 - 00000048 _____ C:\Users\Family\Documents\opy smith hotmail acct.txt
2015-07-03 12:26 - 2015-07-03 15:05 - 00000000 ____D C:\Users\Family\Desktop\New Music mp3s
2015-07-03 09:20 - 2015-07-03 09:51 - 00000049 _____ C:\Users\Family\Documents\bluebird old number.txt
2015-06-29 15:03 - 2015-06-29 15:05 - 00000000 ____D C:\Users\Family\Documents\Reduced MP3
2015-06-29 15:03 - 2015-06-29 15:03 - 00001259 _____ C:\Users\Family\Desktop\MP3 Bitrate Changer.lnk
2015-06-29 15:03 - 2015-06-29 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-06-29 15:03 - 2015-06-29 15:03 - 00000000 ____D C:\Program Files (x86)\MP3 Bitrate Changer
2015-06-29 15:03 - 2009-03-07 22:52 - 00832512 _____ () C:\Windows\SysWOW64\MobacXPro.dll
2015-06-29 15:03 - 2008-05-09 12:57 - 00000431 _____ C:\Windows\SysWOW64\MobacXPro.lic
2015-06-29 15:03 - 2005-11-05 14:31 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll
2015-06-29 15:03 - 2005-10-07 16:23 - 00266240 _____ (Namtuk.com) C:\Windows\SysWOW64\MyCommandButton.ocx
2015-06-29 15:03 - 2003-06-06 12:21 - 00081920 _____ (eSellerate Inc.) C:\Windows\SysWOW64\eSellerateControl350.dll
2015-06-29 15:03 - 2002-12-20 16:02 - 01077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-06-29 15:03 - 2000-05-22 18:58 - 00140488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2015-06-29 15:02 - 2015-06-29 15:02 - 03402126 _____ (Pianosoft ) C:\Users\Family\Downloads\mp3btr15.exe
2015-06-29 09:45 - 2015-06-29 09:45 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-29 09:23 - 2015-06-29 09:23 - 00000866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-28 19:54 - 2015-02-12 15:51 - 00451543 ____R C:\Windows\system32\Drivers\etc\hosts.20150628-195454.backup
2015-06-28 09:22 - 2015-06-28 09:24 - 00000000 ____D C:\Users\Family\Desktop\Music Videos  BassBosst
2015-06-27 22:22 - 2015-06-27 22:22 - 00000509 _____ C:\Users\Family\Documents\Backup-codes-mrrxxxx02.txt
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-24 09:50 - 2015-06-24 09:50 - 00000000 ____D C:\ProgramData\Pianosoft
2015-06-21 09:04 - 2015-07-11 12:08 - 00000000 ____D C:\Program Files (x86)\hide.me VPN
2015-06-21 09:04 - 2015-06-21 09:04 - 00002702 _____ C:\Windows\System32\Tasks\arp_flush
2015-06-20 16:41 - 2015-07-20 16:49 - 00000000 ____D C:\wifidata
2015-06-20 16:39 - 2015-06-20 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Who Is On My Wifi
2015-06-20 16:39 - 2015-06-20 16:39 - 00000000 ____D C:\Program Files (x86)\IO3O LLC
2015-06-20 15:09 - 2015-06-20 15:09 - 01866022 _____ C:\Users\Family\Documents\Whos on my WIFI.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 16:51 - 2014-01-21 10:13 - 02038925 _____ C:\Windows\WindowsUpdate.log
2015-07-20 16:49 - 2014-04-22 13:55 - 00000000 ____D C:\ProgramData\MFAData
2015-07-20 16:47 - 2014-04-22 13:38 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4061471432-1510629354-1952062893-1001
2015-07-20 16:44 - 2014-04-22 18:54 - 00000000 ___DO C:\Users\Family\SkyDrive
2015-07-20 16:42 - 2014-10-15 12:43 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-20 16:42 - 2014-04-22 13:41 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 16:42 - 2013-08-22 09:46 - 00063907 _____ C:\Windows\setupact.log
2015-07-20 16:42 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 16:41 - 2013-12-19 22:55 - 00412746 _____ C:\Windows\PFRO.log
2015-07-20 16:41 - 2013-08-22 08:25 - 00786432 ___SH C:\Windows\system32\config\BBI
2015-07-20 16:38 - 2015-05-28 17:15 - 00001274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-20 16:38 - 2015-05-28 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 16:38 - 2014-11-12 11:12 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-20 16:38 - 2014-05-05 12:04 - 00000000 ___RD C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rummy.com
2015-07-20 16:38 - 2014-05-05 11:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy.com
2015-07-20 16:38 - 2014-04-22 13:33 - 00001007 _____ C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-20 16:10 - 2014-04-22 13:41 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 16:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-20 15:58 - 2014-11-12 11:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 14:44 - 2014-04-28 15:24 - 00000942 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061471432-1510629354-1952062893-1001UA.job
2015-07-20 12:57 - 2014-04-22 13:38 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9963F9F6-F8E2-47EF-B229-CBE79A903B6D}
2015-07-20 11:40 - 2015-05-19 07:57 - 00000000 ____D C:\Users\Family\AppData\Local\FullTiltPoker
2015-07-20 11:40 - 2015-05-19 07:54 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker
2015-07-20 10:49 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-20 09:25 - 2014-09-29 15:59 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 20:44 - 2014-04-28 15:24 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061471432-1510629354-1952062893-1001Core.job
2015-07-19 10:52 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-07-18 21:20 - 2014-04-24 10:56 - 00000000 ____D C:\Users\Family\Mobile Uploads
2015-07-18 12:46 - 2015-04-04 07:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-18 12:46 - 2015-04-04 07:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-18 12:46 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-18 10:42 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\TAPI
2015-07-17 17:07 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-07-17 15:45 - 2014-04-22 18:35 - 07968256 ___SH C:\Users\Family\Desktop\Thumbs.db
2015-07-17 10:06 - 2014-09-01 16:14 - 00408064 ___SH C:\Users\Family\Documents\Thumbs.db
2015-07-17 08:42 - 2014-09-28 12:28 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-17 07:11 - 2014-06-17 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-17 07:08 - 2014-05-19 17:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-17 06:42 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-16 20:45 - 2013-12-19 23:01 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-16 10:06 - 2013-08-22 09:44 - 00347080 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 23:26 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-07-15 23:25 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-15 19:05 - 2014-04-22 13:41 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 19:05 - 2014-04-22 13:41 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 10:08 - 2014-11-12 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-15 08:22 - 2014-12-10 20:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 08:22 - 2014-07-09 20:28 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 08:22 - 2014-04-25 22:12 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 11:58 - 2014-11-12 11:17 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 09:57 - 2014-09-28 12:30 - 00000864 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-07-14 09:57 - 2014-07-03 21:34 - 00001971 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-07-14 09:57 - 2014-07-03 21:34 - 00000260 _____ C:\Windows\SysWOW64\usergui.cfg
2015-07-14 09:57 - 2014-04-22 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-13 16:10 - 2014-04-30 08:24 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 16:10 - 2014-04-30 08:24 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 10:20 - 2014-04-22 14:57 - 00224768 ___SH C:\Users\Family\Downloads\Thumbs.db
2015-07-12 09:16 - 2014-08-16 16:52 - 00000060 _____ C:\Users\Family\Documents\WPS.txt
2015-07-11 12:45 - 2014-08-14 13:21 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-10 09:01 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-09 10:07 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\tracing
2015-07-09 09:47 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\ias
2015-07-09 09:43 - 2015-05-28 10:06 - 00000000 ____D C:\Program Files (x86)\WinISO Computing
2015-07-09 07:51 - 2014-04-22 13:33 - 00000000 ____D C:\Users\Family\AppData\Local\VirtualStore
2015-07-06 13:23 - 2015-04-28 11:12 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-06 13:12 - 2014-05-03 19:53 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-03 08:43 - 2014-04-25 22:12 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-27 23:54 - 2014-04-22 13:32 - 00000000 ____D C:\Users\Family
2015-06-24 10:20 - 2014-10-14 11:50 - 00000000 ____D C:\Users\Family\Documents\rigntones
2015-06-24 09:49 - 2015-02-10 19:43 - 00000000 __SHD C:\Users\Family\AppData\Local\EmieBrowserModeList
2015-06-24 09:49 - 2014-05-01 21:29 - 00000000 __SHD C:\Users\Family\AppData\Local\EmieUserList
2015-06-24 09:49 - 2014-05-01 21:29 - 00000000 __SHD C:\Users\Family\AppData\Local\EmieSiteList
2015-06-23 08:15 - 2015-03-23 19:47 - 00001082 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-23 08:15 - 2014-10-15 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-23 08:15 - 2014-10-15 12:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-23 07:21 - 2014-02-27 11:52 - 01391219 _____ C:\Users\Family\Documents\FVD_Video_Downloader_5_6_5.crx
 
==================== Files in the root of some directories =======
 
2014-05-03 13:18 - 2014-05-03 13:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-04-22 13:46 - 2014-04-22 13:46 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\Family\AppData\Local\Temp\HssInstaller.exe
C:\Users\Family\AppData\Local\Temp\Quarantine.exe
C:\Users\Family\AppData\Local\Temp\sqlite3.dll
C:\Users\Family\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-17 11:19
 
==================== End of log ============================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Family at 2015-07-20 16:54:24
Running from C:\Users\Family\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4061471432-1510629354-1952062893-500 - Administrator - Disabled)
Family (S-1-5-21-4061471432-1510629354-1952062893-1001 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-4061471432-1510629354-1952062893-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4061471432-1510629354-1952062893-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2001 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8102 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Any Video Converter 5.5.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.2.533 - Online Media Technologies Ltd.)
Big City Adventure 8 - Rio de Janeiro Classic Edition (HKLM-x32\...\Big City Adventure 8 - Rio de Janeiro Classic EditionFinal) (Version: Final - Game-Owl.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{5303CFB5-D635-44F0-A94B-9611E81F07C4}) (Version: 8.3.0.1471 - TechSmith Corporation)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3323.57 - CyberLink Corp.)
Driver Robot (HKLM-x32\...\{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1) (Version:  - Blitware Technology Inc.)
Driver Updater (HKLM-x32\...\Driver Updater_is1) (Version:  - driverlibs.com)
DVD Firmwares and Drivers 2.1.0.0 (HKLM-x32\...\DVD Firmwares and Drivers_is1) (Version:  - Sakysoft s.r.l.)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ExpressVPN (HKLM-x32\...\{b8cbd5a2-b525-4594-9eb3-6a6d8ccc5992}) (Version: 4.0.4.234 - ExpressVPN)
ExpressVPN (x32 Version: 4.0.4.234 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.32.3.WIN.FullTilt.COM - )
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
GameDesire-Poker (HKLM-x32\...\GameDesire-Poker) (Version:  - )
GEAR driver installer 4.021.1 (HKLM-x32\...\{872C52AE-306E-4A0A-8544-CB3388F1F13B}) (Version: 4.021.1 - GEAR Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hidden Object - Home Makeover (HKLM-x32\...\Hidden Object - Home MakeoverFinal) (Version: Final - AllSmartGames)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8101 - Acer Incorporated)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Quest - The Sapphire Dragon (HKLM-x32\...\Jewel Quest - The Sapphire Dragon1.0) (Version: 1.0 - Foxy Games)
Jewel Quest III (HKLM-x32\...\Jewel Quest III) (Version: 1.0.6.0 - GameHouse, Inc.)
Jewel Quest Solitaire II (HKLM-x32\...\Jewel Quest Solitaire II_is1) (Version:  - )
K-Lite Codec Pack 11.2.8 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.8 - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MP3 Bitrate Changer 1.4 (HKLM-x32\...\MP3 Bitrate Changer_is1) (Version:  - Pianosoft)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21033}) (Version: 7.03.1357 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
PAC-MAN Championship Edition DX+ 1.0 (HKLM-x32\...\PAC-MAN Championship Edition DX+ 1.0) (Version: 1.0 - Cat-A-Cat)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
RegTweaker (HKLM-x32\...\RegTweaker) (Version: 3.2.2 - RegTweaker)
ShortKeys Lite (HKLM-x32\...\ShortKeys Lite) (Version: 2.3.2.1 - Insight Software Solutions, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Soluto (HKLM\...\{A40888FC-B545-46F3-8628-6AE98C1C75C6}) (Version: 1.3.1193.1 - Soluto)
Sothink Video Converter (HKLM-x32\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Download Capture V4.7.1 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.7.1 - Apowersoft)
Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Who Is On My Wifi version 2.2.0 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 2.2.0 - IO3O LLC)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wizard101 (HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
15-07-2015 08:04:56 Windows Update
18-07-2015 12:44:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-06-28 19:54 - 00451543 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {16C1CC6E-8A73-4E96-AA62-EADE25FE7ACB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
Task: {226F53E4-9996-4660-A78F-EE9AFB2B508E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {405E19BB-7CEE-41FB-9522-FD0784C57075} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-08-22] (Acer Incorporated)
Task: {456D28E0-1707-4B28-9056-5EBA97CA751A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {471AB3E5-CD64-46F9-8D2E-6EAAA95DB512} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-07-13] ()
Task: {5D8A47DB-C9B6-4C95-A8D1-9B3E3B35644C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6307126F-D9F2-45ED-B45E-16481D40EC97} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {86B89620-18E4-4460-84A2-D52F9A8A0E30} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4061471432-1510629354-1952062893-1001Core => C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {8E8311B5-FB7B-4C51-8F47-A05A99B972D2} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-05-06] (Acer)
Task: {93FB0872-A3D0-4927-BDAD-2E2DDF6DD2B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {957E50AB-2B47-4602-872D-07A158FCA853} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {98B851EB-83D1-4A54-9B49-01EC25B4EE03} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4061471432-1510629354-1952062893-1001UA => C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B0758E77-1D81-4D63-B456-99D6BEDECBCA} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk [2015-05-02] ()
Task: {C8EAB3A7-89F6-406B-969B-A3BEC17AD24B} - \avabvbxvh No Task File <==== ATTENTION
Task: {F0292F80-97E8-455A-A581-9E8865945E0E} - System32\Tasks\{80D24F0A-35BD-46F4-86CB-38BDA0C5247E} => pcalua.exe -a C:\Users\Family\Downloads\vbrun60sp5.exe -d C:\Users\Family\Downloads
Task: {F06B5F8D-40C6-45DB-B33C-2F1C3EF39813} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {F06BA1A7-FC06-4301-9928-9E23F3FEBF35} - System32\Tasks\arp_flush => C:\Program Files (x86)\hide.me VPN\FlushArpCache.exe
Task: {F899F4D9-236C-4DC7-9049-B778B988634B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {FE322D35-DCA1-4050-A62F-39D175DCB5D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061471432-1510629354-1952062893-1001Core.job => C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061471432-1510629354-1952062893-1001UA.job => C:\Users\Family\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-29 15:28 - 2013-01-29 15:28 - 00109024 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2015-04-28 19:18 - 2015-04-28 19:18 - 00331264 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2015-06-26 16:59 - 2015-06-26 16:59 - 06268840 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2015-03-17 13:43 - 2015-03-17 13:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll
2015-03-17 14:15 - 2015-03-17 14:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2013-01-29 15:28 - 2013-01-29 15:28 - 00109024 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-01-29 15:28 - 2013-01-29 15:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2014-10-17 10:44 - 2014-10-17 10:44 - 00101376 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Management\5638c05aebdbb990686165fb14eb3c88\Windows.Management.ni.dll
2014-10-17 10:45 - 2014-10-17 10:45 - 01782784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-10-17 10:45 - 2014-10-17 10:45 - 00207872 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2014-10-17 10:44 - 2014-10-17 10:44 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2015-06-20 16:39 - 2013-10-01 11:15 - 00461312 _____ () C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe
2014-01-21 10:50 - 2013-07-30 21:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-07-14 12:07 - 2015-07-13 16:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 12:07 - 2015-07-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-06-20 16:39 - 2012-06-27 07:18 - 00839680 _____ () C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\System.Data.SQLite.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00641792 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-05-08 10:41 - 2015-05-08 10:41 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-05-12 07:43 - 2015-05-12 07:43 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-05-06 10:08 - 2015-05-06 10:08 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-05-06 10:06 - 2015-05-06 10:06 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-05-06 16:04 - 2015-05-06 16:04 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Family\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\Desktop\11403144_10153074690028195_6191643708264986285_n.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "FAHConsole"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1F100328-2EF3-46B5-B330-A53C2433830C}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F5F0C90D-AFD6-45AD-8B3D-044AE3BD45A5}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{81ABF029-79EF-4EEB-8F21-47794ADB92E3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E225FBDA-09E8-448B-945D-33B5D7521E53}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E239CD2D-48F7-40E3-A5F4-AB8662C5F0F1}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A9B53C14-F124-4D6B-AC5C-5081DEF009DC}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{1F30576D-0BB2-43CE-B458-A777E2181AA3}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D8399777-86BC-4B97-9449-9DFAE268F435}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{EF31D5CC-08EC-4B1E-8A78-303855BD8018}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{8BAB0500-C613-49FB-9815-049B0CF92C74}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{0B8343BF-F444-434B-8BF6-DE38E0C07380}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{E329D271-BF94-457D-AA54-B71B1558EABE}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{A6CEFF3D-3F6B-4E51-ACE9-A37A81877020}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{A1049556-1EB7-43CD-8D7F-3F1DBBEC214C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{53DC1B6B-EFDF-47A7-B05F-7468F22685D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{18FD57AB-5B29-43ED-8045-ABC13699AD61}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{C3BBE717-90BC-498A-840F-F525DCD63B8F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{9687C083-23B6-4FE1-88CD-928272D3AE66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{BE71FD41-432D-4F98-8C8A-C3B05F49FAD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{435231F5-69F0-4C14-B73C-8887D8B3BF90}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{8C212240-B989-471E-90FE-418BC9FB9ACB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{D7D5AB01-4F16-4B78-9315-84B8ACB1A7DD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{0CCE169A-E203-4CE1-8B09-BDAC6B12DE9A}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{62686FEF-C357-405C-B982-FCB3CE249AC7}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{B6BC0973-0B85-4C34-B8CF-6ED1755D5D79}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{03DF6D8F-E4DC-4F73-BB58-8E22913DCCDC}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{904E926A-2885-476E-B2CD-1EF7401BA00F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{799FABC3-3884-419D-A41C-583A9A736C08}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{FF79E429-AF57-46BA-B2AD-49B5E710C699}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{A4A0930F-91C5-4FC6-AC61-BA56E7E6C08E}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{FB231FF9-CAE4-4AB7-846A-03BEA4933891}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{6D95A096-6F5B-49F7-8208-24A0CA684233}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{37C035C8-4069-4167-93B0-F2853296CAE1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{D6FEBC86-5661-4AEF-9CDD-0EE97C400641}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{1750E6B5-5921-4729-A82B-5E8317300B43}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{B2D77C66-4F33-48D3-A749-03CCF155346B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{10A75EF6-5967-4ED1-94F1-A4BC812EAD35}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{4518B821-1F4A-4D1E-B891-7E0292689809}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{2660A49E-F5BD-446B-AD37-DFD5A9E5218B}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe
FirewallRules: [{D51719F3-F69D-4D73-B765-9BBEEDBDBEB2}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{F8AEB7DD-DD0E-4AF7-A3B2-ED4D82F0350E}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe
FirewallRules: [{DE438FE6-6BC2-429F-8E08-78723B225893}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0C54C173-FB3A-4D59-AF94-E2E464C542DE}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{0169C168-E6FF-4CAF-B92D-C99EE6B8DBAF}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{43C72861-D061-4F54-9E72-3A508686FFB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{11E697D2-7664-4A8A-9753-3D7BD286A7B1}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{0211212D-9563-4C01-ABEA-DB95BAE4CC49}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{87E55CBE-062D-40B4-80A6-9AA92797D3CC}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{E5AF01FC-53F9-492A-AC57-C0C3B974AE4A}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{CEF4DBC0-0D01-489F-A241-B92CE2CBE34D}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{554A18EB-7289-49AD-88EC-5FBCD7A5BBEE}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\DMCDaemon.exe
FirewallRules: [{7816B526-AEB4-44DE-8302-B32C50FAE0BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{387FCAAB-7EB2-42F7-9A1D-6373CD2411D4}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo_\WindowsUpnp.exe
FirewallRules: [{7DC84210-42A0-444F-85D3-5B91C52CC2C7}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{80E5699A-2E4A-4447-B1DB-A143FE7CE3F5}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe
FirewallRules: [{31580011-0777-4551-A2B6-1AF966858254}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{51A93DB3-E051-492D-9673-FDD12CE9A81C}] => (Allow) C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe
FirewallRules: [{01708D63-B900-4AE0-AFB2-F0B63D4C38CB}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{F485D25F-21A5-43E8-A4C2-2EF451345C63}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{69B7884D-BA04-4E00-830E-F9814B086771}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{927E816C-8CD7-441E-A1BB-973A26AA74E8}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{1D15E6F6-A2FC-4336-A366-8FEF5D5F9514}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{EFF685F8-E042-4050-9DD6-81EE6EDAF85F}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\DMCDaemon.exe
FirewallRules: [{765DBFA5-9D99-4644-9306-A9329DDC9716}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{14FF00F8-6839-4AFB-A650-13C6CB9C320C}] => (Allow) C:\Program Files (x86)\Acer\Acer Media_\WindowsUpnpMV.exe
FirewallRules: [{E6950A8F-C051-46F7-BC00-4F83E7D6ABAF}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{62F78226-6D80-4462-B557-BE2D69C9E740}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe
FirewallRules: [{4E3C69DF-EE7F-467F-B9D0-8A102662DCD5}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{77342EFC-6F67-4064-B16D-2731D4A3A0BD}] => (Allow) C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe
FirewallRules: [{7C231BFC-3A0F-43F3-B35A-7FD434C76929}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{792EF921-43FB-473D-ABEE-AE3C8ACC223F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{77F49961-CA16-4D1E-AE34-E6D7FCAA198F}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{A7D26F2C-BDDB-4DF1-9EC3-DAB88D7BB295}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal\ccd.exe
FirewallRules: [{CEEB7A05-CBA7-43CE-847C-BD8FE9EA2CA7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A4DFB1C4-6435-4E6D-99D3-ACF6C8072A6F}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5402E875-A160-43C4-99C8-6839BB202EB9}] => (Allow) LPort=8317
FirewallRules: [{4C8564F3-75D5-4DBD-AADE-654E565A2E26}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal_\ccd.exe
FirewallRules: [{FB0B0A9C-2671-4E04-8524-D755FAC1B954}] => (Allow) C:\Program Files (x86)\Acer\Acer Portal_\ccd.exe
FirewallRules: [{87723E77-69C8-41AB-BA33-1B7DCC5C3FD3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{71740F01-3709-4538-BD7C-CD3DF6B89B2D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{39E87825-B732-49BF-A89C-64AEE8E0B2D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4EA27E7D-8884-4C35-878F-2FD622FEDAB7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8CB665FF-5884-46DF-889A-AEF2E0CFB768}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{30A1FACE-6A9B-444E-A4CC-9EA094E3023D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4809EAF3-9083-48E1-8CDA-9CAE8DA7323B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2DEDEEB5-791E-403C-8DAD-0E88FCCC48D4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{015D49A6-0B03-48B9-8658-2FEF7D547AFB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{66798C71-15A1-4B21-856F-53F09300D7E8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3ECCC834-45E4-43F3-A455-3741A4D41108}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C8823EB8-BAA9-45BE-9DF0-4BE895292143}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{645B639D-75B5-4F16-9B71-0D88B61B677C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5C820D8A-D80C-4375-A628-AD7381DFE490}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D79CE241-8BD5-401B-A41E-E1183D31CCC3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2DDE760F-7736-44B5-9C8E-EE854B59A6A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6647EA8B-2D33-4366-A483-CD206C105622}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D3163AB2-D553-4224-B4D0-CDC3BF3B36CA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{32C5C62A-2318-4C41-8B47-2EE88D2968F2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D6C0D115-4EE8-4FDA-A5F2-AEF47605D007}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BCEF4833-DDF5-4CD2-827E-CF84F33C4546}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{701E6E22-ED6D-4179-9BE9-D5C8F40C7771}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9BEA52B2-CA16-48A3-B64B-7077FE08EEB5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AFAC5B53-4C06-4455-842C-E7AB674A3D08}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F4EE1DC4-9462-4ABF-9776-EB3458F0E8E1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2FFBE112-3ABF-4E64-96D9-CC8A7CCD2025}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{62EC478D-844C-4520-8EFE-459133FE5E52}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8634EED3-74AD-4726-8EC2-F721A85504C0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{15E4A47A-FA7E-4B98-AD53-06F3DFA2F043}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C7F66627-E555-4501-A866-142CC9358731}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{60CA849D-C3BD-4FC1-A87D-1FEC6104B561}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{04A61926-1AE4-45D5-A53C-65B7CC4CC1AC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E78CD956-3431-487C-8DBE-EC3FFCB40745}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6415CE35-CB8C-4E1C-9903-6FBE0EF34EF2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{37B73284-157D-4DC0-A85D-73233E83DE16}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{398AEBDD-5918-48F1-BC8E-54CF2EE41D82}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4B8C26E6-6D1B-47BD-9D6E-F72FC1E11067}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{180F4E72-8CAF-465E-BDD6-FEA736E83068}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4404EBF0-6540-461F-85F7-482A191CD4D5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{214CEA2A-2629-4E2D-8046-7D2FAD6F6451}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A0C3704B-A913-4891-92C7-30583F3C0DF8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8D89F264-DFF1-4414-803B-48A35C20B809}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BA257BC1-6076-4933-8F86-B0838A008AC6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1A81DC15-5ACB-4FDF-9C21-886358941FE3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BB030AC3-E785-4AB2-A85A-BC8D7795ED09}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{ADF755D8-7DE1-4D11-988B-3959B1074934}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{981EDF8C-C80A-4FEB-A981-8E55CBC2AAF2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E69FDCC2-DE8F-45D6-A7A0-FE7BA17B971A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7104545B-919C-456E-A8FD-FEB8BC79B3CF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2AA76ABA-F713-4420-953D-B2CC3C464D49}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9AC60D0E-58CC-4CF3-A8ED-EC46820EE268}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CD80BFB3-3167-40C9-A317-A82D1B8C435D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F5DAD0D6-EF58-49AB-B47A-8DC867226CCD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A8488782-CC47-4E0E-9B8A-BCCBDE059BC9}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7BA87BD7-45E0-4CCB-A754-861D8ACC36F8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4BFA33B3-6A54-4F87-A723-B753283739C7}] => (Allow) C:\Users\Family\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
FirewallRules: [{8AE5925E-3110-4559-82A9-323BB113DFA4}] => (Allow) C:\Users\Family\AppData\Local\vghd\bin\VirtuaGirl_Downloader.exe
FirewallRules: [{DD073C9F-18CB-4D62-B335-E0A9665320FD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{4DD437E5-BEE1-4A60-BBF6-0CE1601C7093}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{13A59FC0-0F0A-48B9-985F-99F6AD5A1BD1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{D6860FB6-8108-4FB4-9987-A0AB02E4C9B2}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{211C7597-B0A7-4C8D-A660-CFEE4FADE71E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{76750A1B-FC70-46A5-BCCB-26C6A4AC09E9}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{3F3290FC-5B1C-4526-B3A6-4C149CD4E6EB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{12B417E4-82A8-428C-A52E-E077BD80A7AF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{A5493FEB-660C-4C50-8379-45A2FF5858B2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{EB7E388B-C4F4-4ACB-824F-D8A4CBD1DDB0}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{B8E6047D-2F6C-439D-8E86-38D6CDA51007}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{6F29EF6B-2182-4C7B-9996-2BC1D06F5D23}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{1752C813-3AE1-4B2C-BEB1-7B530589C500}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E453D347-85D2-436D-81E1-E12206352B7C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8446C45D-E0E0-4FD6-BB68-035E33485ED7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4E1CDD22-96EC-48D9-B863-17F11710C82A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6D191EA5-A289-4DC5-B311-81B8220EDBE6}] => (Allow) C:\Users\Family\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{C8A1C063-94BA-4FDB-BC98-BEB6D36A5785}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{D6F5BE21-7ECD-4958-8EF6-EE776CA3640C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{325C8FC9-5412-4CEB-B5E3-0FFBAEAB0212}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7A957962-7601-4D78-9348-47E7E6598B7D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{74F9084D-7689-4F4E-A7A6-AAD44E308F39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D346F46E-AD10-4682-BD4D-DF116823E7FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BA6E60D-0DF6-4018-AAEF-94EC3DF50E5F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0393F4E-CA18-40A7-839E-47F742A52E36}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFA51FC7-A4C9-4EBB-94AC-92638C59A3B4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{AD4A9B32-3093-4B14-B71B-4D50C09A57B1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{FD7B4747-B855-4989-87A2-1900FE2B527D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{5B8C7557-5CCD-4740-ADF6-0CD7E0502E9E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{A5C2FD5D-497B-4322-8FD0-F26EE54F24D0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{7B7699D4-50FC-49D6-A07F-14D2B9E23A01}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{3F0A7375-7A3F-47DE-A4DE-2180D2EF4579}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{A3D6AD20-2511-4863-A647-84303A408C91}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{ADE4BEB6-CB21-4049-9FF9-14E7A09996EC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{12D7C010-E124-4F58-80CC-11A985D10B1B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{C7D0F0E3-1ECD-4061-AA30-565CDAB50749}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{B46E9C61-58CB-4DDC-A97E-392AD89E21E1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{AC7BD405-7C1F-44E9-86DF-1687C776AC94}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{6893EB42-AF3F-4AF5-BA90-DCFD6E51F009}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{D10F6F38-A44C-4E53-A5A7-2CB9757A3265}] => (Allow) C:\Program Files (x86)\Hide ALL IP\HideAllIP.exe
FirewallRules: [{E87076A5-F778-4224-BEDB-6601FDC09F50}] => (Allow) C:\Program Files (x86)\Hide ALL IP\HideAllIP.exe
FirewallRules: [{CDABB852-C8BE-4E50-B153-C91C8AF9B433}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AA28C228-7A1A-4850-9023-6EC68FC38AEA}] => (Allow) C:\Users\Family\AppData\Local\Temp\nsm2A3C.tmp\CnetInstaller-75984825.exe
FirewallRules: [{E12BBDBF-A081-4F0C-A654-31090EE94369}] => (Allow) C:\Users\Family\AppData\Local\Temp\nsm2A3C.tmp\CnetInstaller-75984825.exe
FirewallRules: [{4517ACC0-2B1D-40ED-AACF-80E1C200AABE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A792C31-9FC7-416B-80B7-4824DF8F9D5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B31096AB-BADA-4B34-BD15-557EC05F8787}] => (Allow) C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe
FirewallRules: [{282CBE4E-4ADD-4133-8189-6495A36B1F61}] => (Allow) C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe
FirewallRules: [{5FFC3F37-E089-4F1B-90AE-FCEA91B3AC78}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{7D5C3D1A-1E20-4350-992B-015F90D99E91}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3711DFC9-FB65-4493-9EE4-C3D3C9289A5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5B2D251C-EB1D-4E3C-9C99-A8B0AA36B1D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{083D4B1E-A5B2-4F94-ADAF-33ECB8B69BEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2FEC740D-A19A-45EB-A1D8-8B2FCB76EB7B}] => (Allow) C:\Users\Family\AppData\Local\Temp\nsr4D33.tmp\Installer-10950815.exe
FirewallRules: [{9B7EB1FD-CCB3-4C62-9C16-45895B11D07C}] => (Allow) C:\Users\Family\AppData\Local\Temp\nsr4D33.tmp\Installer-10950815.exe
FirewallRules: [{290E307F-BB3F-4A94-9DDB-FAD3A4CFC0DD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{3ED6C59A-511D-4DAE-BAB0-BC4E2A1E9509}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D1984DCD-9894-492D-9035-6EDFB5EFBC0C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D3F0B127-5522-4CA9-AE26-5E1304142DF8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{8940BF63-2975-4F30-8456-60122FDE2558}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8F6CB774-5B92-4AF2-9673-929EB2F7E8E5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{E9CB5C3D-63A0-48C2-88C2-E5B8A11BAA52}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{C6AC88DA-BA60-4A4B-B6D2-278F8119508C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{6A57FE53-5185-454E-A7E7-36F1D3779D56}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{227080C3-F6AB-4D04-95F6-2FD1DAAB99E0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{ED124DD1-1684-43AE-BD10-D030E0C0E5F6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{59783DBF-7862-4756-AE1A-AE24CF0402E2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5A78430F-D518-4519-8EFC-40E8FCF3B3FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F844AD53-2E11-43BB-B2CF-2B128AB8CDB3}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7FE5A8AA-682F-4E00-A2B8-91D729D55C6B}] => (Allow) C:\Users\Family\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE0057A6-3071-4D1A-BF3D-30691D454E8C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Driver Updater\DriverUpdater.exe] => Enabled:Driver Updater
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2015 04:42:22 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
 
Error: (07/20/2015 04:24:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.134 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a18
 
Start Time: 01d0c32cbb401208
 
Termination Time: 14
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 9b688dad-2f25-11e5-82dd-f80f41b10835
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/20/2015 11:30:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.7, time stamp: 0x5549779c
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0xc0000005
Fault offset: 0x00011891
Faulting process id: 0x1e1c
Faulting application start time: 0xBackgroundAgent.exe0
Faulting application path: BackgroundAgent.exe1
Faulting module path: BackgroundAgent.exe2
Report Id: BackgroundAgent.exe3
Faulting package full name: BackgroundAgent.exe4
Faulting package-relative application ID: BackgroundAgent.exe5
 
Error: (07/20/2015 11:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7625
 
Error: (07/20/2015 11:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7625
 
Error: (07/20/2015 11:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 11:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6375
 
Error: (07/20/2015 11:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6375
 
Error: (07/20/2015 11:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5344
 
 
System errors:
=============
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AVG Firewall service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/20/2015 04:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (07/20/2015 04:38:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (07/20/2015 04:38:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PLFlash DeviceIoControl Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/20/2015 04:38:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Technology Access Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (07/20/2015 04:42:22 PM) (Source: nssm) (EventID: 1018) (User: )
Description: AppDirectoryThe operation completed successfully.
 
Error: (07/20/2015 04:24:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.1341a1801d0c32cbb40120814C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9b688dad-2f25-11e5-82dd-f80f41b10835
 
Error: (07/20/2015 11:30:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: BackgroundAgent.exe1.0.1.75549779cMSVCR100.dll10.0.40219.3254df2be1ec0000005000118911e1c01d0c2e1ab6de862C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll984d4b3c-2efc-11e5-82dd-f80f41b10835
 
Error: (07/20/2015 11:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7625
 
Error: (07/20/2015 11:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7625
 
Error: (07/20/2015 11:23:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 11:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6375
 
Error: (07/20/2015 11:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6375
 
Error: (07/20/2015 11:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/20/2015 11:23:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5344
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU J1900 @ 1.99GHz
Percentage of memory in use: 72%
Total physical RAM: 3984.12 MB
Available physical RAM: 1105.29 MB
Total Virtual: 5328.12 MB
Available Virtual: 904.88 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.89 GB) (Free:640.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9856BC33)
 
Partition: GPT Partition Type.
 
==================== End of log ===========================
 
when i open my browser its seems to be gone :)

Edited by mrxxx1, 20 July 2015 - 05:10 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 21 July 2015 - 07:31 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (1).lnk -> C:\ProgramData\{30d35a49-1069-b89f-30d3-35a491066924}\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (1).exe (No File)
ShortcutTarget: Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (2).lnk -> C:\ProgramData\{857cc437-967f-92e5-857c-cc43796710de}\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents (2).exe (No File)
ShortcutTarget: Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents.lnk -> C:\ProgramData\{e1a96a35-5e90-61cc-e1a9-96a355e9a8d5}\Download 21 (2008) 1080p BluRay x265 - ceeejay Torrent - KickassTorrents.exe (No File)
ShortcutTarget: HL-DT-ST GHB0N Driver.lnk -> C:\ProgramData\{0af78ef6-54de-f549-0af7-78ef654d3bd9}\HL-DT-ST GHB0N Driver.exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Trash Keys Finder 3.9.2.0 Full.lnk [2015-01-15]
ShortcutTarget: Registry Trash Keys Finder 3.9.2.0 Full.lnk -> C:\ProgramData\{2d84f405-eebb-0f83-2d84-4f405eebd017}\Registry Trash Keys Finder 3.9.2.0 Full.exe (No File)
Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sevenzip-setup-rx.lnk [2015-04-20]
ShortcutTarget: sevenzip-setup-rx.lnk -> C:\ProgramData\{c37225b2-dff5-71f9-c372-225b2dff96cb}\sevenzip-setup-rx.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-4061471432-1510629354-1952062893-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: No Name - C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\c8ts1jja.default-1423617873768\extensions\sweetsearch@gmail.com [not found]
CHR Extension: (Ebates Cash Back) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-05-29]
CHR HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4061471432-1510629354-1952062893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
Task: {C8EAB3A7-89F6-406B-969B-A3BEC17AD24B} - \avabvbxvh No Task File <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:38 AM

Posted 27 July 2015 - 07:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users