Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeing redirects to websites like tradeexchange.com while browsing


  • This topic is locked This topic is locked
17 replies to this topic

#1 kainak

kainak

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 25 August 2015 - 04:29 PM

Browsing using google chrome I get redirected to websites like tradeexchange.com randomly and websites telling me to call numbers to clear infection. It may be an hour or may be a few minutes into my browsing I don't know, seems independent of the site I'm currently on.
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
Ran by rshih (administrator) on BOOSBO (25-08-2015 14:20:21)
Running from C:\Users\rshih\Desktop
Loaded Profiles: rshih & Guest &  (Available Profiles: rshih & Guest)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\rshih\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-07-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4939800 2015-08-23] (Emsisoft Ltd)
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKU\S-1-5-21-2755757321-914615061-785180251-1001\...\Run: [Dropbox Update] => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2755757321-914615061-785180251-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Dropbox Update] => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\rshih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2755757321-914615061-785180251-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2755757321-914615061-785180251-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2755757321-914615061-785180251-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2755757321-914615061-785180251-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3AB8C376-B10E-43A3-B17C-C585667E6653}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\rshih\AppData\Roaming\Mozilla\Firefox\Profiles\mx0u1kYH.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-06-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-06-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-12-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\rshih\AppData\Roaming\Mozilla\Firefox\Profiles\mx0u1kYH.default\Extensions\abs@avira.com [2014-12-26]
 
Chrome: 
=======
CHR Profile: C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-26]
CHR Extension: (Google Docs) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-26]
CHR Extension: (Google Drive) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (YouTube) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Remove Google Redirection) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhjklgpiifbofihffldllbcopkinlod [2015-08-22]
CHR Extension: (Google Sheets) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-26]
CHR Extension: (Avira Browser Safety) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-26]
CHR Extension: (Video Downloader Super) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghciphhakbampjemlfbahnhhaemoeolf [2015-03-07]
CHR Extension: (AdBlock) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Page Monitor) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2015-05-28]
CHR Extension: (Gmail) - C:\Users\rshih\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5531008 2015-08-23] (Emsisoft Ltd)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-07-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-07-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-07-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-23] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-06-24] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-30] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AsrVDrive; C:\Windows\system32\DRIVERS\AsrVDrive.sys [24400 2012-10-01] (ASRock Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-07-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 cpuz138; C:\Users\rshih\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2015-08-23] (CPUID)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-12-26] (Intel Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26392 2014-12-30] (DEVGURU Co., LTD.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-21] ()
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33472 2015-02-06] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 14:20 - 2015-08-25 14:20 - 00022198 _____ C:\Users\rshih\Desktop\FRST.txt
2015-08-25 14:18 - 2015-08-25 14:20 - 00000000 ____D C:\FRST
2015-08-25 14:17 - 2015-08-25 14:17 - 02186752 _____ (Farbar) C:\Users\rshih\Desktop\FRST64.exe
2015-08-25 14:15 - 2015-08-16 17:58 - 1432399809 _____ C:\Users\rshih\Desktop\ab0199.mp4
2015-08-25 02:45 - 2015-08-25 02:45 - 00383025 _____ C:\Users\rshih\Downloads\[kat.cr]tushy.riley.reid.riley.reid.being.riley.chapter.1.08.17.2015.new.august.17.2015.720p.mp4.torrent
2015-08-25 02:40 - 2015-08-25 06:30 - 2114234948 _____ C:\Users\rshih\Desktop\RileyReidTutored.mp4
2015-08-25 00:44 - 2015-08-25 00:44 - 00000136 _____ C:\Users\rshih\Desktop\67 timeline.txt
2015-08-23 22:16 - 2015-08-23 22:19 - 00065536 _____ C:\Users\rshih\Desktop\stronglifts-5x5-lb.xls
2015-08-23 19:35 - 2015-08-23 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-23 19:31 - 2015-08-23 21:13 - 00000000 ____D C:\Users\rshih\Desktop\mbar
2015-08-23 19:31 - 2015-08-23 19:31 - 16563304 _____ (Malwarebytes Corp.) C:\Users\rshih\Desktop\mbar-1.09.2.1008.exe
2015-08-23 19:11 - 2015-08-23 19:11 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-23 19:11 - 2015-08-23 19:11 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-23 19:10 - 2015-08-23 19:15 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-23 10:48 - 2015-08-23 10:48 - 00000000 ____D C:\ProgramData\Emsisoft
2015-08-23 10:03 - 2015-08-25 13:32 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-08-23 10:03 - 2015-08-23 19:10 - 11032736 _____ (SurfRight B.V.) C:\Users\rshih\Desktop\HitmanPro_x64.exe
2015-08-23 10:03 - 2015-08-23 10:03 - 00001103 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-08-23 10:03 - 2015-08-23 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-08-23 10:03 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2015-08-23 10:02 - 2015-08-23 10:02 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\rshih\Desktop\EmsisoftAntiMalwareSetup.exe
2015-08-23 09:35 - 2015-08-23 09:35 - 01199856 _____ ( ) C:\Users\rshih\Desktop\hwmonitor_1.28.exe
2015-08-22 22:37 - 2015-08-22 22:37 - 00000448 _____ C:\Users\rshih\Desktop\SO MANY COURSES FK.txt
2015-08-22 13:30 - 2015-08-22 22:21 - 00001970 _____ C:\Users\rshih\Desktop\my choices.txt
2015-08-21 15:26 - 2015-08-21 15:35 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-21 15:26 - 2015-08-21 15:26 - 18758216 _____ C:\Users\rshih\Desktop\RogueKiller.exe
2015-08-21 15:26 - 2015-08-21 15:26 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-21 15:14 - 2015-08-21 15:17 - 00000000 ____D C:\AdwCleaner
2015-08-21 15:13 - 2015-08-21 15:13 - 01605632 _____ C:\Users\rshih\Desktop\AdwCleaner.exe
2015-08-21 15:12 - 2015-08-21 15:12 - 01798576 _____ (Malwarebytes Corporation) C:\Users\rshih\Desktop\JRT.exe
2015-08-21 15:08 - 2015-08-21 15:08 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\rshih\Desktop\123.com.exe
2015-08-21 14:13 - 2015-08-25 13:17 - 01175067 _____ C:\Windows\WindowsUpdate.log
2015-08-21 14:10 - 2015-08-25 00:26 - 00000696 _____ C:\Windows\setupact.log
2015-08-21 14:10 - 2015-08-21 14:10 - 00000000 _____ C:\Windows\setuperr.log
2015-08-21 14:07 - 2015-08-21 14:08 - 00153340 _____ C:\Users\rshih\Documents\cc_20150821_140744.reg
2015-08-21 14:05 - 2015-08-21 14:05 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\rshih\Desktop\rkill64.com
2015-08-21 14:04 - 2015-08-21 14:04 - 00000000 ____D C:\Windows\pss
2015-08-21 13:55 - 2015-07-17 19:33 - 08418584 _____ (Piriform Ltd) C:\Users\rshih\Desktop\CCleaner64.exe
2015-08-21 13:55 - 2015-07-17 19:33 - 06453528 _____ (Piriform Ltd) C:\Users\rshih\Desktop\CCleaner.exe
2015-08-21 13:54 - 2015-08-21 13:54 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\rshih\Desktop\rkill.com
2015-08-21 13:53 - 2015-08-21 13:53 - 06569196 _____ C:\Users\rshih\Desktop\ccsetup508.zip
2015-08-21 12:53 - 2015-08-21 13:00 - 00000000 ____D C:\Users\rshih\Desktop\Mr.Robot.S01E09.720p.HDTV.x264-KILLERS[rarbg]
2015-08-21 12:52 - 2015-08-21 12:53 - 00060586 _____ C:\Users\rshih\Downloads\[kat.cr]mr.robot.s01e09.720p.hdtv.x264.killers.rartv.torrent
2015-08-21 12:51 - 2015-08-21 12:51 - 02870984 _____ (ESET) C:\Users\rshih\Desktop\esetsmartinstaller_enu.exe
2015-08-21 12:46 - 2015-08-21 12:46 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-19 09:10 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 09:10 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 09:05 - 2015-08-21 13:51 - 00000000 ____D C:\Users\rshih\Desktop\Mr. Robot season 1
2015-08-18 08:52 - 2015-08-18 09:11 - 00000000 ____D C:\Users\rshih\Desktop\CCE applications ive done
2015-08-17 19:12 - 2015-08-22 13:56 - 00001913 _____ C:\Users\rshih\Desktop\premed schools.txt
2015-08-17 18:12 - 2015-08-20 18:44 - 00000809 _____ C:\Users\rshih\Desktop\fyf fest next yr maybe.txt
2015-08-17 14:28 - 2015-08-17 14:28 - 11337665 _____ C:\Users\rshih\Desktop\Bio99+Lecture+1.pptx
2015-08-17 14:24 - 2015-08-19 10:00 - 00000000 ____D C:\Users\rshih\Desktop\you want it then prove it
2015-08-17 00:51 - 2015-08-17 01:14 - 00002579 _____ C:\Users\rshih\Desktop\voice_60 times.txt
2015-08-14 18:58 - 2015-08-14 19:58 - 142012774 _____ C:\Users\rshih\Desktop\i-hear-your-voice-episode-03.mp4
2015-08-14 11:59 - 2015-08-14 11:59 - 00018833 _____ C:\Users\rshih\Downloads\[kat.cr]mr.robot.s01e08.hdtv.x264.killers.ettv (1).torrent
2015-08-14 10:36 - 2015-08-14 10:36 - 00018833 _____ C:\Users\rshih\Downloads\[kat.cr]mr.robot.s01e08.hdtv.x264.killers.ettv.torrent
2015-08-11 22:31 - 2015-07-30 07:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 22:31 - 2015-07-30 06:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 19:45 - 2015-07-15 17:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 19:45 - 2015-07-15 17:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 19:45 - 2015-07-15 17:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 19:45 - 2015-07-15 17:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 19:45 - 2015-07-10 10:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 19:44 - 2015-07-18 18:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 19:44 - 2015-07-18 11:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 19:44 - 2015-07-18 11:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 19:44 - 2015-07-18 11:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 19:44 - 2015-07-18 11:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 19:44 - 2015-07-18 11:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-11 19:44 - 2015-07-18 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 19:44 - 2015-07-18 11:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 19:44 - 2015-07-18 11:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 19:44 - 2015-07-18 11:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 19:44 - 2015-07-18 11:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 19:44 - 2015-07-18 11:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 19:44 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 19:44 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 19:44 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 19:44 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 19:44 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 19:44 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 19:44 - 2015-07-16 12:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-11 19:44 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 19:44 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 19:44 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 19:44 - 2015-07-16 12:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-11 19:44 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 19:44 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 19:44 - 2015-07-16 12:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-11 19:44 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 19:44 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 19:44 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 19:44 - 2015-07-16 12:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-11 19:44 - 2015-07-16 12:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-11 19:44 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 19:44 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 19:44 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 19:44 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 19:44 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 19:44 - 2015-07-16 11:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-11 19:44 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 19:44 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 19:44 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 19:44 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 19:44 - 2015-06-09 11:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-11 19:43 - 2015-07-29 07:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 19:43 - 2015-07-29 07:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 19:43 - 2015-07-29 07:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 19:43 - 2015-07-28 16:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 19:43 - 2015-07-28 07:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 19:43 - 2015-07-28 07:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 19:43 - 2015-07-28 07:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 19:43 - 2015-07-28 07:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 19:43 - 2015-07-28 07:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 19:43 - 2015-07-28 07:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 19:43 - 2015-07-24 11:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 19:43 - 2015-07-24 11:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 19:43 - 2015-07-24 11:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 19:43 - 2015-07-24 10:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 19:43 - 2015-07-24 10:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 19:43 - 2015-07-14 14:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-11 19:43 - 2015-07-14 14:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-11 19:43 - 2015-07-14 14:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-11 19:43 - 2015-07-13 20:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 19:43 - 2015-07-13 20:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 19:43 - 2015-07-13 12:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 19:43 - 2015-07-13 12:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 19:43 - 2015-07-10 11:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 19:43 - 2015-07-10 10:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 19:43 - 2015-07-10 10:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 19:43 - 2015-07-10 10:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 19:43 - 2015-07-10 09:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 19:43 - 2015-07-10 09:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 19:43 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 19:43 - 2015-07-09 10:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 19:43 - 2015-07-09 09:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 19:43 - 2015-07-07 02:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-11 19:43 - 2015-07-07 02:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-11 19:43 - 2015-07-07 02:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-11 19:43 - 2015-07-01 15:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 19:43 - 2015-07-01 15:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 19:43 - 2015-07-01 14:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 19:43 - 2015-07-01 14:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 19:43 - 2015-06-12 10:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-11 19:43 - 2015-06-12 09:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-11 19:43 - 2015-06-11 13:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-11 19:43 - 2015-06-11 13:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-11 19:43 - 2015-05-11 17:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 17:55 - 2015-08-11 17:56 - 00000000 ____D C:\Users\rshih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-09 20:02 - 2015-08-09 20:09 - 00000000 ____D C:\Users\rshih\Desktop\Fringe.Season.1-2-3-4-5.Complete.ILPruny
2015-08-09 20:02 - 2015-08-09 20:02 - 00043186 _____ C:\Users\rshih\Downloads\[kat.cr]fringe.season.1.2.3.4.5.complete.ilpruny.torrent
2015-08-09 12:50 - 2015-08-12 12:11 - 00000000 ____D C:\Users\rshih\Desktop\Black Mirror
2015-08-09 12:50 - 2015-08-09 12:50 - 00020537 _____ C:\Users\rshih\Downloads\[kat.cr]black.mirror.s01.and.02.tvrip.xvid.slimoo.torrent
2015-08-05 22:49 - 2015-08-05 22:49 - 00058706 _____ C:\Users\rshih\Downloads\[kat.cr]mr.robot.s01e07.720p.hdtv.x264.killers.rartv.torrent
2015-08-04 15:14 - 2015-08-04 15:14 - 00052645 _____ C:\Users\rshih\Downloads\[kat.cr]mr.robot.s01e06.720p.hdtv.x264.immerse.rartv.torrent
2015-08-03 22:24 - 2015-08-04 14:17 - 00000000 ____D C:\Users\rshih\Desktop\The.Office.US.S02.Season.2.Complete.720p.HDTV.x264-[maximersk]
2015-08-03 22:23 - 2015-08-03 22:23 - 00030239 _____ C:\Users\rshih\Downloads\[kat.cr]the.office.us.s02.season.2.complete.720p.hdtv.x264.maximersk.torrent
2015-08-03 22:23 - 2015-08-03 22:23 - 00015325 _____ C:\Users\rshih\Downloads\[kat.cr]the.office.us.s01.season.1.complete.720p.hdtv.x264.maximersk.torrent
2015-08-01 23:13 - 2015-08-01 23:13 - 00070939 _____ C:\Users\rshih\Desktop\2015B Calendar  58 percent.ods
2015-07-31 17:40 - 2015-07-31 17:40 - 00062361 _____ C:\Users\rshih\Downloads\[kat.cr]nubiles.porn.lust.natalie.lust.1080p.mp4.torrent
2015-07-31 17:39 - 2015-07-31 17:39 - 00013792 _____ C:\Users\rshih\Downloads\[kat.cr]teensdoporn.natalie.lust.young.natalies.1st.cock.06.30.2013.torrent
2015-07-31 15:01 - 2015-07-31 15:01 - 00012865 _____ C:\Users\rshih\Downloads\[kat.cr]iknowthatgirl.natalie.lust.shoulda.cleared.the.history.07.torrent
2015-07-30 02:25 - 2015-07-30 02:31 - 00013838 ____H C:\Users\rshih\Desktop\~WRL0003.tmp
2015-07-30 02:25 - 2015-07-30 02:25 - 00012754 ____H C:\Users\rshih\Desktop\~WRL2542.tmp
2015-07-30 01:30 - 2015-07-30 01:30 - 00019148 ____H C:\Users\rshih\Desktop\~WRL1787.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 14:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-25 14:01 - 2015-06-16 16:50 - 00000932 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2755757321-914615061-785180251-1001UA.job
2015-08-25 13:28 - 2014-12-26 09:13 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-25 12:01 - 2015-06-16 16:50 - 00000880 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2755757321-914615061-785180251-1001Core.job
2015-08-25 03:30 - 2015-01-23 21:40 - 00000000 ____D C:\Users\rshih\AppData\Roaming\uTorrent
2015-08-25 03:13 - 2014-12-28 20:13 - 00000000 ____D C:\Users\rshih\AppData\Roaming\vlc
2015-08-25 02:37 - 2014-09-24 00:17 - 00342586 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-25 00:29 - 2015-04-08 20:16 - 00000000 ____D C:\Users\rshih\Dropbox
2015-08-25 00:26 - 2014-12-26 09:12 - 00016979 _____ C:\Windows\SysWOW64\Gms.log
2015-08-23 22:19 - 2014-12-26 08:37 - 00000000 ____D C:\Users\rshih\AppData\Local\Packages
2015-08-23 19:35 - 2014-12-26 12:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 19:32 - 2014-12-26 12:19 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-23 10:49 - 2014-12-26 08:42 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2755757321-914615061-785180251-1001
2015-08-23 09:46 - 2015-04-08 19:58 - 00000000 ____D C:\Users\rshih\AppData\Roaming\Dropbox
2015-08-23 09:46 - 2014-12-26 09:13 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-23 09:45 - 2014-12-28 00:54 - 00000000 ____D C:\ProgramData\VMware
2015-08-23 09:45 - 2014-12-26 08:37 - 00000000 ____D C:\Users\rshih
2015-08-23 09:45 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-23 09:37 - 2014-12-27 21:00 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-08-21 15:02 - 2014-12-26 10:14 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-08-21 14:07 - 2015-01-01 23:39 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-21 14:07 - 2014-12-27 20:49 - 00000000 ____D C:\Windows\Minidump
2015-08-21 14:07 - 2014-12-26 08:26 - 00000000 ____D C:\Windows\Panther
2015-08-21 13:57 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-21 12:46 - 2014-12-26 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-21 12:46 - 2014-12-26 12:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-19 09:11 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-19 08:14 - 2015-06-26 13:27 - 00000000 ____D C:\Users\rshih\Desktop\Mad.Max.Fury.Road.2015.1080p.WEB-DL.DD5.1.H264-RARBG
2015-08-16 22:13 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-08-14 12:54 - 2015-02-07 19:11 - 00000000 ____D C:\Program Files (x86)\Diablo II
2015-08-13 22:28 - 2013-08-22 07:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 22:26 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 22:26 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 22:26 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 22:26 - 2013-08-22 08:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 22:26 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 22:26 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-11 22:31 - 2014-12-27 21:29 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 22:26 - 2014-12-27 21:29 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 22:25 - 2015-04-16 03:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-11 22:25 - 2014-09-24 02:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-08 06:55 - 2014-09-24 03:03 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 06:55 - 2014-09-24 03:03 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 13:07 - 2015-01-27 21:11 - 00000000 ____D C:\Users\rshih\Desktop\outfits
2015-07-31 12:16 - 2014-12-26 08:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-31 12:15 - 2014-12-26 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-29 15:21 - 2015-07-19 23:52 - 00000279 _____ C:\Users\rshih\Desktop\refres.txt
2015-07-28 14:54 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-28 14:37 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-28 01:36 - 2014-12-26 09:15 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-07-28 01:36 - 2014-12-26 09:15 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
 
==================== Files in the root of some directories =======
 
2014-12-26 11:23 - 2014-12-26 11:23 - 0000017 _____ () C:\Users\rshih\AppData\Local\resmon.resmoncfg
2014-12-26 09:02 - 2014-12-26 09:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\rshih\AppData\Local\Temp\avgnt.exe
C:\Users\rshih\AppData\Local\Temp\dllnt_dump.dll
C:\Users\rshih\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifgopa.dll
C:\Users\rshih\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rshih\AppData\Local\Temp\sfareca00001.dll
C:\Users\rshih\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-23 10:49
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
Ran by rshih (2015-08-25 14:20:48)
Running from C:\Users\rshih\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2755757321-914615061-785180251-500 - Administrator - Disabled)
Guest (S-1-5-21-2755757321-914615061-785180251-501 - Limited - Enabled) => C:\Users\Guest
rshih (S-1-5-21-2755757321-914615061-785180251-1001 - Administrator - Enabled) => C:\Users\rshih

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {2F44E1F9-850B-1C7A-0E56-EB2E0A3E20C9}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {9425001D-A331-13F4-34E6-D05C71B96A74}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2755757321-914615061-785180251-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock 3TB+ Unlocker v1.1 (HKLM\...\ASRock 3TB+ Unlocker_is1) (Version: - ASRock Inc.)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-2755757321-914615061-785180251-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
FastStone Capture 8.0 (HKLM-x32\...\FastStone Capture) (Version: 8.0 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.25.1048 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.2.7.1215 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.53.0 - Samsung Electronics Co., Ltd.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2755757321-914615061-785180251-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\rshih\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

06-08-2015 03:22:09 Scheduled Checkpoint
11-08-2015 22:24:24 Windows Update
19-08-2015 09:10:19 Windows Update
21-08-2015 15:21:19 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {40B0CBFC-EA3E-4521-A7BB-9445622DC8BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {53F42ADD-CA37-4F11-8E5F-1C9F5A618C35} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26] (Google Inc.)
Task: {5F53FC34-E277-4F19-B6A9-2C9181C81545} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {68892511-8C77-498E-B806-88D7D150EB07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {7E337974-2BEE-4304-B606-DCA9A74F1417} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {7E7FEE64-EE0D-47A4-8C32-CB0B0B3BEEB6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {8EF03EE6-B437-4BC9-A39D-62685FDAEA68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26] (Google Inc.)
Task: {B8729ABD-FC19-44D7-9A8E-69139CEE132D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2755757321-914615061-785180251-1001Core => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {BD7081A4-5DC0-4E8E-B814-50EED23FC313} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C44948C8-7872-47DE-95FE-EBC6F153319D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {F2B94302-265C-4542-AB74-3B1A9050E6F3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2755757321-914615061-785180251-1001UA => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {F6D975A0-8A84-4129-A632-9EF7FF4137F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2755757321-914615061-785180251-1001Core.job => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2755757321-914615061-785180251-1001UA.job => C:\Users\rshih\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-27 00:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-08 22:41 - 2014-05-04 11:02 - 01232880 _____ () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
2015-03-21 20:13 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-01-10 16:39 - 2013-11-18 18:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
2014-12-27 00:40 - 2014-12-27 00:40 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-08-23 09:46 - 2015-08-23 09:46 - 00071168 _____ () c:\users\rshih\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifgopa.dll
2015-03-04 14:45 - 2015-08-05 13:49 - 00012800 _____ () C:\Users\rshih\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-08-05 13:49 - 00779776 _____ () C:\Users\rshih\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 00:40 - 2015-08-05 13:49 - 00056320 _____ () C:\Users\rshih\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-08-05 13:49 - 00012288 _____ () C:\Users\rshih\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-01-10 16:39 - 2011-01-27 01:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll
2014-06-24 17:08 - 2014-06-24 17:08 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-21 20:13 - 2015-01-27 07:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-21 12:29 - 2015-08-17 22:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-21 12:29 - 2015-08-17 22:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-21 12:29 - 2015-08-17 22:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2755757321-914615061-785180251-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rshih\Desktop\sunset in paris.jpg
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\rshih\Desktop\sunset in paris.jpg
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\rshih\Desktop\sunset in paris.jpg
HKU\S-1-5-21-2755757321-914615061-785180251-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2755757321-914615061-785180251-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2755757321-914615061-785180251-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-2755757321-914615061-785180251-1001\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"
HKU\S-1-5-21-2755757321-914615061-785180251-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\Run: => "iFunBox Fast App Install Handler"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{72B0AC40-B375-4A4B-A45F-60365877ABAF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FF3D86DB-0744-4529-BED7-586F24A4C1E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3B30CD3C-0366-4918-A408-65F148A4EF50}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1D4AEF78-7669-4F0B-90B1-2F5C438D2CA8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA1FC8B9-F0D8-47BA-B068-815C17D6D5BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0F88CE6A-9486-422D-AD5F-499A5E638D4F}] => (Allow) C:\Users\rshih\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{999F3C50-67F7-4A46-9497-679DEBF47558}] => (Allow) C:\Users\rshih\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A555321-5BB0-4B3D-A061-3D67FA75E41E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41538898-740C-4E41-8E69-3829F7F2F442}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA06E3D2-6B1D-479E-B52B-F83DB32B5E4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6D8DFB74-8A90-4EA8-AFCA-9DB2D5FF2C03}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41DAAE5D-3419-479B-A0BE-6B65E0F0E94C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{70B8BB07-34DE-444D-881F-9228450445BD}] => (Allow) C:\Users\rshih\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{937F4557-4C59-4A8B-9389-71F1293E64CC}] => (Allow) C:\Users\rshih\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C89DA703-C9F2-41C2-A3A9-F75364BA92E6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D772FA0E-C68E-448F-B165-304B814FA35F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1D06635F-B778-49AB-98F3-6F00E9975D02}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{F3772C5B-BBD5-451D-BD58-DB726150827D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{708A170C-9345-4E7A-94A0-30963A224277}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{E0393E2D-35B1-4D1E-AFE9-6273A663EBA8}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe
FirewallRules: [{B2C92071-A061-44F2-9AED-D120A64A3BED}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1C6EED7D-3E49-4208-86A7-75E9E08DB5B6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C55787A9-E681-4F53-ACD9-79F94656FBAA}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{9B8DD2C9-3964-4C27-A300-86C90469BEDE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{64979059-3A88-4852-B146-1FA2E22760DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2015 12:36:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/23/2015 10:03:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/23/2015 09:46:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/23/2015 09:46:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/22/2015 12:23:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/21/2015 03:21:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/21/2015 03:20:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/21/2015 02:13:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/21/2015 02:12:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (08/21/2015 02:12:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.


System errors:
=============
Error: (08/25/2015 09:55:47 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/25/2015 05:18:02 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/25/2015 05:17:32 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/25/2015 04:02:55 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/25/2015 04:02:25 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/25/2015 03:13:40 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/25/2015 03:13:10 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/25/2015 12:27:11 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/25/2015 12:26:41 AM) (Source: DCOM) (EventID: 10010) (User: boosbo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/25/2015 12:26:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.


Microsoft Office:
=========================
Error: (08/25/2015 12:36:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestc:\users\rshih\desktop\esetsmartinstaller_enu.exe

Error: (08/23/2015 10:03:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

Error: (08/23/2015 09:46:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

Error: (08/23/2015 09:46:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

Error: (08/22/2015 12:23:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

Error: (08/21/2015 03:21:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/21/2015 03:20:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

Error: (08/21/2015 02:13:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe

Error: (08/21/2015 02:12:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Users\rshih\Desktop\esetsmartinstaller_enu.exe

Error: (08/21/2015 02:12:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestC:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe


CodeIntegrity:
===================================
Date: 2015-08-25 05:19:11.400
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:09.407
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:08.886
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:07.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:06.002
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:05.527
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:04.844
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:03.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:02.157
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.

Date: 2015-08-25 05:19:01.604
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-5960X CPU @ 3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 16277.5 MB
Available physical RAM: 11272.69 MB
Total Virtual: 32661.5 MB
Available Virtual: 24279.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2048 GB) (Free:1506.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:6.85 GB) NTFS
Drive n: (Distant Disk) (Fixed) (Total:1678.02 GB) (Free:810.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 61DFF6E9)
Partition 1: (Active) - (Size=2048 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1678 GB) (Disk ID: D2B913A3)
Partition 1: (Not Active) - (Size=1678 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 30 August 2015 - 10:38 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 30 August 2015 - 04:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/588033 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 30 August 2015 - 10:44 PM

Greetings kainak and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Are you having issues with either Firefox or Internet Explorer?

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2015-07-30 02:25 - 2015-07-30 02:31 - 00013838 ____H C:\Users\rshih\Desktop\~WRL0003.tmp
2015-07-30 02:25 - 2015-07-30 02:25 - 00012754 ____H C:\Users\rshih\Desktop\~WRL2542.tmp
2015-07-30 01:30 - 2015-07-30 01:30 - 00019148 ____H C:\Users\rshih\Desktop\~WRL1787.tmp
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\rshih\AppData\Local\Temp\avgnt.exe
C:\Users\rshih\AppData\Local\Temp\dllnt_dump.dll
C:\Users\rshih\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifgopa.dll
C:\Users\rshih\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rshih\AppData\Local\Temp\sfareca00001.dll
C:\Users\rshih\AppData\Local\Temp\sqlite3.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Problems with Firefox or Internet Explorer?
  • Fixlog
  • Result.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 kainak

kainak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 31 August 2015 - 07:11 PM

Hello Gary you can call me Dan. I dont use firefox or internet explorer. 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by rshih (2015-08-31 17:00:53) Run:1
Running from C:\Users\rshih\Desktop
Loaded Profiles: rshih (Available Profiles: rshih & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2015-07-30 02:25 - 2015-07-30 02:31 - 00013838 ____H C:\Users\rshih\Desktop\~WRL0003.tmp
2015-07-30 02:25 - 2015-07-30 02:25 - 00012754 ____H C:\Users\rshih\Desktop\~WRL2542.tmp
2015-07-30 01:30 - 2015-07-30 01:30 - 00019148 ____H C:\Users\rshih\Desktop\~WRL1787.tmp
C:\Users\Guest\AppData\Local\Temp\avgnt.exe
C:\Users\rshih\AppData\Local\Temp\avgnt.exe
C:\Users\rshih\AppData\Local\Temp\dllnt_dump.dll
C:\Users\rshih\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifgopa.dll
C:\Users\rshih\AppData\Local\Temp\sfamcc00001.dll
C:\Users\rshih\AppData\Local\Temp\sfareca00001.dll
C:\Users\rshih\AppData\Local\Temp\sqlite3.dll
*****************
 
C:\Users\rshih\Desktop\~WRL0003.tmp => moved successfully
C:\Users\rshih\Desktop\~WRL2542.tmp => moved successfully
C:\Users\rshih\Desktop\~WRL1787.tmp => moved successfully
C:\Users\Guest\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\rshih\AppData\Local\Temp\avgnt.exe => moved successfully
C:\Users\rshih\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"C:\Users\rshih\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpifgopa.dll" => File/Folder not found.
C:\Users\rshih\AppData\Local\Temp\sfamcc00001.dll => moved successfully
C:\Users\rshih\AppData\Local\Temp\sfareca00001.dll => moved successfully
C:\Users\rshih\AppData\Local\Temp\sqlite3.dll => moved successfully
 
==== End of Fixlog 17:01:12 ====
 
 
 
MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by rshih (administrator) on 31-08-2015 at 17:03:35
Running from "C:\Users\rshih\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® Ethernet Connection (2) I218-V = Ethernet (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet8" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VMware Network Adapter VMnet1" address=192.168.37.1 mask=255.255.255.0
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.20.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : boosbo
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : fios-router.home
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I218-V
   Physical Address. . . . . . . . . : D0-50-99-52-8C-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a519:ce8e:fbfa:8e4b%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.15(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, August 31, 2015 4:18:38 PM
   Lease Expires . . . . . . . . . . : Tuesday, September 1, 2015 4:18:38 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 63983769
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-2F-41-30-D0-50-99-52-8C-C1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-10-10
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4cc3:1aed:ecde:5ae2%6(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 235405351
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-2F-41-30-D0-50-99-52-8C-C1
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet1:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::cd7d:6013:d850:1678%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.37.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 83906646
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-2F-41-30-D0-50-99-52-8C-C1
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::21f8:4915:b9b5:7f48%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.20.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 117461078
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-2F-41-30-D0-50-99-52-8C-C1
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{D6E5A164-C443-4B77-AEF5-90681C58F814}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{39735202-AFB0-4F98-91E4-AFFE903479DF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{660CBBB4-D61F-4D1C-9ABE-C6BFB5EE8568}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.fios-router.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : fios-router.home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4007:808::200e
 63.110.67.86
 63.110.67.84
 63.110.67.88
 63.110.67.91
 63.110.67.89
 63.110.67.87
 63.110.67.85
 63.110.67.90
 
 
Pinging google.com [63.110.67.91] with 32 bytes of data:
Reply from 63.110.67.91: bytes=32 time=7ms TTL=60
Reply from 63.110.67.91: bytes=32 time=5ms TTL=60
 
Ping statistics for 63.110.67.91:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 5ms, Maximum = 7ms, Average = 6ms
Server:  FIOS_Quantum_Gateway.fios-router.home
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=130ms TTL=53
Reply from 206.190.36.45: bytes=32 time=132ms TTL=53
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 130ms, Maximum = 132ms, Average = 131ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...d0 50 99 52 8c c1 ......Intel® Ethernet Connection (2) I218-V
  6...08 00 27 00 10 10 ......VirtualBox Host-Only Ethernet Adapter
 11...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 12...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.15     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.15    266
     192.168.1.15  255.255.255.255         On-link      192.168.1.15    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.15    266
     192.168.20.0    255.255.255.0         On-link      192.168.20.1    276
     192.168.20.1  255.255.255.255         On-link      192.168.20.1    276
   192.168.20.255  255.255.255.255         On-link      192.168.20.1    276
     192.168.37.0    255.255.255.0         On-link      192.168.37.1    276
     192.168.37.1  255.255.255.255         On-link      192.168.37.1    276
   192.168.37.255  255.255.255.255         On-link      192.168.37.1    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.37.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.20.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.1.15    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.37.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.20.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.1.15    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  6    276 fe80::/64                On-link
 11    276 fe80::/64                On-link
 12    276 fe80::/64                On-link
  3    266 fe80::/64                On-link
 12    276 fe80::21f8:4915:b9b5:7f48/128
                                    On-link
  6    276 fe80::4cc3:1aed:ecde:5ae2/128
                                    On-link
  3    266 fe80::a519:ce8e:fbfa:8e4b/128
                                    On-link
 11    276 fe80::cd7d:6013:d850:1678/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    276 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
**** End of log ****
 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 31 August 2015 - 07:25 PM

Hi Dan, glad you are aboard.

I would like you to test Firefox and Internet Explorer. That will help us determine if this is a Chrome specific issue or a broader one. In addition, please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Test Chrome
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Firefox and Internet Explorer?
  • How is Chrome behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 kainak

kainak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 01 September 2015 - 12:40 PM

Firefox and Internet explorer seem to work fine, chrome incognito also seems to be fine as well. Also the redirect is not tradeexchange but tradeadexchange.com  



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 01 September 2015 - 12:48 PM

Thanks for testing that, it really does help. Please do this.

===================================================

Manually Troubleshooting Google Chrome Plug-ins and Extensions

--------------------
  • Launch Chrome normally
  • In the address bar type chrome://plugins and press Enter
  • Click Disable on all plugins
  • Enable one plugin at a time, restart Chrome and check the performance
  • In the address bar type chrome://extensions and press Enter
  • Uncheck any checked items
  • Enable one extensiton at a time, restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 kainak

kainak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 September 2015 - 01:38 PM

Havent experienced any redirects thus far on chrome, disabled everything as suggested, currently only have extension adblock and avira browser safety extension enabled. As for plugins only adobe flash player is enabled and so far still no redirects.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 02 September 2015 - 01:50 PM

Good, so now you can follow the instructions to enable one item at a time, restart Chrome and see if it acts up.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 kainak

kainak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 03 September 2015 - 05:59 PM

dont see any redirects.... all plugins and extensions have been enabled one by one.

 

should I just uninstall the plugins and extensions one by one if I start seeing redirects again?



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 03 September 2015 - 06:06 PM

Monitor it for a day or so and let me know how we do.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 kainak

kainak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 September 2015 - 08:52 PM

no issues thus far, is there any chrome browser extension and plugin scanner application that I can use to scan? Seems like it was browser specific...



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 04 September 2015 - 08:56 PM

Hi Dan,

Although I can't really explain it, there are occasions when disabling then re-enabling extensions resolves an issue. No way to tell which one it was.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Smart Scan (recommended)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 kainak

kainak
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 04 September 2015 - 10:33 PM

Emsisoft Emergency Kit - Version 10.0
Last update: 9/4/2015 8:23:56 PM
User account: boosbo\rshih
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 9/4/2015 8:24:37 PM
 
Scanned 80072
Found 0
 
Scan end: 9/4/2015 8:30:04 PM
Scan time: 0:05:27
 
 
 
 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Antivirus         
Windows Defender        
Emsisoft Anti-Malware   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (44.0.2403.157) 
 Google Chrome (45.0.2454.85) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Emsisoft Anti-Malware a2service.exe   
 Emsisoft Anti-Malware a2guard.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:04 PM

Posted 04 September 2015 - 10:35 PM

Doesn't get any better than that. Are there any remaining issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users