Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keep seeing pop-up ads, links are redirected, words in text are made to links


  • This topic is locked This topic is locked
17 replies to this topic

#1 ppauli

ppauli

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 10 September 2015 - 03:34 AM

A few days ago I most probably got infected with malware. Suddenly my Firefox was (and when checking also Chome and IE) showing advertisement all over the place. In addition, there appear some words in the regular text of web sites (no matter which site,also yours) that are printed bold like this "bitdefenderarrow-10x10.png" and when you run over it an advertisement appears. But also when I move my pointer without clicking over the topic "Forum Rules" on the site where I am typing in this post, an ad appears for a few seconds.
 
Then, when you click on a link on a site, either a new window opens with a completely other address which is an add again or the tab you are on opens another site. When you close this you come back to the original site and sometimes you see the link you originally intended to reach or sometimes you must click again and then it goes. There are also combinations of these problems so it is getting worse from time to time. Sometimes, when you want to fill in a open field (say a search subject) or even click just on a space on a page which does not have a link at all, you are also immediately directed to a site with ads even before you have typed in one letter in the search field. That is scary when you want to enter a bank account for instance.
 
Now, I have run Malwarebyte several times, JRT several times, HitmanPro same, bitdefender and the whole lot. I installed Adblock Plus and I also have Kaspersky anti Virus and they all find infections and repair or destroy them but there is no difference.
 
I know you can get into config and regedit (that at least I learnt from the searches I made) and the like but I am not a technician and do not want to ruin my computer. I have seen you have a program called ComboFix but that is not for Window 10 and should also not be used by guys like me so O hope you can give me some clue.
 
So far only browsers are affected, not my other software.
 
Thanks so far
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
Ran by Peter (administrator) on PETER-THINK (10-09-2015 10:28:17)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter & DefaultAppPool)
Platform: Microsoft Windows 10 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(VoipConnect) C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\Users\Peter\AppData\Local\Viber\Viber.exe
(Microsoft Corporation) C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12214528 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1024256 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3519656 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [126120 2015-07-28] (Synaptics)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-25] (Logitech, Inc.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [VoipConnect] => C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe [32417376 2015-07-22] (VoipConnect)
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [Viber] => C:\Users\Peter\AppData\Local\Viber\Viber.exe [72389840 2015-08-12] ()
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [OneDrive] => C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
AppInit_DLLs: C:\ProgramData\ExtTag\Topstrong.dll => No File
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-06-19]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk ->  (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{0a22e503-4943-48fb-acc5-a9b992a29aa8}: [DhcpNameServer] 10.34.1.5 10.34.1.7 50.23.136.173 8.8.8.8 10.3.2.12 10.3.2.11
Tcpip\..\Interfaces\{359e7dd5-2101-409e-a5c7-879635bd3923}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{359e7dd5-2101-409e-a5c7-879635bd3923}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-537159405-3133871740-3674865302-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {ADD251AB-BBC7-4356-BB92-43EFFEDC2CEB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\S-1-5-21-537159405-3133871740-3674865302-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-537159405-3133871740-3674865302-1004 -> {ADD251AB-BBC7-4356-BB92-43EFFEDC2CEB} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll [2015-03-29] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
FF Homepage: hxxp://www.bbc.com/news
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-22] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-22] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll [2013-03-06] (Zeon Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-04-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-04-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-04-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-04-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-04-15] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103\Extensions\adblockpopups@jessehakanen.net.xpi [2015-09-07]
FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-08]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2015-08-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-28]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-06-05]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-06-05]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-06-05]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-26]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-28]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-09-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-01-14]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2013-01-14]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKU\S-1-5-21-537159405-3133871740-3674865302-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

Opera:
=======
OPR Extension: (eggkanocgddhmamlbiijnphhppkpkmkl) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2015-09-07]
OPR Extension: (lgllffgicojgllpmdbemgglaponefajn) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\lgllffgicojgllpmdbemgglaponefajn [2015-09-07]
OPR Extension: (lkdfkbkkfdhhfnhgbphecddnpfnoedke) - C:\Users\Peter\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdfkbkkfdhhfnhgbphecddnpfnoedke [2015-09-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [124264 2009-12-11] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [255336 2009-12-11] (Lenovo)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 CoreMessagingRegistrar; C:\WINDOWS\system32\coremessaging.dll [588800 2015-08-07] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [23040 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [529408 2015-07-10] (Microsoft Corporation) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-09-07] (SurfRight B.V.)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [24576 2015-08-07] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-11-02] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-12] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [263936 2015-06-24] (Realtek Semiconductor)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [669696 2015-08-07] (Microsoft Corporation)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290896 2012-12-13] (Skype Technologies S.A.)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-25] (Lenovo Group Limited) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [208552 2015-07-28] (Synaptics Incorporated)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [72192 2015-08-07] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [30720 2015-07-10] (Microsoft Corporation)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [23552 2015-07-10] (Microsoft Corporation)
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [96768 2015-07-10] (Microsoft Corporation)
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_x86_a4832450a7024d49\CompositeBus.sys [31232 2015-07-10] (Microsoft Corporation)
S3 fcvsc; C:\WINDOWS\System32\drivers\fcvsc.sys [24064 2015-07-10] (Microsoft Corporation)
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [74240 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [17408 2015-07-10] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2015-07-10] (Intel Corporation)
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [7680 2015-07-10] (Microsoft Corporation)
S3 hidinterrupt; C:\WINDOWS\System32\drivers\hidinterrupt.sys [37728 2015-07-10] (Microsoft Corporation)
S3 IoQos; C:\WINDOWS\System32\drivers\ioqos.sys [23040 2015-07-10] (Microsoft Corporation)
S1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2014-03-19] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2014-03-19] (Logitech, Inc.)
S0 LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [88928 2015-07-10] (LSI Corporation)
S0 LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [83296 2015-07-10] (Avago Technologies)
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28312 2014-03-19] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S0 megasas; C:\WINDOWS\System32\drivers\megasas.sys [52064 2015-07-10] (Avago Technologies)
R2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [37376 2015-07-10] (Microsoft Corporation)
R1 MpKsl58bb2b99; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1AED219-DB06-4B34-B5DA-448B6DD1474D}\MpKsl58bb2b99.sys [39168 2015-09-09] (Microsoft Corporation)
R3 MQAC; C:\WINDOWS\System32\drivers\mqac.sys [130048 2015-08-07] (Microsoft Corporation)
S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [80384 2015-07-10] (Microsoft Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7518208 2015-07-10] (Intel Corporation)
S0 percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [51040 2015-07-10] (LSI Corporation)
S0 percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [51552 2015-07-10] (Avago Technologies)
R1 RapportCerberus_1507067; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507067.sys [555000 2015-09-03] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [292280 2015-08-12] (IBM Corp.)
S3 RapportHades; C:\WINDOWS\System32\Drivers\RapportHades.sys [70168 2015-08-12] (IBM Corp.)
S3 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [223000 2015-08-12] (IBM Corp.)
S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [349816 2015-08-12] (IBM Corp.)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek                                            )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [26792 2015-07-28] (Synaptics Incorporated)
R2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [52736 2015-07-10] (Microsoft Corporation)
S0 storufs; C:\WINDOWS\System32\drivers\storufs.sys [33632 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_x86_b6707c73599dd1b6\swenum.sys [16224 2015-07-10] (Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-12-09] (The OpenVPN Project)
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [45056 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [32768 2015-08-07] (Microsoft Corporation)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S3 Ufx01000; C:\WINDOWS\System32\drivers\ufx01000.sys [190816 2015-07-10] (Microsoft Corporation)
S3 UfxChipidea; C:\WINDOWS\System32\drivers\UfxChipidea.sys [73568 2015-07-10] (Microsoft Corporation)
S3 ufxsynopsys; C:\WINDOWS\System32\drivers\ufxsynopsys.sys [100704 2015-07-10] (Microsoft Corporation)
S3 UrsChipidea; C:\WINDOWS\System32\drivers\urschipidea.sys [21856 2015-07-10] (Microsoft Corporation)
S3 UrsCx01000; C:\WINDOWS\System32\drivers\urscx01000.sys [42848 2015-07-10] (Microsoft Corporation)
S3 UrsSynopsys; C:\WINDOWS\System32\drivers\urssynopsys.sys [21856 2015-07-10] (Microsoft Corporation)
S3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [24064 2015-07-10] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [488960 2015-08-06] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [86552 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [15384 2015-07-10] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [173408 2015-08-06] (Microsoft Corporation)
S3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [186368 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [18432 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S1 KLIM6; \SystemRoot\system32\DRIVERS\klim6.sys [X]
S1 UGKrnlDrv; \??\C:\Program Files\UPCleaner\0.9.30.12075\UGKrnlDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 10:28 - 2015-09-10 10:29 - 00035969 _____ C:\Users\Peter\Desktop\FRST.txt
2015-09-10 10:28 - 2015-09-10 10:28 - 00000000 ____D C:\FRST
2015-09-10 10:26 - 2015-09-10 10:27 - 01692160 _____ (Farbar) C:\Users\Peter\Desktop\FRST.exe
2015-09-10 07:58 - 2015-09-10 07:58 - 00016148 _____ C:\WINDOWS\system32\PETER-THINK_Peter_HistoryPrediction.bin
2015-09-09 14:12 - 2015-09-09 14:12 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2015-09-09 13:52 - 2015-09-09 13:52 - 00000880 _____ C:\Users\Peter\Desktop\JRT.txt
2015-09-09 13:44 - 2015-09-09 13:44 - 00000000 ___HD C:\OneDriveTemp
2015-09-09 13:27 - 2015-09-07 09:16 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Peter\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-09 11:32 - 2015-09-09 11:34 - 01660416 _____ C:\Users\Peter\Downloads\adwcleaner_5.007.exe
2015-09-08 11:59 - 2015-09-08 12:00 - 00000000 ____D C:\Rwanda
2015-09-07 16:01 - 2015-09-07 16:02 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Peter\Downloads\tdsskiller.exe
2015-09-07 13:35 - 2015-09-07 13:35 - 00001197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-07 13:35 - 2015-09-07 13:35 - 00001185 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-07 13:29 - 2015-09-10 10:28 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 13:29 - 2015-09-09 11:42 - 00001936 _____ C:\WINDOWS\PFRO.log
2015-09-07 12:40 - 2015-09-07 12:40 - 00010708 _____ C:\WINDOWS\system32\.crusader
2015-09-07 12:19 - 2015-09-07 12:19 - 00001973 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-09-07 12:19 - 2015-09-07 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-07 12:19 - 2015-09-07 12:19 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-07 12:18 - 2015-09-07 12:41 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-07 10:44 - 2015-09-07 10:44 - 00001068 _____ C:\Users\Peter\Desktop\malware scan result 7-9-2015.txt
2015-09-07 09:18 - 2015-09-09 12:23 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-07 09:17 - 2015-09-07 12:21 - 00001134 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-07 09:17 - 2015-09-07 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-07 09:17 - 2015-09-07 09:17 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-07 09:17 - 2015-06-18 09:41 - 00094936 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-07 09:17 - 2015-06-18 09:41 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-07 09:17 - 2015-06-18 09:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-07 09:04 - 2015-09-07 09:04 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Peter\Downloads\JRT.exe
2015-09-07 08:48 - 2015-09-07 08:48 - 00000000 ____D C:\Users\Peter\AppData\Local\VirtualStore
2015-09-06 15:35 - 2015-09-06 15:35 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Brotsoft
2015-09-06 15:30 - 2015-09-07 08:05 - 00000000 ____D C:\Program Files\UPCleaner
2015-09-05 13:06 - 2015-09-07 09:16 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Peter\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-05 13:05 - 2015-09-07 12:18 - 10369928 _____ (SurfRight B.V.) C:\Users\Peter\Downloads\HitmanPro.exe
2015-09-02 23:30 - 2015-09-03 01:10 - 00000434 _____ C:\task.vbs
2015-09-02 23:20 - 2015-09-02 23:20 - 00000000 ____D C:\Users\Peter\AppData\Local\Opera Software
2015-09-02 23:19 - 2009-06-11 00:39 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-09-02 23:16 - 2015-09-03 00:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-09-02 23:16 - 2015-09-02 23:16 - 00000187 _____ C:\Users\Peter\AppData\Local\statstrip.exe.config
2015-09-02 23:14 - 2015-09-03 00:19 - 00000000 ____D C:\Program Files\Opera
2015-08-30 08:49 - 2015-08-30 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-30 08:49 - 2015-08-30 08:49 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-30 08:46 - 2015-09-07 12:44 - 00003484 _____ C:\Users\Public\Documents\AcIpConfig.dat
2015-08-29 10:01 - 2015-08-20 08:25 - 06265168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 10:01 - 2015-08-20 08:22 - 00549160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 10:01 - 2015-08-20 08:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 10:01 - 2015-08-20 08:11 - 00067776 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-29 10:01 - 2015-08-20 07:46 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 10:01 - 2015-08-20 07:41 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 10:01 - 2015-08-20 07:35 - 01829376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 10:01 - 2015-08-20 07:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-29 10:01 - 2015-08-20 07:30 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-29 10:01 - 2015-08-18 10:27 - 01771592 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 10:01 - 2015-08-18 10:26 - 00284000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 10:01 - 2015-08-18 10:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 10:01 - 2015-08-18 10:14 - 00192864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2015-08-29 10:01 - 2015-08-18 09:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 10:01 - 2015-08-18 09:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 10:01 - 2015-08-18 09:47 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 10:01 - 2015-08-18 09:41 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 10:01 - 2015-08-18 09:40 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 10:01 - 2015-08-18 09:38 - 01875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 10:01 - 2015-08-18 09:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 10:01 - 2015-08-18 09:35 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 10:01 - 2015-08-18 09:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 10:01 - 2015-08-18 09:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 10:01 - 2015-08-18 09:35 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 10:01 - 2015-08-18 09:34 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 10:01 - 2015-08-18 09:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 10:01 - 2015-08-18 09:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 10:01 - 2015-08-18 09:31 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 10:01 - 2015-08-18 09:30 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 10:01 - 2015-08-18 09:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 10:01 - 2015-08-18 09:26 - 01499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 10:01 - 2015-08-18 09:26 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 10:01 - 2015-08-18 09:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 10:01 - 2015-08-18 07:42 - 00006631 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-29 10:01 - 2015-08-18 07:42 - 00006313 _____ C:\WINDOWS\system32\ResPriImageList
2015-08-28 08:55 - 2015-09-07 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-19 14:04 - 2015-08-13 07:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 14:04 - 2015-08-13 06:55 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 14:04 - 2015-08-13 06:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 14:04 - 2015-08-11 12:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 14:04 - 2015-08-11 12:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 14:04 - 2015-08-11 12:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 14:04 - 2015-08-11 12:40 - 00392032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 14:04 - 2015-08-11 12:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 14:04 - 2015-08-11 12:38 - 00066896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 14:04 - 2015-08-11 12:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 14:04 - 2015-08-11 12:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 14:04 - 2015-08-11 12:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 14:04 - 2015-08-11 12:25 - 01183056 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 14:04 - 2015-08-11 11:59 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 14:04 - 2015-08-11 11:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 14:04 - 2015-08-11 11:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 14:04 - 2015-08-11 11:58 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 14:04 - 2015-08-11 11:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 14:04 - 2015-08-11 11:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 14:04 - 2015-08-11 11:53 - 00301056 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 14:04 - 2015-08-11 11:53 - 00284672 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 14:04 - 2015-08-11 11:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 14:04 - 2015-08-11 11:51 - 01823232 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 14:04 - 2015-08-11 11:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 14:04 - 2015-08-11 11:50 - 00200704 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 14:04 - 2015-08-11 11:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-08-19 14:04 - 2015-08-11 11:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 14:04 - 2015-08-11 11:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 14:04 - 2015-08-11 11:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 14:04 - 2015-08-11 11:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 14:04 - 2015-08-11 11:47 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 14:04 - 2015-08-11 11:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 14:04 - 2015-08-11 11:46 - 00923648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 14:04 - 2015-08-11 11:46 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 14:04 - 2015-08-11 11:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 14:04 - 2015-08-11 11:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2015-08-19 14:04 - 2015-08-11 11:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 14:04 - 2015-08-11 11:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 14:04 - 2015-08-11 11:43 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 14:04 - 2015-08-11 11:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 14:04 - 2015-08-11 11:41 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 14:04 - 2015-08-11 11:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 14:04 - 2015-08-11 11:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 14:04 - 2015-08-11 11:40 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 14:04 - 2015-08-11 11:39 - 02987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-19 14:04 - 2015-08-11 11:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 14:04 - 2015-08-11 11:38 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 14:04 - 2015-08-11 11:38 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 14:04 - 2015-08-11 11:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-19 14:04 - 2015-08-11 11:37 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-13 15:36 - 2015-08-13 15:36 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-13 01:02 - 2015-08-08 09:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-13 01:02 - 2015-08-08 09:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-13 01:02 - 2015-08-08 09:00 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-13 01:02 - 2015-08-06 05:01 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-13 01:02 - 2015-08-05 07:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-13 01:02 - 2015-08-05 06:32 - 01134592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-13 01:02 - 2015-08-04 05:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-13 01:02 - 2015-08-03 04:57 - 01709920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-13 01:02 - 2015-08-03 04:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-13 01:02 - 2015-08-03 04:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-13 01:02 - 2015-08-03 04:11 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-13 01:02 - 2015-08-03 04:11 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-13 01:02 - 2015-08-03 04:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-13 01:02 - 2015-08-03 04:06 - 03025408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-13 01:02 - 2015-08-03 04:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-13 01:02 - 2015-08-03 04:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-13 01:02 - 2015-08-03 04:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-13 01:01 - 2015-08-08 09:59 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-13 01:01 - 2015-08-08 09:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-13 01:01 - 2015-08-06 05:50 - 00197472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-13 01:01 - 2015-08-06 05:50 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-13 01:01 - 2015-08-05 06:40 - 00995840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-13 01:01 - 2015-08-05 06:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-13 01:01 - 2015-08-04 06:50 - 00085344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-13 01:01 - 2015-08-04 06:10 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-13 01:01 - 2015-08-03 05:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-13 01:01 - 2015-08-03 04:57 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-13 01:01 - 2015-08-03 04:57 - 00436064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-13 01:01 - 2015-08-03 04:57 - 00415072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-13 01:01 - 2015-08-03 04:57 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-13 01:01 - 2015-08-03 04:57 - 00042904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-13 01:01 - 2015-08-03 04:57 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-13 01:01 - 2015-08-03 04:18 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-13 01:01 - 2015-08-03 04:18 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-13 01:01 - 2015-08-03 04:13 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-13 01:01 - 2015-08-03 04:13 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-13 01:01 - 2015-08-03 04:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-13 01:01 - 2015-08-03 04:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-13 01:01 - 2015-08-03 04:10 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-13 01:01 - 2015-08-03 04:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-13 01:01 - 2015-08-03 04:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-13 01:01 - 2015-08-03 04:06 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-13 01:01 - 2015-08-03 04:05 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-13 01:01 - 2015-08-03 04:03 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-13 01:01 - 2015-08-03 04:03 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-13 01:01 - 2015-08-03 04:02 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-13 01:01 - 2015-08-03 04:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-13 01:01 - 2015-08-03 03:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 14:04 - 2015-08-12 14:04 - 00223000 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2015-08-12 14:04 - 2015-08-12 14:04 - 00070168 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades.sys
2015-08-11 22:49 - 2015-08-11 22:49 - 00000000 ____D C:\Users\Peter\AppData\Local\MicrosoftEdge

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-10 10:22 - 2015-05-08 13:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-10 10:20 - 2010-01-08 02:12 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2015-09-10 10:03 - 2011-12-28 17:14 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-10 10:01 - 2010-01-08 02:26 - 3787203584 _____ C:\Users\Peter\Desktop\backup.pst
2015-09-10 09:52 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-10 09:50 - 2012-05-29 16:03 - 00000000 ____D C:\Users\Peter\AppData\Local\425C9261-0302-4783-9D6D-9717752A2EC1.aplzod
2015-09-10 09:43 - 2015-08-07 02:37 - 01055234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-10 08:52 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-10 08:03 - 2011-12-28 17:14 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 16:00 - 2010-06-01 00:48 - 00000332 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2015-09-09 15:39 - 2015-08-07 08:29 - 00000000 ____D C:\Users\Peter\OneDrive
2015-09-09 15:39 - 2015-07-02 22:57 - 00000000 ____D C:\Users\Peter\AppData\Roaming\ViberPC
2015-09-09 15:36 - 2015-08-07 08:21 - 00069764 _____ C:\Users\Public\Documents\ACGinaWinlogon.dat
2015-09-09 15:36 - 2015-08-07 08:21 - 00042398 _____ C:\Users\Public\Documents\AccConnAdvanced.dat
2015-09-09 15:34 - 2015-07-10 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-09 15:31 - 2015-07-10 09:59 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-09 14:19 - 2015-07-10 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 13:39 - 2015-08-07 02:39 - 00000000 ____D C:\Users\Peter
2015-09-09 13:38 - 2009-12-06 01:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 13:37 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-09-09 11:40 - 2013-08-29 16:30 - 00000000 ____D C:\AdwCleaner
2015-09-08 17:30 - 2015-08-07 13:17 - 00000000 ____D C:\Windows.old
2015-09-07 14:51 - 2014-09-26 22:17 - 00000000 ____D C:\Users\Peter\Desktop\Old Firefox Data
2015-09-07 13:35 - 2014-09-16 19:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 13:32 - 2015-05-08 11:10 - 00243240 _____ C:\Users\Peter\Downloads\Firefox Setup Stub 37.0.2.exe
2015-09-07 13:25 - 2010-01-31 23:02 - 00000000 ____D C:\Users\Peter\AppData\Local\Google
2015-09-07 13:25 - 2010-01-31 23:01 - 00000000 ____D C:\Program Files\Google
2015-09-07 13:18 - 2015-08-07 13:28 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-07 12:42 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\Speech
2015-09-07 12:23 - 2015-08-07 08:29 - 00002385 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-07 12:23 - 2015-08-07 08:24 - 00001034 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-09-07 12:23 - 2015-07-02 22:57 - 00001120 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-09-07 12:22 - 2015-08-07 02:56 - 00001508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-07 12:22 - 2015-06-19 11:22 - 00000920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-09-07 12:22 - 2015-06-13 12:00 - 00002036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-09-07 12:22 - 2014-09-29 10:05 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-09-07 12:22 - 2013-07-09 12:18 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-07 12:22 - 2012-05-29 14:42 - 00002479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2015-09-07 12:22 - 2012-05-29 14:40 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-07 12:22 - 2010-12-31 20:21 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-09-07 12:22 - 2010-12-31 20:07 - 00001319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-09-07 12:22 - 2010-12-31 19:50 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-09-07 12:22 - 2010-12-31 19:40 - 00002431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-09-07 12:22 - 2009-12-06 01:37 - 00002010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
2015-09-07 12:21 - 2015-08-04 08:20 - 00001788 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-07 12:21 - 2015-06-19 11:21 - 00002123 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2015-09-07 12:21 - 2015-04-15 15:05 - 00001718 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-07 12:21 - 2015-04-15 14:25 - 00001780 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-07 12:21 - 2014-09-29 10:05 - 00001141 _____ C:\Users\Public\Desktop\paint.net.lnk
2015-09-07 12:21 - 2013-11-28 19:31 - 00001120 _____ C:\Users\Public\Desktop\GOM Player.lnk
2015-09-07 12:21 - 2013-07-26 09:15 - 00001004 _____ C:\Users\Public\Desktop\Nuance PDF Reader.lnk
2015-09-07 12:21 - 2013-07-09 12:35 - 00000989 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-07 12:21 - 2013-07-09 12:18 - 00001954 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-09-07 12:21 - 2013-04-29 16:56 - 00002595 _____ C:\Users\Public\Desktop\VINN.lnk
2015-09-07 12:21 - 2012-12-14 13:59 - 00000930 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-07 12:21 - 2012-05-29 14:42 - 00002473 _____ C:\Users\Public\Desktop\Safari.lnk
2015-09-07 12:21 - 2012-04-19 21:12 - 00001066 _____ C:\Users\Public\Desktop\RarZilla Free Unrar.lnk
2015-09-07 12:21 - 2012-03-26 21:01 - 00001163 _____ C:\Users\Public\Desktop\PDFArchitect.lnk
2015-09-07 12:21 - 2012-03-26 21:01 - 00000994 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2015-09-07 12:21 - 2012-03-07 10:37 - 00002020 _____ C:\Users\Public\Desktop\Byki 4 Express.lnk
2015-09-07 12:21 - 2010-07-04 15:59 - 00001029 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-09-07 12:21 - 2010-01-15 16:15 - 00002198 _____ C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Manual.lnk
2015-09-07 12:21 - 2010-01-14 16:51 - 00002659 _____ C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
2015-09-07 12:21 - 2010-01-14 16:51 - 00002159 _____ C:\Users\Public\Desktop\Nero Online Upgrade.lnk
2015-09-07 12:19 - 2013-11-28 19:31 - 00001150 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-09-07 12:19 - 2013-07-26 09:15 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2015-09-07 12:19 - 2009-12-06 01:23 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Try Skype voice and video calling.lnk
2015-09-07 12:18 - 2015-07-02 22:57 - 00001114 _____ C:\Users\Peter\Desktop\Viber.lnk
2015-09-07 12:18 - 2015-06-13 13:44 - 00001156 _____ C:\Users\Peter\Desktop\VoipConnect.lnk
2015-09-07 12:18 - 2015-04-09 16:49 - 00003057 _____ C:\Users\Peter\Desktop\Amolto Call Recorder.lnk
2015-09-07 12:18 - 2014-12-18 12:32 - 00000836 _____ C:\Users\Peter\Desktop\iFree Skype Recorder.lnk
2015-09-07 12:18 - 2014-06-12 19:45 - 00001020 _____ C:\Users\Peter\Desktop\Dropbox.lnk
2015-09-07 08:54 - 2013-08-29 16:24 - 01023533 _____ (Thisisu) C:\Users\Peter\Desktop\JRT.exe
2015-09-04 23:11 - 2010-01-07 21:02 - 00000000 ____D C:\Users\Peter\Documents\Consultant
2015-09-03 14:56 - 2015-07-10 12:53 - 00364672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-03 01:32 - 2010-01-15 16:19 - 00000000 ____D C:\Program Files\ABBYY FineReader 6.0 Sprint
2015-09-03 00:49 - 2013-08-23 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-09-02 23:20 - 2013-11-28 19:10 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Opera Software
2015-09-01 20:13 - 2010-01-08 01:37 - 00000000 ____D C:\Users\Peter\AppData\Local\Microsoft Help
2015-08-31 09:11 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-30 08:49 - 2011-08-16 11:09 - 00000000 ___RD C:\Program Files\Skype
2015-08-30 08:49 - 2010-01-08 02:12 - 00000000 ____D C:\ProgramData\Skype
2015-08-30 05:38 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-26 18:43 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\rescache
2015-08-23 19:47 - 2015-07-02 22:55 - 00000000 ____D C:\Users\Peter\AppData\Local\Viber
2015-08-23 03:51 - 2014-02-24 14:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-23 03:49 - 2015-07-10 11:28 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-23 03:49 - 2015-07-10 11:28 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 14:04 - 2013-12-17 10:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-13 15:54 - 2013-08-06 15:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 15:45 - 2014-02-24 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 15:45 - 2010-01-08 13:23 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-13 15:35 - 2009-07-14 05:04 - 00000478 _____ C:\WINDOWS\win.ini
2015-08-11 14:48 - 2015-07-10 11:28 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

==================== Files in the root of some directories =======

2011-02-26 17:25 - 2011-02-26 17:25 - 0038425 _____ () C:\Users\Peter\AppData\Roaming\Comma Separated Values (DOS).ADR
2011-09-18 12:38 - 2012-06-04 16:32 - 0038497 _____ () C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-12-14 18:22 - 2010-12-14 18:22 - 0087608 _____ () C:\Users\Peter\AppData\Roaming\inst.exe
2010-12-14 18:22 - 2010-12-14 18:22 - 0007887 _____ () C:\Users\Peter\AppData\Roaming\pcouffin.cat
2010-12-14 18:22 - 2010-12-14 18:22 - 0001144 _____ () C:\Users\Peter\AppData\Roaming\pcouffin.inf
2010-12-14 18:22 - 2010-12-14 18:22 - 0047360 _____ (VSO Software) C:\Users\Peter\AppData\Roaming\pcouffin.sys
2010-07-27 19:55 - 2010-10-31 21:08 - 0000034 _____ () C:\Users\Peter\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
2011-04-19 21:20 - 2011-04-19 21:20 - 0004608 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-02 23:16 - 2015-09-02 23:16 - 0000187 _____ () C:\Users\Peter\AppData\Local\statstrip.exe.config
2015-06-19 11:19 - 2015-06-19 11:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-07 02:33 - 2015-08-07 02:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-01-08 02:13 - 2010-01-08 02:13 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-12 23:05 - 2010-10-15 19:32 - 0000292 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2010-07-27 19:55 - 2010-07-27 19:55 - 0001264 _____ () C:\ProgramData\ss.ini
2010-07-27 19:55 - 2010-07-27 19:55 - 0000033 _____ () C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini

Some files in TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\2111.exe
C:\Users\Peter\AppData\Local\Temp\2235.exe
C:\Users\Peter\AppData\Local\Temp\2624.exe
C:\Users\Peter\AppData\Local\Temp\amisetup1540__13312.exe
C:\Users\Peter\AppData\Local\Temp\amisetup7385__13312.exe
C:\Users\Peter\AppData\Local\Temp\DVQ8B31.exe
C:\Users\Peter\AppData\Local\Temp\FirstBlood_tr_2.1.1.8131_ug_s_setup.exe
C:\Users\Peter\AppData\Local\Temp\fsdD738.exe
C:\Users\Peter\AppData\Local\Temp\nskA2F1.exe
C:\Users\Peter\AppData\Local\Temp\nsnCB0D.exe
C:\Users\Peter\AppData\Local\Temp\nsnCB0E.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
C:\Users\Peter\AppData\Local\Temp\ultimate_pc_cleaner(0.9.30.12075).exe
C:\Users\Peter\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 11:50

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-09-2015
Ran by Peter (2015-09-10 10:31:06)
Running from C:\Users\Peter\Desktop
Microsoft Windows 10 Pro (X86) (2015-08-07 05:20:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-537159405-3133871740-3674865302-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-537159405-3133871740-3674865302-503 - Limited - Disabled)
Guest (S-1-5-21-537159405-3133871740-3674865302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-537159405-3133871740-3674865302-1007 - Limited - Enabled)
Peter (S-1-5-21-537159405-3133871740-3674865302-1004 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Amolto Call Recorder for Skype (HKLM\...\{05080989-4394-4450-8646-C2BE52A6357C}) (Version: 2.8.2 - Amolto)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
Bing Bar (HKLM\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BisonCam Twain Pro (HKLM\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.5 - Bison WebCam Ap)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Byki (Version: 4.0 - Transparent Language, Inc.) Hidden
Byki Express (HKLM\...\Byki Express) (Version: 4.1 - Transparent Language, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CCleaner Download Packages (HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\CCleaner Download Packages) (Version: - ) <==== ATTENTION
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
CoreAAC (HKLM\...\CoreAAC) (Version: - )
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elevated Installer (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Stylus SX200_SX400_TX200_TX400 Manual (HKLM\...\EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide) (Version: - )
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Garmin Express (HKLM\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
GoToAssist Corporate (Version: 9.0.570 - Citrix) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - FreeCodecPack)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{79ACC31A-87EA-472A-853E-5AC6A97CE569}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
iFree Skype Recorder 6.0.15 (HKLM\...\iFree Skype Recorder) (Version: 6.0.15 - iFree Skype Recorder)
Integrated Camera Driver Installer Package Ver.1.0.1.2 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.2 - RICOH)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.129 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.129 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.50.2 - JMicron Technology Corp.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 2013 Yazım Denetleme Araçları - Türkçe (HKLM\...\{90150000-001F-041F-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Project 2003 Step by Step (HKLM\...\InstallShield_{5F107B2C-7288-4F86-95BE-9A9C2309292E}) (Version: 1.25.0001 - Microsoft Press)
Microsoft Office Project Standard 2003 (HKLM\...\{913A0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{BC61F51E-8AF7-46B9-AF20-B33B5EE81033}) (Version: 7.03.0188 - Nero AG)
Nuance PDF Reader (HKLM\...\{0017FFDB-F7F3-4058-BCDF-D9204CFBDCB2}) (Version: 8.10.1302 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.32.00 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC)
Pdf995 (HKLM\...\Pdf995) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Download Packages (HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Picasa Download Packages) (Version: - ) <==== ATTENTION
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (Version: 3.5.1507.65 - Trusteer) Hidden
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 4.19 - Philipp Winterberg)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0009 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3200 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.10 - )
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.05 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.50 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1507.65 - Trusteer)
Turkcell 3G VINN (HKLM\...\{A0A0324D-9D52-4D70-92DD-7767B77579C2}) (Version: 2.0.0 - Turkcell)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Viber (HKU\S-1-5-21-537159405-3133871740-3674865302-1004\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
VoipBuster (HKLM\...\VoipBuster_is1) (Version: 4.10 build 680 - Finarea S.A. Switzerland)
VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.14 build 762 - Finarea S.A. Switzerland)
WD SmartWare (HKLM\...\{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}) (Version: 1.2.0.8 - Western Digital)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\755087041320E005CB1E8A67C5C55A260EB81B90) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892) (HKLM\...\8FE0BAC9C97DE6D9A2B7BB6B689E7F9460D0624B) (Version: 07/10/2009 6.0.1.5892 - Realtek Semiconductor Corp.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows7SBS (HKLM\...\{F181EED0-8A75-4615-8351-AB9CC018BA39}) (Version: 2.00.10 - Microsoft Press)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{42FE718B-A148-41D6-885B-01A0AFAE8723}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{452CCB69-6A95-4370-9E5A-B3EFB06A7651}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{4B42750B-57A1-47E7-B340-8EAE0E3126A4}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{52071016-E648-4D3B-B57E-2B46CC993CE0}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5792FC7D-5E1D-4F1A-BD4F-A7A50F92BC6E}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5E541E71-A474-4EAD-8FCB-24D400D023B7}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{61F8FAF0-82D0-407C-AE97-31441483AE40}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{6AC51E9C-7947-4B46-A978-0AD601C4EFC9}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{6FA10A39-4760-4C94-A210-2398848618EC}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{7ACDC5B4-76A1-4BDF-918D-6962FCABBAD3}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{7B030003-037D-490D-9169-A4F391B3D831}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{830690FC-BF2F-47A6-AC2D-330BCB402664}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{89DD2F9D-C325-48BF-A615-96BD039BBC83}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{9017071A-2E34-4C3A-9BBB-688CBB5A9FF2}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{9D073235-D787-497D-8D1F-929559F1C621}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{A7DF2611-D752-4C9F-A90A-B56F18485EE9}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{A8109DB9-88E0-42FE-98EA-8A12BE5394C6}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{A983C9EC-D73E-4364-B89B-ACD1E405674F}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{B09AC3FF-0D5D-41C6-A34E-7C3F58A3127C}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{B0FE88F0-C92F-46D6-878F-31599BEA944C}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{CC461FC3-C9BE-41FB-8E47-E0115CBC01CC}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D1C8C854-223A-4716-B670-C21918E8207E}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D26B1D42-9C42-4E7B-BB73-86384C4B4345}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{DD0E8ED5-1494-4B87-A35C-39F6ED4B1153}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{E1BC9147-C3E3-4E8A-8304-5E6B5C1C0774}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{F278D870-7AF7-4957-96EE-E6AC72D0B109}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{F3188CF3-EF22-4C5B-92CB-605964761C3B}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\InprocServer32 -> C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll (Skype Technologies)

==================== Restore Points =========================

28-08-2015 09:54:02 Windows Update
28-08-2015 09:55:28 Windows Update
30-08-2015 05:43:28 Installed Rapport
03-09-2015 00:45:16 Installed Rapport
07-09-2015 09:04:59 JRT Pre-Junkware Removal
09-09-2015 13:46:48 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B45FD6-B9D9-48C3-BBC4-FBCFCE7F1135} - System32\Tasks\{BE932878-9542-412A-9E9B-54D8388791DC} => pcalua.exe -a D:\photoshop\setup.exe -d D:\photoshop
Task: {037AFC7A-9398-45D6-BF9C-C32F111E4012} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-09-09] (Lenovo Group Limited)
Task: {08C614E7-0E9E-4385-80A1-B57D741C85F0} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation)
Task: {0B8B8675-BE25-4D7D-AAA3-50B1FA47252D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {0C72B578-D676-414D-9F9C-FF0B216A314F} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {0EDA5533-CBAD-4DC1-BC9F-ACCB5909CF2E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0F48F3DA-D7B7-4D74-AA60-C60CD7B51063} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-07-29] ()
Task: {13550F2C-A475-475F-AE32-F8D7682F8C40} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\WINDOWS\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {170CE4F7-B987-4E79-9B20-986B1B7FAC9A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {18F33AFF-1C4E-4153-9C28-3E18BA6689B7} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {1C171E9B-B9D6-483D-95E0-43F5715280A0} - System32\Tasks\uodate => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
Task: {1CF490EA-6D64-428D-A377-FAC3FFD2B3B7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1E59CAD0-D49B-4553-88DE-227F411F5D57} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\WINDOWS\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {201CF893-BC56-46DA-8598-6F75905C9028} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {210B29B6-A68A-4580-AC06-855728389B03} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {23F9D4BF-E8ED-4A8E-92C8-007B7F7C048D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A701167-F2BC-4B2A-A012-A7522E8F5C4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2CA4DDEE-E921-45D6-94E0-9E61668DF106} - System32\Tasks\{045B63A0-EE31-4C6B-8A4E-88043B62D846} => pcalua.exe -a "C:\Program Files\VINN\uninst.exe" -d "C:\Program Files\VINN"
Task: {2CAB7AB5-0D9D-4DE9-AF7E-05FA0CA9BAA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2E464290-EB76-436D-8AD3-DA490F2CA89B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {2E55AA51-E9B8-40B5-9EA6-0A24D15DDE63} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {3391D6BC-302F-471B-AD55-F888B0B4EF5D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-537159405-3133871740-3674865302-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {368C53DE-8667-4591-B4E8-115C51F05421} - System32\Tasks\{CEEF4CA4-36E0-4AA0-A39E-61E888B926ED} => Firefox.exe http://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1618
Task: {3A0B2681-36FE-4076-9338-27C15B6E56B9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3C480DB5-9C57-4D02-A3C4-6737DD9DD027} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\WINDOWS\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {3F628C45-4379-43B1-82E3-3D0AC5EF7C33} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {474BB762-CB1E-4E08-8370-0EBDD6F1F2DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {47ACF425-0221-4E91-9ED7-C5C14DEE31CA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {489A34B7-9791-432B-A762-FEE4D0E9562E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\WINDOWS\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {49C6F58F-98A3-4416-98C4-24BD457AC122} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {4C61D4C0-ADF1-48A4-91D6-C64A8CE35E79} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation)
Task: {4C7B56E3-0356-4A04-B96E-6F65F43BEE41} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {4E007AD3-62A3-4962-A27E-F2E308879C7C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5128D39E-9530-4E26-857E-011A123E448D} - System32\Tasks\{9F3A5E86-41CF-4616-A16C-151676CD0E29} => pcalua.exe -a C:\Users\Peter\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=amt
Task: {5138DC03-CBDD-4AA0-AD17-450FB354DF01} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {550690F8-664E-45C1-974A-EF5C3FEEE9EE} - \Dealply -> No File <==== ATTENTION
Task: {56056A06-300D-4563-A440-90408305EFF7} - System32\Tasks\{4BC6A3BC-D9E3-473B-ACD3-1ACC1FB138A5} => pcalua.exe -a "C:\Program Files\PriceGong\uninst.exe"
Task: {57DF5019-F4DE-4EC9-B23D-4CFAF0BE0008} - System32\Tasks\{A2ACFD29-1C1C-4FA3-A2B0-61AE6A466AD9} => C:\Program Files\Skype\Phone\Skype.exe [2015-08-07] (Skype Technologies S.A.)
Task: {59C46B1A-431C-4D8B-8B31-4252E7242FC4} - System32\Tasks\{FCD3C949-63D2-405E-8FCE-418FB6C0EEAE} => pcalua.exe -a C:\Users\Peter\Downloads\jxpiinstall(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {5A03E03E-780C-425F-9AE2-BFC01299CFB5} - System32\Tasks\{4BE2787D-58C7-4006-BD87-1FAF04ACD6E8} => pcalua.exe -a C:\Users\Peter\Downloads\jxpiinstall(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {5CE5009F-1260-496A-AE13-40BEF27A8EFB} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {5CFC6547-F84F-4299-A6D9-75E2E9304389} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-08-07] (Microsoft Corporation)
Task: {611B4A95-145E-45A1-B007-4523173D9E86} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\pcdrcui.exe
Task: {61C6C80E-BD4F-4AF3-97BB-777E3FB6CF5B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {629F89C9-8962-4C59-8536-8BD9DDA9D969} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6451D5E9-DC34-446B-AD5B-9D75EFC36B38} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\WINDOWS\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {66500F91-973D-47B0-8879-003535DF6C4F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-537159405-3133871740-3674865302-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {6CC2569D-EFD0-42A4-A0C0-FE506F7AF0ED} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\WINDOWS\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {6CEA46F4-C1A6-4135-B78A-A1B03D5FE5AC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7135AB65-C102-40AF-8A95-750F84E26CA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-08-07] (Microsoft Corporation)
Task: {76BFEDA9-BBCE-46E8-B9E3-56E5F887F8BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {76E33542-D692-44E8-828B-7A4357916368} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {774A65FA-58F3-4431-8C46-7078368F6A3E} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\WINDOWS\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {77D05746-B6CC-4D6A-9750-6B603F74BE7C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {784017A0-41E3-423C-B4F3-CF8F69DF8C64} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {797930BC-B506-4F11-9896-4C928674405C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\WINDOWS\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {7CF1A4FE-67BD-4123-B4FB-57AA6EDA972A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7D7F6194-1DD3-4D26-9E8B-0A66DACC3604} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {81BDCFE6-0830-4EDB-8DD7-108A1A9D4AFD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {85ED4C43-9511-4CB5-B806-FBC717D1964F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {88742C4E-AF27-4EC0-AA61-61526B2F4601} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\WINDOWS\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {8BD8D26D-9B78-4CF6-9D46-9E9201ECED6B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-08-07] (Microsoft Corporation)
Task: {975FB764-532F-4EB9-97E0-E22D079E217C} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {A1B83A55-3396-47B1-84EA-D7CD9A975CA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A2880394-E02C-4FB2-8C95-1B92CC2F2213} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A610D253-5A62-4769-9504-F2F56BE25696} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B2910450-7DDE-4118-AE67-04E128535866} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8C01688-5C9A-44F9-A4FC-E2D998FD1F9D} - System32\Tasks\{97A0EF61-BC2C-43FF-BDD3-E424A2C58328} => pcalua.exe -a D:\INSTAL32.EXE -d D:\
Task: {B906A927-445B-40E4-8586-CE0623E02988} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BDF79610-E03B-45DD-8647-E44EDF346E1A} - System32\Tasks\{EE4E9600-FA45-4785-9803-5B7B6F276C22} => pcalua.exe -a "C:\Program Files\epson\escndv\setup\setup.exe" -c /r
Task: {BE965A4D-4905-4816-92FD-CC75EA8EF28C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {C289C9A1-BEE3-40F2-B351-57B45736C40E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C37EAC79-22FA-45B2-8F1E-D291EC7640F3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7F8DC2D-9D31-4DFE-A34C-1A5E18943525} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\WINDOWS\system32\ClipUp.exe [2015-08-07] (Microsoft Corporation)
Task: {CAD3BC04-96AE-47A7-89A7-5AC2B275E8EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CB153A2A-7BD9-412D-B911-8412E3F38192} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE8572D2-85E4-4300-8FD3-6F117DC85D7E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D15352C5-6801-48AE-845B-A9F2C4848E32} - System32\Tasks\{B41B95F5-AA23-4CAE-8928-5359AE3199C3} => pcalua.exe -a C:\Users\Peter\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {D56DCF8A-38DA-4072-B15A-4A66D9D57943} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-28] (Synaptics Incorporated)
Task: {D582CBDB-30E6-4DFA-A7CC-CEB633A42B53} - System32\Tasks\{847EB3DB-C200-4A08-9B6C-5F9FF06A2151} => pcalua.exe -a D:\Instal32.exe -d D:\
Task: {D60CE8DC-B33D-4E25-B7BE-035401F88712} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D66FA1C8-1DC1-4CE9-95CD-1E47A300DB81} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?LinkId=116866
Task: {D7985B0E-5505-4138-95C2-E8EBD6F37B4D} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DB9909D9-4CD3-4AFA-AB4B-4BD5C79BE558} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {DD87F70B-C8AE-4ECD-9AFC-288536510545} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\WINDOWS\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation)
Task: {DF9AE871-C2CE-4A49-BFB8-DD4873F3A3FD} - System32\Tasks\{0A476B36-B095-42ED-8060-757101985B03} => Firefox.exe http://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?LastError=1618
Task: {E1CC7A4F-0E69-4903-BB59-E5AC5A6ED306} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E3FBBA84-1DB8-48C0-9156-90AB8123E65E} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {E55D07F2-D717-4DD7-9C3F-E83B5994DF6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5BF40B8-8289-46CA-9C36-D526CBB60B80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E989A844-6E2B-417C-8CCE-7DA0D70A46C9} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E9AB1AAD-A592-4E3F-ABF2-F0527863B746} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E9E624E5-D779-40D4-B629-23C14CBC5EF2} - System32\Tasks\{FCEAE56D-E5BC-4986-A294-AB0AEC852755} => pcalua.exe -a "C:\Program Files\Celtx\uninstall\helper.exe"
Task: {EB1906B6-A7E2-4476-8BA7-463217FA1154} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ED420A2F-F7F2-4A78-8FC2-D96A8189E5B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EDF0C8F9-0B35-464F-8724-0D380ABECD25} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F31D7EF8-31AF-4E29-B9A4-6152E173C5CA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {F61157FF-EB12-434A-A518-12352AE46B96} - System32\Tasks\{2E707BD4-92FF-412C-BADA-04704C2FA932} => pcalua.exe -a "C:\Program Files\ASP\unins000.exe"
Task: {FB6B539D-57C2-4E39-98FD-C9D2BF921B63} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\WINDOWS\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {FF967664-9883-498A-ACF1-62242B5FDDF5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 11:24 - 2015-07-10 11:24 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-07 13:16 - 2015-08-07 13:16 - 00025088 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2014-05-14 20:07 - 2013-04-01 19:20 - 00160256 _____ () C:\WINDOWS\System32\HP1005LM.DLL
2010-07-04 02:25 - 2010-07-04 02:25 - 00051716 _____ () C:\WINDOWS\System32\pdf995mon.dll
2009-09-01 05:31 - 2009-09-01 05:31 - 00022723 _____ () C:\WINDOWS\System32\ssp2ml3.dll
2014-05-14 20:08 - 2013-04-01 19:20 - 00059904 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\HP1005PP.dll
2009-12-11 11:57 - 2009-12-11 11:57 - 00006656 ____N () C:\Program Files\Lenovo\Access Connections\ACNewBiosHelper.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 14:04 - 2015-08-11 11:53 - 00301056 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-12-17 11:11 - 2013-08-23 14:44 - 00307880 _____ () C:\Program Files\Microsoft Office 15\ClientX86\c2rui.dll
2013-12-17 11:11 - 2013-11-02 00:35 - 00359592 _____ () C:\Program Files\Microsoft Office 15\ClientX86\c2r32.dll
2013-12-17 11:11 - 2013-11-02 00:35 - 00410792 _____ () C:\Program Files\Microsoft Office 15\ClientX86\StreamServer.dll
2015-08-29 10:01 - 2015-08-18 10:27 - 01771592 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 10:01 - 2015-08-18 10:27 - 01771592 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 11:24 - 2015-07-10 11:24 - 00288768 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-23 19:46 - 2015-08-12 06:48 - 72389840 _____ () C:\Users\Peter\AppData\Local\Viber\Viber.exe
2015-08-23 19:47 - 2015-08-12 06:42 - 00089088 _____ () C:\Users\Peter\AppData\Local\Viber\qfacebook.dll
2015-07-02 22:56 - 2015-08-12 06:42 - 00168960 _____ () C:\Users\Peter\AppData\Local\Viber\exif.dll
2015-08-23 19:47 - 2015-07-29 08:38 - 00012288 _____ () C:\Users\Peter\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-08-23 19:47 - 2015-07-29 08:39 - 00690176 _____ () C:\Users\Peter\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-23 19:47 - 2015-07-29 08:39 - 00057856 _____ () C:\Users\Peter\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-23 19:47 - 2015-07-29 08:38 - 00012288 _____ () C:\Users\Peter\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-08-23 19:46 - 2015-07-29 08:41 - 00184320 _____ () C:\Users\Peter\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-08-12 16:26 - 2015-08-12 16:26 - 17482952 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll
2015-07-21 18:02 - 2015-07-21 18:02 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-08-29 09:48 - 2015-08-29 09:48 - 00007680 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-08-29 09:48 - 2015-08-29 09:48 - 09362944 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 13:54 - 2015-07-10 13:54 - 06459392 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\SharedLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-537159405-3133871740-3674865302-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDFMEService => 2
MSCONFIG\Services: WDRulesService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk => C:\Windows\pss\WD Quick View.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmoltoRecorder => "C:\Program Files\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LENOVO.TPFNF6R => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
MSCONFIG\startupreg: Message Center Plus => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
MSCONFIG\startupreg: Nuance PDF Reader-reminder => "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: TPHOTKEY => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
MSCONFIG\startupreg: TpShocks => TpShocks.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{F06193F7-9423-49DC-8807-494B1CE44A7B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{75B1F38C-DCA4-464D-B444-F2FFC34C794F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2D3F154A-631B-400C-BF78-B08A4200F287}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{CBEDFDD9-8533-4338-96C1-34410571D33F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{41AA4257-2DA5-4073-9305-57E1BABACBA8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{C19CDEFF-C3C5-4AA7-B490-A6616B3B3A12}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [UDP Query User{E02999AC-0126-4E07-8C08-427F682952EA}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [TCP Query User{EA1695D5-ECA4-41CF-91F1-5D7E003F6F70}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [{7EDD5230-863F-446E-B290-6B554CAC37F6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{6E051A62-185E-4CD5-9148-987A19463D72}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D5309F46-B0FF-4C15-BC71-B465550F77D1}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{1E63CB82-5AB7-4C6C-8980-497B1C1F7772}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{186E6D15-819D-4034-ABCF-D2A1810FA18F}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [UDP Query User{E3D4EC87-94AE-496C-BA84-CF19200D3081}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{BA2222DB-2BE3-4F07-84BB-A75CF569AE6C}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{D5B06DCA-66B6-4B25-A240-587D64082B90}] => (Allow) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D9E5F6C9-E673-46D4-9E72-31FABC88DA30}] => (Allow) C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ED8D5369-D242-4A1D-BA33-0B8B34C7668B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{31126954-EF43-4C16-8F22-8A924119B53A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{22C9F3FC-B2C8-4D3C-9F18-00489B542E74}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8DF5FB56-6C05-4A04-8C3C-02834F2EB579}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{07311AA5-6955-4FF3-AB77-F3FCD868F8B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CD4C3948-12C8-48CD-9026-CDAC61EE0FB5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C4CD696-F932-4145-9D19-E1B9E1D0C3B6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{742F65BD-D78F-408E-B468-8C080A5AFD93}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{41426B4B-428E-432C-967A-EF10B2B90241}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0978F3EA-23D1-4B8B-B09B-D0DFDB485F15}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [{D161C0C5-4275-4FFE-9FEF-BE1BE601BFEA}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1266C323-3BAE-44A7-A50F-7EBAFD78D7F0}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{976F3801-31CF-46F0-A371-31A1D704C29B}C:\program files\real\realplayer\realplay.exe] => (Allow) C:\program files\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{6AE1B06B-FB39-49E2-816E-306C89465CE2}C:\program files\real\realplayer\realplay.exe] => (Allow) C:\program files\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{ED2652E9-849E-4071-B849-263A3E53588C}C:\users\peter\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\peter\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{A8BEEB68-42A1-410D-8CD8-9A870280716F}C:\users\peter\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\peter\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{7154580A-2B37-4DC6-A813-6776DFA58939}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87E47BA7-4DE0-4018-B84A-EC7CF425D6C7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF534B44-27F0-430E-AA25-64291B5C0F16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F6A39AF6-839B-416A-810E-9D3582FF70F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D8934A7-F5DB-4875-9F2A-88D718EE6BCC}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F5F1ACF7-4F38-4DBF-9D36-0332A64948D2}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [UDP Query User{8D5A8AA6-774B-422C-9F36-3752A283F3EC}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{1A7D6C25-2D5C-4994-9FC0-B0FEC9206321}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{2794385A-0B87-4DD5-8FF3-B696A5C55D6A}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{6320442C-D6BD-41F7-A0BF-4F19134E4C94}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{93B58560-FEA5-487B-8729-24519AA2A6D6}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{6242C360-BB20-4354-AAEA-8A65BFB69A41}C:\program files\java\jre6\bin\java.exe] => (Allow) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{25C725F0-2FDD-4A7F-8F23-E35E18FB941F}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{6737E0E6-2264-46EA-BC99-27D57FC6BAD5}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6D9A2CCB-7EC0-4292-8D27-96958016815E}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [TCP Query User{66008C49-A46F-43ED-BB60-6813B2FC4BE0}C:\program files\sopcast\adv\sopadver.exe] => (Block) C:\program files\sopcast\adv\sopadver.exe
FirewallRules: [UDP Query User{D903813A-610D-4ED1-A010-A63AA7C70F97}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [TCP Query User{E7A20D62-C423-4B8B-A5F6-1DD4BAE77AE5}C:\program files\sopcast\sopcast.exe] => (Block) C:\program files\sopcast\sopcast.exe
FirewallRules: [UDP Query User{F1F608DA-1D56-4670-BA54-DCB7A7333AFF}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{72FCACCD-3459-4F37-B590-7E9177C94A8C}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{3C8B0ECA-E35B-4A77-B1B4-802EAF01C12B}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{970396C8-43DD-4DFD-9A9B-0B540D140E00}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{909ED116-EE2E-47F1-971A-55051232BA08}] => (Allow) LPort=1900
FirewallRules: [{4FDFC61C-1D1A-4C30-870F-8D099024498D}] => (Allow) LPort=2869
FirewallRules: [{6269774C-4FB3-4E6D-A2D7-D07BDBDE24DC}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4472CF0C-EF81-40CC-B7A6-C9C0041F01E0}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{670A9578-2CA0-482B-854B-BC0733283598}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{8801EB8D-5188-40F2-B9B6-CE47584ED098}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{259291BF-8029-463E-ADC4-8AE5475B4B39}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{D1D20111-6AA8-4A66-9F36-A4B9F283ED57}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{2E447CEC-FEF8-46B1-9473-B4E4AF6159C1}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{3E31F96F-8522-4C96-96FC-BE34C8ACF68D}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{A808EEE7-AA7B-42ED-8328-2E4AFDF4AEF2}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [UDP Query User{35DDB90E-8DF2-4DF1-9FAE-C5BB775F5890}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{58AAD3E1-1583-43CC-84DC-C2BFA7DEF18D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A9D45616-F0E2-4F22-A7DC-B1457FF21A18}C:\program files\voipbuster.com\voipbuster\voipbuster.exe] => (Allow) C:\program files\voipbuster.com\voipbuster\voipbuster.exe
FirewallRules: [TCP Query User{FBCDFB9C-DF5C-4D3B-9649-20290CC4C15E}C:\program files\voipbuster.com\voipbuster\voipbuster.exe] => (Allow) C:\program files\voipbuster.com\voipbuster\voipbuster.exe
FirewallRules: [{7D7B3250-D440-4AA6-94F0-C304C55337E8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{A450D74A-AA8A-43FF-9F40-1FEE70EC3698}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{998570A6-AF42-41BE-B652-C746772FA068}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [UDP Query User{F613432B-30F7-4276-9DC2-386CF8D2EB15}C:\program files\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [{8EA7E2FB-D9DE-4C01-97A9-7CC8FCAE9705}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B90F91C0-9B34-4AD7-8775-1C65EC22E056}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2015 07:53:13 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5028) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (09/10/2015 07:53:13 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5028) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (09/10/2015 07:53:02 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5028) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (09/10/2015 07:53:02 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5028) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (09/10/2015 07:52:52 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5028) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (09/10/2015 07:52:52 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5028) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (09/10/2015 07:52:41 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5028) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (09/10/2015 07:52:41 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5028) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (09/10/2015 07:52:31 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5028) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (09/10/2015 07:52:31 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5028) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (09/09/2015 08:05:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (09/09/2015 03:35:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (09/09/2015 03:34:27 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL ACGina failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (09/09/2015 03:31:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/09/2015 03:31:30 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/09/2015 03:31:15 PM) (Source: DCOM) (EventID: 10010) (User: PETER-THINK)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (09/09/2015 03:31:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/09/2015 03:31:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/09/2015 03:31:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/09/2015 03:31:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (09/10/2015 07:53:13 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5028-1032

Error: (09/10/2015 07:53:13 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5028C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/10/2015 07:53:02 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5028-1032

Error: (09/10/2015 07:53:02 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5028C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/10/2015 07:52:52 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5028-1032

Error: (09/10/2015 07:52:52 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5028C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/10/2015 07:52:41 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5028-1032

Error: (09/10/2015 07:52:41 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5028C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (09/10/2015 07:52:31 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5028-1032

Error: (09/10/2015 07:52:31 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5028C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.


CodeIntegrity:
===================================
Date: 2015-09-10 08:04:24.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:04:24.396
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:04:24.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:04:21.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:04:21.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:02:23.989
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:02:23.965
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:02:23.936
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:02:23.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-10 08:02:23.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 82%
Total physical RAM: 2908.86 MB
Available physical RAM: 519.92 MB
Total Virtual: 6236.86 MB
Available Virtual: 2585.74 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:286.71 GB) (Free:169.12 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:845.69 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 5D65D83C)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: E25E431C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 September 2015 - 05:30 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 10 September 2015 - 05:58 PM

Greetings ppauli and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Yes, your computer is indeed badly infected.

Can you tell me if these look familiar?
 

statstrip
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
C:\Rwanda


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Program Files\VINN\uninst.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AppInit_DLLs: C:\ProgramData\ExtTag\Topstrong.dll => No File
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk ->  (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-537159405-3133871740-3674865302-1004 -> {ADD251AB-BBC7-4356-BB92-43EFFEDC2CEB} URL =
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-28]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-09-07]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
U3 idsvc; no ImagePath
S1 KLIM6; \SystemRoot\system32\DRIVERS\klim6.sys [X]
S1 UGKrnlDrv; \??\C:\Program Files\UPCleaner\0.9.30.12075\UGKrnlDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Peter\AppData\Local\Temp\2111.exe
C:\Users\Peter\AppData\Local\Temp\2235.exe
C:\Users\Peter\AppData\Local\Temp\2624.exe
C:\Users\Peter\AppData\Local\Temp\amisetup1540__13312.exe
C:\Users\Peter\AppData\Local\Temp\amisetup7385__13312.exe
C:\Users\Peter\AppData\Local\Temp\DVQ8B31.exe
C:\Users\Peter\AppData\Local\Temp\FirstBlood_tr_2.1.1.8131_ug_s_setup.exe
C:\Users\Peter\AppData\Local\Temp\fsdD738.exe
C:\Users\Peter\AppData\Local\Temp\nskA2F1.exe
C:\Users\Peter\AppData\Local\Temp\nsnCB0D.exe
C:\Users\Peter\AppData\Local\Temp\nsnCB0E.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
C:\Users\Peter\AppData\Local\Temp\ultimate_pc_cleaner(0.9.30.12075).exe
C:\Users\Peter\AppData\Local\Temp\Uninstall.exe
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
Task: {170CE4F7-B987-4E79-9B20-986B1B7FAC9A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1CF490EA-6D64-428D-A377-FAC3FFD2B3B7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {23F9D4BF-E8ED-4A8E-92C8-007B7F7C048D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A701167-F2BC-4B2A-A012-A7522E8F5C4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5128D39E-9530-4E26-857E-011A123E448D} - System32\Tasks\{9F3A5E86-41CF-4616-A16C-151676CD0E29} => pcalua.exe -a C:\Users\Peter\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=amt
C:\Users\Peter\AppData\Roaming\istartsurf
Task: {550690F8-664E-45C1-974A-EF5C3FEEE9EE} - \Dealply -> No File <==== ATTENTION
Task: {56056A06-300D-4563-A440-90408305EFF7} - System32\Tasks\{4BC6A3BC-D9E3-473B-ACD3-1ACC1FB138A5} => pcalua.exe -a "C:\Program Files\PriceGong\uninst.exe"
C:\Program Files\PriceGong
Task: {85ED4C43-9511-4CB5-B806-FBC717D1964F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {B8C01688-5C9A-44F9-A4FC-E2D998FD1F9D} - System32\Tasks\{97A0EF61-BC2C-43FF-BDD3-E424A2C58328} => pcalua.exe -a D:\INSTAL32.EXE -d D:\
Task: {C289C9A1-BEE3-40F2-B351-57B45736C40E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D15352C5-6801-48AE-845B-A9F2C4848E32} - System32\Tasks\{B41B95F5-AA23-4CAE-8928-5359AE3199C3} => pcalua.exe -a C:\Users\Peter\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
C:\Users\Peter\AppData\Roaming\mystartsearch
Task: {D582CBDB-30E6-4DFA-A7CC-CEB633A42B53} - System32\Tasks\{847EB3DB-C200-4A08-9B6C-5F9FF06A2151} => pcalua.exe -a D:\Instal32.exe -d D:\
Task: {E1CC7A4F-0E69-4903-BB59-E5AC5A6ED306} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E55D07F2-D717-4DD7-9C3F-E83B5994DF6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5BF40B8-8289-46CA-9C36-D526CBB60B80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E9AB1AAD-A592-4E3F-ABF2-F0527863B746} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FF967664-9883-498A-ACF1-62242B5FDDF5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
Task: {2CA4DDEE-E921-45D6-94E0-9E61668DF106} - System32\Tasks\{045B63A0-EE31-4C6B-8A4E-88043B62D846} => pcalua.exe -a "C:\Program Files\VINN\uninst.exe" -d "C:\Program Files\VINN"
cmd: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Picasa Download Packages
CCleaner Download Packages

  • Reboot your computer
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize those entries?
  • Virustotal link
  • Fixlog
  • Programs uninstall?
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 13 September 2015 - 01:26 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 14 September 2015 - 02:46 AM

Dear Gary,

 

First and foremost, thanks for taking your time to help me with this probem. I am a total layman and not able to understand anything about what is going on inside a computer. I see we are pretty far away from each other (California and Turkey although I am Dutch) but that may be an advantage, it gives me time to do what you ask me to.

 

Well, I have tried to follow and do whatever tasks you gave me but I am afraid not with too much success. So let me try to go over them one by one. But first I want to inform you about the pages I regularly see when being redirected: One is ygo.warmportal.com and the other is zj1.zeroredirect1.com. Maybe they mean something to you.

 

Then concerning your list:

 

1)

statstrip
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
C:\Rwanda

 

I do not know what statstrip is and I cannot find it.

I can also not find Zath in the list. I get to Local but there I only find other folders not Zath

Rwanda is a folder I made to run an Excel VB application and this is ok.

 

2)

Concerning uTorrent, I installed that one years ago because my son told me it is needed to download movies. But I never used it and I am surprised you see it because I removed it before I made the log I sent you. I have tried to find it but it does not exists in my programme list.

 

3)

Then I went to Virustotal and nothing to do there. I cannot find C:\Program Files\VINN\uninst.exe in my systema at all. VINN is the software that belongs to the Turkish telecom company and it is to support the mobile Internet stick. I did not use this programme for over 2 years. But I cannot find the exe file at all. So, I cannot copy and paste any result from it in this reply. All I see is a shortcut on my desktop.

 

4)

I opened FRST and clicked Fix as you instructed to do, I did not click Scan

I copied the text in the box in your reply and copied it to a file called fixlist.txt and stored it on my desktop

I copied the text from Fixlog here below this reply but I am not sure I have well undestood what exactly should have been done because I did nothing so far.

 

5)

I Uninstalled Picasa and CC cleaner

 

6)

I attach the Summary.zip file

 

Well, I hope this is at least a start. But you notice that I can only follow very clear and strict instructions. Otherwise I am totally lost.

 

Thanks so far

 

Peter

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:13-09-2015 02
Ran by Peter (2015-09-14 09:04:33) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
AppInit_DLLs: C:\ProgramData\ExtTag\Topstrong.dll => No File
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk ->  (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-537159405-3133871740-3674865302-1004 -> {ADD251AB-BBC7-4356-BB92-43EFFEDC2CEB} URL =
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-08-28]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js [2015-09-07]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
U3 idsvc; no ImagePath
S1 KLIM6; \SystemRoot\system32\DRIVERS\klim6.sys [X]
S1 UGKrnlDrv; \??\C:\Program Files\UPCleaner\0.9.30.12075\UGKrnlDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Peter\AppData\Local\Temp\2111.exe
C:\Users\Peter\AppData\Local\Temp\2235.exe
C:\Users\Peter\AppData\Local\Temp\2624.exe
C:\Users\Peter\AppData\Local\Temp\amisetup1540__13312.exe
C:\Users\Peter\AppData\Local\Temp\amisetup7385__13312.exe
C:\Users\Peter\AppData\Local\Temp\DVQ8B31.exe
C:\Users\Peter\AppData\Local\Temp\FirstBlood_tr_2.1.1.8131_ug_s_setup.exe
C:\Users\Peter\AppData\Local\Temp\fsdD738.exe
C:\Users\Peter\AppData\Local\Temp\nskA2F1.exe
C:\Users\Peter\AppData\Local\Temp\nsnCB0D.exe
C:\Users\Peter\AppData\Local\Temp\nsnCB0E.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
C:\Users\Peter\AppData\Local\Temp\ultimate_pc_cleaner(0.9.30.12075).exe
C:\Users\Peter\AppData\Local\Temp\Uninstall.exe
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.28.1\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Peter\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
Task: {170CE4F7-B987-4E79-9B20-986B1B7FAC9A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1CF490EA-6D64-428D-A377-FAC3FFD2B3B7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {23F9D4BF-E8ED-4A8E-92C8-007B7F7C048D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2A701167-F2BC-4B2A-A012-A7522E8F5C4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5128D39E-9530-4E26-857E-011A123E448D} - System32\Tasks\{9F3A5E86-41CF-4616-A16C-151676CD0E29} => pcalua.exe -a C:\Users\Peter\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=amt
C:\Users\Peter\AppData\Roaming\istartsurf
Task: {550690F8-664E-45C1-974A-EF5C3FEEE9EE} - \Dealply -> No File <==== ATTENTION
Task: {56056A06-300D-4563-A440-90408305EFF7} - System32\Tasks\{4BC6A3BC-D9E3-473B-ACD3-1ACC1FB138A5} => pcalua.exe -a "C:\Program Files\PriceGong\uninst.exe"
C:\Program Files\PriceGong
Task: {85ED4C43-9511-4CB5-B806-FBC717D1964F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {B8C01688-5C9A-44F9-A4FC-E2D998FD1F9D} - System32\Tasks\{97A0EF61-BC2C-43FF-BDD3-E424A2C58328} => pcalua.exe -a D:\INSTAL32.EXE -d D:\
Task: {C289C9A1-BEE3-40F2-B351-57B45736C40E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D15352C5-6801-48AE-845B-A9F2C4848E32} - System32\Tasks\{B41B95F5-AA23-4CAE-8928-5359AE3199C3} => pcalua.exe -a C:\Users\Peter\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
C:\Users\Peter\AppData\Roaming\mystartsearch
Task: {D582CBDB-30E6-4DFA-A7CC-CEB633A42B53} - System32\Tasks\{847EB3DB-C200-4A08-9B6C-5F9FF06A2151} => pcalua.exe -a D:\Instal32.exe -d D:\
Task: {E1CC7A4F-0E69-4903-BB59-E5AC5A6ED306} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E55D07F2-D717-4DD7-9C3F-E83B5994DF6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E5BF40B8-8289-46CA-9C36-D526CBB60B80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E9AB1AAD-A592-4E3F-ABF2-F0527863B746} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FF967664-9883-498A-ACF1-62242B5FDDF5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
Task: {2CA4DDEE-E921-45D6-94E0-9E61668DF106} - System32\Tasks\{045B63A0-EE31-4C6B-8A4E-88043B62D846} => pcalua.exe -a "C:\Program Files\VINN\uninst.exe" -d "C:\Program Files\VINN"
cmd: ipconfig /flushdns
*****************

"C:\ProgramData\ExtTag\Topstrong.dll" => Value data removed successfully..
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk ->  (No File) => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-537159405-3133871740-3674865302-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADD251AB-BBC7-4356-BB92-43EFFEDC2CEB}" => key removed successfully.
HKCR\CLSID\{ADD251AB-BBC7-4356-BB92-43EFFEDC2CEB} => key not found.
C:\Program Files\mozilla firefox\defaults\pref\itms.js => moved successfully
C:\Program Files\mozilla firefox\browser\defaults\preferences\prefs.js => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully.
idsvc => service removed successfully.
KLIM6 => service removed successfully.
UGKrnlDrv => service removed successfully.
wfpcapture => service removed successfully.
wpcsvc => service removed successfully.
C:\Users\Peter\AppData\Local\Temp\2111.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\2235.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\2624.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\amisetup1540__13312.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\amisetup7385__13312.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\DVQ8B31.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\FirstBlood_tr_2.1.1.8131_ug_s_setup.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\fsdD738.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\nskA2F1.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\nsnCB0D.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\nsnCB0E.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Peter\AppData\Local\Temp\ultimate_pc_cleaner(0.9.30.12075).exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\Uninstall.exe => moved successfully
"HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-537159405-3133871740-3674865302-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{170CE4F7-B987-4E79-9B20-986B1B7FAC9A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{170CE4F7-B987-4E79-9B20-986B1B7FAC9A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CF490EA-6D64-428D-A377-FAC3FFD2B3B7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CF490EA-6D64-428D-A377-FAC3FFD2B3B7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23F9D4BF-E8ED-4A8E-92C8-007B7F7C048D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23F9D4BF-E8ED-4A8E-92C8-007B7F7C048D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A701167-F2BC-4B2A-A012-A7522E8F5C4B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A701167-F2BC-4B2A-A012-A7522E8F5C4B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5128D39E-9530-4E26-857E-011A123E448D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5128D39E-9530-4E26-857E-011A123E448D}" => key removed successfully.
C:\Windows\System32\Tasks\{9F3A5E86-41CF-4616-A16C-151676CD0E29} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F3A5E86-41CF-4616-A16C-151676CD0E29}" => key removed successfully.
"C:\Users\Peter\AppData\Roaming\istartsurf" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{550690F8-664E-45C1-974A-EF5C3FEEE9EE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{550690F8-664E-45C1-974A-EF5C3FEEE9EE}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56056A06-300D-4563-A440-90408305EFF7}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56056A06-300D-4563-A440-90408305EFF7}" => key removed successfully.
C:\Windows\System32\Tasks\{4BC6A3BC-D9E3-473B-ACD3-1ACC1FB138A5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4BC6A3BC-D9E3-473B-ACD3-1ACC1FB138A5}" => key removed successfully.
"C:\Program Files\PriceGong" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85ED4C43-9511-4CB5-B806-FBC717D1964F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85ED4C43-9511-4CB5-B806-FBC717D1964F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CE7E7A0-E878-473D-B647-679C241CC7B1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CE7E7A0-E878-473D-B647-679C241CC7B1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8C01688-5C9A-44F9-A4FC-E2D998FD1F9D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8C01688-5C9A-44F9-A4FC-E2D998FD1F9D}" => key removed successfully.
C:\Windows\System32\Tasks\{97A0EF61-BC2C-43FF-BDD3-E424A2C58328} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97A0EF61-BC2C-43FF-BDD3-E424A2C58328}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C289C9A1-BEE3-40F2-B351-57B45736C40E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C289C9A1-BEE3-40F2-B351-57B45736C40E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D15352C5-6801-48AE-845B-A9F2C4848E32}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D15352C5-6801-48AE-845B-A9F2C4848E32}" => key removed successfully.
C:\Windows\System32\Tasks\{B41B95F5-AA23-4CAE-8928-5359AE3199C3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B41B95F5-AA23-4CAE-8928-5359AE3199C3}" => key removed successfully.
"C:\Users\Peter\AppData\Roaming\mystartsearch" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D582CBDB-30E6-4DFA-A7CC-CEB633A42B53}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D582CBDB-30E6-4DFA-A7CC-CEB633A42B53}" => key removed successfully.
C:\Windows\System32\Tasks\{847EB3DB-C200-4A08-9B6C-5F9FF06A2151} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{847EB3DB-C200-4A08-9B6C-5F9FF06A2151}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1CC7A4F-0E69-4903-BB59-E5AC5A6ED306}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1CC7A4F-0E69-4903-BB59-E5AC5A6ED306}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E55D07F2-D717-4DD7-9C3F-E83B5994DF6C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E55D07F2-D717-4DD7-9C3F-E83B5994DF6C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5BF40B8-8289-46CA-9C36-D526CBB60B80}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5BF40B8-8289-46CA-9C36-D526CBB60B80}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9AB1AAD-A592-4E3F-ABF2-F0527863B746}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9AB1AAD-A592-4E3F-ABF2-F0527863B746}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF967664-9883-498A-ACF1-62242B5FDDF5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF967664-9883-498A-ACF1-62242B5FDDF5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully..
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CA4DDEE-E921-45D6-94E0-9E61668DF106}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CA4DDEE-E921-45D6-94E0-9E61668DF106}" => key removed successfully.
C:\Windows\System32\Tasks\{045B63A0-EE31-4C6B-8A4E-88043B62D846} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{045B63A0-EE31-4C6B-8A4E-88043B62D846}" => key removed successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 09:04:57 ====

 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 14 September 2015 - 10:18 AM

Hi Peter,

Thank you for taking the time to explain everything. You did quite well both in explaining and following the instructions! It is always my intention to provide clear, logical steps but if I fall short don't ever hesitate to stop and ask for clarification.

The uTorrent entries and the file you couldn't locate are probably leftovers and we will address all of those.

I am going to provide a lot of stuff for you to do. I am not trying to overwhelm you but because of our time difference I want to take advantage or providing instructions while we have the chance to work together. Please do not feel pressured. You can tackle this one at a time and post the results individually as you go if that is easier for you.

As you are able, please do these things.

===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Copy and paste the following into the main white box

createsrpoint;
process;

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2015-09-02 23:16 - 2015-09-02 23:16 - 0000187 _____ () C:\Users\Peter\AppData\Local\statstrip.exe.config
Task: {1C171E9B-B9D6-483D-95E0-43F5715280A0} - System32\Tasks\uodate => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
FirewallRules: [{D161C0C5-4275-4FFE-9FEF-BE1BE601BFEA}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1266C323-3BAE-44A7-A50F-7EBAFD78D7F0}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek report
  • Fixlog
  • RogueKiller log
  • Update on computer behavior

Edited by Oh My!, 14 September 2015 - 09:17 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 14 September 2015 - 05:55 PM

Dear Gary,

 

I have been following your instructions and am now running Roguekiller. However, in the middle of that process I get the message "VirusTotal is a website taht analysis files and urls with any Antiviruses. RogueKiller sometimes relies on VirusTotal detections, so it is very important for us to have files uploaded there.

T

hen it says: The item C:\Users\Peter\AppData\Local\Temp\bootstrap.dmp  is unknown and deserves and (Peter: I think this is an typing error that looks suspicious to me) upload, do you want to proceed.

 

Then there are boxes with yes always no never

 

I do not know if I can trust this. So, I will wait until you tell me.

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 14 September 2015 - 09:12 PM

That is a new feature introduced in the last few days that I was not aware of so nothing was mentioned in my instructions. Thank you for stopping and letting me know. I have modified the instruction to now include that option. You can click Yes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 15 September 2015 - 12:36 AM

Ok, I did that this morning and also RogueKiller finished but there is no automatic report generated. That you must make yourself by going over the various tabs and export the result in the format you choose. I did TXT and found reports in 4 tabs of which I copy the text in this window behind the results of the first session. But there is a problem, the text of zoek-result.txt has disappeared by starting the second session. So, I only have Fixlog.txt and the text from the RogueKiller session. Shall I run Zoek again later on?

 

I must say, you guys must be geniuses if you understand what to look for in the endless lists.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:13-09-2015 02
Ran by Peter (2015-09-15 00:49:16) Run:2
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
2015-09-02 23:16 - 2015-09-02 23:16 - 0000187 _____ () C:\Users\Peter\AppData\Local\statstrip.exe.config
Task: {1C171E9B-B9D6-483D-95E0-43F5715280A0} - System32\Tasks\uodate => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
FirewallRules: [{D161C0C5-4275-4FFE-9FEF-BE1BE601BFEA}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1266C323-3BAE-44A7-A50F-7EBAFD78D7F0}] => (Allow) C:\Users\Peter\AppData\Roaming\uTorrent\uTorrent.exe
*****************

"C:\Users\Peter\AppData\Local\statstrip.exe.config" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C171E9B-B9D6-483D-95E0-43F5715280A0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C171E9B-B9D6-483D-95E0-43F5715280A0}" => key removed successfully.
C:\Windows\System32\Tasks\uodate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uodate" => key removed successfully.
"C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D161C0C5-4275-4FFE-9FEF-BE1BE601BFEA} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1266C323-3BAE-44A7-A50F-7EBAFD78D7F0} => value removed successfully.

==== End of Fixlog 00:49:16 ====

 

RogueKiller V10.10.5.0 [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 32 bits version
Started in : Normal mode
User : Peter [Administrator]
Started from : C:\Users\Peter\Desktop\RogueKiller.exe
Mode : Scan -- Date : 09/15/2015 08:10:45

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a22e503-4943-48fb-acc5-a9b992a29aa8} | DhcpNameServer : 10.34.1.5 10.34.1.7 50.23.136.173 8.8.8.8 10.3.2.12 10.3.2.11 ([(Private Address) (XX)][(Private Address) (XX)][-][-][US][US])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{359e7dd5-2101-409e-a5c7-879635bd3923} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0a22e503-4943-48fb-acc5-a9b992a29aa8} | DhcpNameServer : 10.34.1.5 10.34.1.7 50.23.136.173 8.8.8.8 10.3.2.12 10.3.2.11 ([(Private Address) (XX)][(Private Address) (XX)][-][-][US][US])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{359e7dd5-2101-409e-a5c7-879635bd3923} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][(Private Address) (XX)])  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-537159405-3133871740-3674865302-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 5r7z4sum.default-1441626705103 : user_pref("browser.startup.homepage", "http://www.bbc.com/news"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] fc93c9d0b130efa9cab1c9db90b6959f
[BSP] aed2ba4503916146baf779f771a68844 : Lenovo|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 293593 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 603738112 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

 

 



#9 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 15 September 2015 - 12:44 AM

Dear Gary,

 

I found the zoek-result text. I see it is on the C: drive.

 

Zoek.exe v5.0.0.0 Updated 13-09-2015
Tool run by Peter on 14/09/2015 at 20:37:39.25.
Microsoft Windows 10 Pro 10.0.10240  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Peter\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

14/09/2015 20:43:11 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Cisco deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\office.tmp deleted successfully
C:\Program Files\UPCleaner deleted successfully
C:\Program Files\Yahoo! deleted successfully
C:\Program Files\Common Files\BSD deleted successfully
C:\Program Files\Common Files\Intel deleted successfully
C:\Program Files\Common Files\Mozilla deleted successfully
C:\PROGRA~2\Comms deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\Peter\AppData\Local\AmoltoCallRecorder deleted successfully
C:\Users\Peter\AppData\Local\cache deleted successfully
C:\Users\Peter\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Peter\AppData\Local\EmieSiteList deleted successfully
C:\Users\Peter\AppData\Local\EmieUserList deleted successfully
C:\Users\Peter\AppData\Local\MP3 Skype recorder deleted successfully
C:\Users\Peter\AppData\Local\NetworkTiles deleted successfully
C:\Users\Peter\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Peter\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\WINDOWS\system32\mqsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\WINDOWS\system32\taskhostw.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Peter\AppData\Local\Viber\Viber.exe
C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\NetworkUXBroker.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Users\Peter\Desktop\zoek.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPHDEXLGSVC deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files\Cisco not found
C:\Program Files\office.tmp not found
C:\Program Files\UPCleaner not found
C:\Program Files\Yahoo! not found
C:\WINDOWS\system32\appdata deleted
C:\PROGRA~2\Pure Networks deleted
C:\Users\Peter\.android deleted
C:\task.vbs deleted
C:\stat_log deleted
C:\found.000 deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\BSD deleted
C:\PROGRA~2\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\WININIT.INI deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\System32\searchplugins deleted
C:\WINDOWS\System32\Extensions deleted
C:\Program Files\Mozilla Firefox\components\AskHomePageReset.js deleted
C:\Users\Peter\AppData\Local\statstrip.exe.config deleted
"C:\Users\Peter\AppData\Roaming\Vso" deleted
"C:\Users\Peter\AppData\Roaming\Wassapp" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 2909 MB
CPU Info: Intel® Core™2 Duo CPU     T5870  @ 2.00GHz
CPU Speed: 1525.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1) | Mobile Intel® 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1)
Monitors: 1x; AOC V22 | LCD 1366x768 |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | Bluetooth Device (Personal Area Network) | Intel® WiFi Link 5100 AGN | Microsoft Hosted Network Virtual Adapter
CD / DVD Drives: 1x (D: | ) D: MATbleepADVD-RAM UJ890
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  286.7GB | Q:  9.8GB
Hard Disks - Free: C:  168.8GB | Q:  3.1GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 10/19/09 | Ver 1.00PARTTBL
Time Zone: Turkey Standard Time
Motherboard *: LENOVO 28423UG
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Default Browser: Firefox    40.0.3
Internet Explorer Version: 11.0.10240.16431
Mozilla Firefox version: 40.0.3 (x86 en-GB)
Adobe Reader version: 11.0.11.18
Sun Java version: 1.8.0_45 (32-bit)
Flash Player version: 18.0.0.232

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2015-08-19 11:04:43    B3F90790F991A5A21113B58EE50FA696    4048808    ----a-w-    C:\WINDOWS\explorer.exe
====== C:\Users\Peter\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2015-09-14 17:33:45    F84E92483EF1FF4043F3E3D5B41C4D8F    16148    ----a-w-    C:\WINDOWS\System32\PETER-THINK_Peter_HistoryPrediction.bin
2015-09-09 11:12:25    5614386D4CFDF9E56F355C45BEEBC976    12872    ----a-w-    C:\WINDOWS\System32\bootdelete.exe
2015-09-09 09:33:06    3C670437DFA989E708D897D385517885    18806272    ----a-w-    C:\WINDOWS\System32\edgehtml.dll
2015-09-09 09:33:04    D5C86731E14EB3C6A7FBB9D296A724FD    19324416    ----a-w-    C:\WINDOWS\System32\mshtml.dll
2015-09-09 09:33:02    35CBA36E7A48260FC97E35010257F3F7    11262464    ----a-w-    C:\WINDOWS\System32\ieframe.dll
2015-09-09 09:32:59    E59B00C9058EC451E85A14C877E143CA    2880032    ----a-w-    C:\WINDOWS\System32\iertutil.dll
2015-09-09 09:32:59    BE9AA31EFDC5AF3605599A63AFD62B34    2153472    ----a-w-    C:\WINDOWS\System32\authui.dll
2015-09-09 09:32:58    A429ED80A03D29F43E99A08CA76E3CFD    1612288    ----a-w-    C:\WINDOWS\System32\Windows.UI.Immersive.dll
2015-09-09 09:32:55    6C488DD1B6A034B393116C18B48624EF    822272    ----a-w-    C:\WINDOWS\System32\schedsvc.dll
2015-09-09 09:32:11    6F896017729ECFDF0D38A58C2D4A1865    2985984    ----a-w-    C:\WINDOWS\System32\win32kfull.sys
2015-09-09 09:32:10    223F4A196FEDDC45F431D79B833521E6    484352    ----a-w-    C:\WINDOWS\System32\SettingSync.dll
2015-09-09 09:32:09    6B1F5CA61757844148C06E3F328C2913    504320    ----a-w-    C:\WINDOWS\System32\vbscript.dll
2015-09-09 09:32:09    1C0F275FC68BD670107D4782E09B9AA6    650752    ----a-w-    C:\WINDOWS\System32\jscript.dll
2015-09-09 09:32:09    10AF578C46EF469B3C2DDC0E4267D9E4    490496    ----a-w-    C:\WINDOWS\System32\winlogon.exe
2015-09-09 09:32:08    E2A8B3E2B05C6C4C0FB6BC45655ED714    541248    ----a-w-    C:\WINDOWS\System32\fontdrvhost.exe
2015-09-09 09:32:08    2FA6AE2352567748CD332B2529756EC6    303104    ----a-w-    C:\WINDOWS\System32\atmfd.dll
2015-09-09 09:32:07    CAB82A22D64284C06DD7670F48D4191F    1134080    ----a-w-    C:\WINDOWS\System32\win32kbase.sys
2015-09-09 09:32:06    C1B5BE074E1D85D4C1267B9678F9669D    139776    ----a-w-    C:\WINDOWS\System32\shacct.dll
2015-09-09 09:32:06    B9411F28E4FF8BB1566A5A61A39D5BD7    157696    ----a-w-    C:\WINDOWS\System32\Windows.UI.PicturePassword.dll
2015-09-09 09:32:05    F3913BDD1CB4A02A8B91F6CC43B775E3    69208    ----a-w-    C:\WINDOWS\System32\acmigration.dll
2015-09-09 09:31:26    5C3D6ECECE28FA7883E44C8D89ED1933    37376    ----a-w-    C:\WINDOWS\System32\atmlib.dll
2015-09-07 09:40:47    0F28342C2317F232FACAB77A8CEFD6D0    10708    ----a-w-    C:\WINDOWS\System32\.crusader
2015-09-02 20:16:47    053167C74F214E49198BF2A3AC18150B    4    ----a-w-    C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7
====== C:\WINDOWS\system32\drivers =====
2015-09-07 06:18:04    739164A8B8FB2F1B50A498F20AF7B21E    98520    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-07 06:17:03    B4CD87E78A01562E3DA67FE1C2779204    23256    ----a-w-    C:\WINDOWS\System32\drivers\mbam.sys
2015-09-07 06:17:03    A1E3A332E76F48410CF403FDF85FAFE0    94936    ----a-w-    C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-09-07 06:17:03    3EC04B261C2834555D3C52A32D2FD1EC    51928    ----a-w-    C:\WINDOWS\System32\drivers\mwac.sys
2015-08-29 07:01:14    F15F967A11D933C9AB14550B5933570D    284000    ----a-w-    C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-29 07:01:11    A5BE8D560E8EE0BBEF5478B319D84444    725504    ----a-w-    C:\WINDOWS\System32\drivers\bthport.sys
2015-08-19 11:04:27    C55E0B58A2CFB3A12018D1D65706C423    66896    ----a-w-    C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-19 11:04:24    A7F798B33AFA41FEA13E9180E3F1F3D2    392032    ----a-w-    C:\WINDOWS\System32\drivers\storport.sys
====== C:\WINDOWS\Tasks ======
2015-09-03 10:15:15    F4F2198C6FE51EF4B2F189E6CE7EDD28    3318    ----a-w-    C:\WINDOWS\system32\Tasks\uodate
2015-09-02 21:19:10    64927DD33D23321231AA642C67E97604    4158    ----a-w-    C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7773AF5E-93F6-4822-81C0-776DC6AF4A35}
2015-09-02 20:55:43    AF11222A08D4C6862A44E9110A973025    3222    ----a-w-    C:\WINDOWS\system32\Tasks\{2E707BD4-92FF-412C-BADA-04704C2FA932}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-09-07 09:19:15    --------    d-----w-    C:\Program Files\HitmanPro
2015-09-02 20:14:13    --------    d-----w-    C:\Program Files\Opera
2015-08-30 05:49:30    --------    d-----w-    C:\Program Files\Common Files\Skype
======= C: =====
====== C:\Users\Peter\AppData\Roaming ======
2015-09-14 08:39:42    --------    d-----w-    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Garmin_Ltd._or_its_subsid
2015-09-02 20:20:54    --------    d-----w-    C:\Users\Peter\AppData\Local\Opera Software
2015-08-25 00:13:46    --------    d-----w-    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Trusteer
====== C:\Users\Peter ======
2015-09-14 09:15:12    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-14 06:08:37    8E1B08222F20E45A3E8DB04C569F9CB7    8    --sha-r-    C:\ProgramData\ntuser.pol
2015-09-14 06:08:35    --------    d-----w-    C:\WINDOWS\serviceprofiles\Localservice\winhttp
2015-09-10 07:26:29    EFE61D13D17B339204FA47910DA164C7    1694208    ----a-w-    C:\Users\Peter\Desktop\FRST.exe
2015-09-09 10:27:28    D3B6FA14CB7E12B7FBC0B3AA26235898    24345872    ----a-w-    C:\Users\Peter\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-09 08:32:40    080B16BA75F35930D761A96C073131C7    1660416    ----a-w-    C:\Users\Peter\Downloads\adwcleaner_5.007.exe
2015-09-07 13:01:11    0170A4503F85F2D7ABCBEF0419B1C35A    4404952    ----a-w-    C:\Users\Peter\Downloads\tdsskiller.exe
2015-09-07 09:19:15    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-07 09:18:13    --------    d-----w-    C:\ProgramData\HitmanPro
2015-09-07 06:04:08    F7237344FADDF9FC25C562F1B9A906F1    1799392    ----a-w-    C:\Users\Peter\Downloads\JRT.exe
2015-09-05 10:06:15    D3B6FA14CB7E12B7FBC0B3AA26235898    24345872    ----a-w-    C:\Users\Peter\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-05 10:05:57    42C863C3A8BC6089785F4676F9611B14    10369928    ----a-w-    C:\Users\Peter\Downloads\HitmanPro.exe
2015-08-30 05:49:32    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2015-09-11 05:48:32    898F20847EFAFA91EB8936D39A9B6F7D    762272    ----a-w-    C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
2015-09-11 05:48:26    433B77A496F42D603E7E71F172878BE6    25912    ----a-w-    C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
2015-09-11 05:48:18    A9D8725CFC8F65E73CF89EA2CFA2B68F    18212232    ----a-w-    C:\Program Files\Garmin\Express\express.exe
2015-09-11 05:48:04    F5164E5D119C2892168B46D4C8FA16A7    1403192    ----a-w-    C:\Program Files\Garmin\Express Tray\ExpressTray.exe
2015-09-11 05:47:58    3D6A1EE03A33A70C04F7E75B91A21947    66872    ----a-w-    C:\Program Files\Garmin\Express Elevated Installer\ElevatedInstaller.exe
=== C: other files ==
2015-09-14 07:00:16    614CDC0D5687C614A0AEF94B61DAAC6F    74083    ----a-w-    C:\Users\Peter\Desktop\System.zip
2015-09-08 05:53:55    80BDA029F2711C7C395AFBA7F519BBDD    963213    ----a-w-    C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-09-08 05:53:50    80BDA029F2711C7C395AFBA7F519BBDD    963213    ----a-w-    C:\Users\Peter\AppData\Local\Temp\tmp-8dr.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-537159405-3133871740-3674865302-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"VoipConnect"="C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe -nosplash -minimized"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3CGFXHN005KC:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"
"Viber"="C:\Users\Peter\AppData\Local\Viber\Viber.exe StartMinimized"
"OneDrive"="C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /LENOVO_MICPKEY"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SynLenovoHelper"="%ProgramFiles%\Synaptics\SynTP\SynLenovoHelper.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"VoipConnect"="C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe -nosplash -minimized"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3CGFXHN005KC:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"
"Viber"="C:\Users\Peter\AppData\Local\Viber\Viber.exe StartMinimized"
"OneDrive"="C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcWin7Hlpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcWin7Hlpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\Access Connections\\AcTBenabler.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmoltoRecorder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AmoltoRecorder"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Amolto Call Recorder for Skype\\AmoltoRecorder.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Citrix\\ICA Client\\concentr.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Peter\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAAnotif"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LENOVO.TPFNF6R]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LENOVO.TPFNF6R"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\HOTKEY\\TPFNF6R.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Message Center Plus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Message Center Plus"
"hkey"="HKLM"
"command"="C:\\Program Files\\LENOVO\\Message Center Plus\\MCPLaunch.exe /start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nuance PDF Reader-reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nuance\\PDF Reader\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\PDF Reader\\Ereg\\Ereg.ini\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWMTRV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWMTRV"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWMTR32V.DLL,PwrMgrBkGndMonitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPHOTKEY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPHOTKEY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\HOTKEY\\TPOSDSVC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TpShocks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TpShocks"
"hkey"="HKLM"
"command"="TpShocks.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\ThinkPad\\Bluetooth Software\\BTTray.exe"
"item"="Bluetooth"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]
"backup"="C:\\Windows\\pss\\WD Quick View.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"item"="WD Quick View"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WDDMStatus.lnk"
"backup"="C:\\Windows\\pss\\WDDMStatus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMStatus.exe"
"item"="WDDMStatus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WDSmartWare.lnk"
"backup"="C:\\Windows\\pss\\WDSmartWare.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WESTER~1\\WDSMAR~1\\FRONTP~1\\WDSMAR~1.EXE View=show_in_tray



 

View=show_in_tray"
"item"="WDSmartWare"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\btwdins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDDMService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDFMEService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDRulesService]


==== Startup Folders ======================

2011-03-28 20:26:55    1654    --sha-w-    C:\Users\Peter\AppData\Roaming\Microsoft\LastFlashConfig.wfc

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 16:26]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:0C:\ProgramC:Files\Google\Update\GoogleUpdate.exe []
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [28/08/2015 07:58]
C:\WINDOWS\tasks\SystemToolsDailyTest.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\system32\tasks\Apple Diagnostics" [C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe]
"C:\WINDOWS\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\HPCustParticipation HP Officejet Pro 8600" ["C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe"]
"C:\WINDOWS\system32\tasks\PMTask" [C:\PROGRA~1\ThinkPad\UTILIT~1\PwmIdTsv.exe]
"C:\WINDOWS\system32\tasks\RealUpgradeLogonTaskS-1-5-21-537159405-3133871740-3674865302-1004" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-537159405-3133871740-3674865302-1004" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\system32\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\WINDOWS\system32\tasks\SystemToolsDailyTest" [C:\Program Files\PC-Doctor\pcdrcui.exe]
"C:\WINDOWS\system32\tasks\uodate" [C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath]
"C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{7773AF5E-93F6-4822-81C0-776DC6AF4A35}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\system32\tasks\{0A476B36-B095-42ED-8060-757101985B03}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\WINDOWS\system32\tasks\{A2ACFD29-1C1C-4FA3-A2B0-61AE6A466AD9}" [C:\Program Files\Skype\Phone\Skype.exe]
"C:\WINDOWS\system32\tasks\{CEEF4CA4-36E0-4AA0-A39E-61E888B926ED}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
user_pref("browser.startup.homepage", "http://www.bbc.com/news");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [26/05/2015 10:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru_bak
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
D937A4645EFF8CB4F123E3C899C052B2    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.6
DC26A2A219E08DE10320E8B7D5433690    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
D413E84938C2039272DC711BC20FFB4E    - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll -    Gaaiho Doc
E42650C972D21F334EB0D3264941DCD7    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
D1DC265C3FF7F92B4A75A55B3749D48C    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
F542B4E8DF11DCF7C974548A2D2BD624    - C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll -    Google Update
E32771B0AE3F18CEFFC12D682025238A    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)
555E65306A5D3A5978BE74E1DD62CDD9    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ Chrome Background Extension Plug-In (32-bit)
0A1FF0B674E2F268799442A434A63BB3    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
0A7CFC4EE9CC3206B1DC522FCB8C3DB1    - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll -    Silverlight Plug-In
92AB52FC695C1D459E3BE9AFD6CE218D    - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL -    Microsoft Office 2003
99F97C9FE748C37528C338A423577FCB    - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll -    Microsoft® Windows Media Player Firefox Plugin
B14F181EF479FF2A343D0D214250F25B    - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll -    Citrix ICA Client
9291708CCD967887AF94BE708B43D64D    - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
D937A4645EFF8CB4F123E3C899C052B2    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.6
DC26A2A219E08DE10320E8B7D5433690    - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -    Adobe Acrobat
D31C4608FDCD9CEB756F45E91DCF64F8    - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll -    Java™ Platform SE 8 U45
66F9ADD8A2335EF9870AFDA4F35F492B    - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.450.14
0205ADAFFDDF04F0F69200E5CFB5FFD9    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
EC55112EDB2CE5BC2BFCACDB9C2150F4    - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll -    Shockwave Flash
0B8378EA70622A6F3EC50CC4AF62764C    - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[14/01/2013 14:43]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[14/01/2013 14:43]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[18/02/2015 03:07]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 11:59]
lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/ie"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\y]
@="http://yandex.ru/yandsearch?win=100&clid=1989277&text=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{56481B3E-029C-40E3-9974-847AC10EBBBD}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{56481B3E-029C-40E3-9974-847AC10EBBBD} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo  Url="http://www.google.com/search?q={sear"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe" /LENOVO_MICPKEY
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynLenovoHelper] %ProgramFiles%\Synaptics\SynTP\SynLenovoHelper.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VoipConnect] "C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe" -nosplash -minimized
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CGFXHN005KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Viber] "C:\Users\Peter\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{359e7dd5-2101-409e-a5c7-879635bd3923}: NameServer = 8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @oem96.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Broadcom Corporation. - C:\WINDOWS\system32\BtwRSupportService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @oem104.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\02YRM7U5 will be deleted at reboot
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y will be deleted at reboot
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\THQGB1IM will be deleted at reboot
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\ZKUAIKBK will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Peter\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=32 98755118 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Peter\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\02YRM7U5" not deleted
"C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y" deleted
"C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\THQGB1IM" not deleted
"C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\ZKUAIKBK" not found

==== EOF on 14/09/2015 at 22:06:37.66 ======================
 



#10 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 15 September 2015 - 02:09 AM

Dear Gary,

 

Before I found the Zoek -result text I just sent you, I had already started a new Zoek session, which I could not stop of course. Here the result. Maybe you can doe something with it.

 

Zoek.exe v5.0.0.0 Updated 13-09-2015
Tool run by Peter on 15/09/2015 at  8:38:23.62.
Microsoft Windows 10 Pro 10.0.10240  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Peter\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-09-14-190637.log    53694 bytes

==== System Restore Info ======================

15/09/2015 08:42:26 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Users\Peter\AppData\Local\NetworkTiles deleted successfully
C:\Users\Peter\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\WINDOWS\system32\mqsvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Google\Update\1.3.28.13\GoogleCrashHandler.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Peter\AppData\Local\Viber\Viber.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.827.16340.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\WINDOWS\system32\dashost.exe
C:\Users\Peter\Desktop\zoek.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\prevhost.exe
C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup

==== Deleting Services ======================


==== Deleting Files \ Folders ======================


==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 2909 MB
CPU Info: Intel® Core™2 Duo CPU     T5870  @ 2.00GHz
CPU Speed: 1208.6 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1) | Mobile Intel® 4 Series Express Chipset Family (Microsoft Corporation - WDDM 1.1)
Monitors: 1x; AOC V22 | LCD 1366x768 |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller | Bluetooth Device (Personal Area Network) | Intel® WiFi Link 5100 AGN
CD / DVD Drives: 1x (D: | ) D: MATbleepADVD-RAM UJ890
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  286.7GB | Q:  9.8GB
Hard Disks - Free: C:  169.7GB | Q:  3.1GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 10/19/09 | Ver 1.00PARTTBL
Time Zone: Turkey Standard Time
Motherboard *: LENOVO 28423UG
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Default Browser: Firefox    40.0.3
Internet Explorer Version: 11.0.10240.16431
Mozilla Firefox version: 40.0.3 (x86 en-GB)
Adobe Reader version: 11.0.11.18
Sun Java version: 1.8.0_45 (32-bit)
Flash Player version: 18.0.0.232

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2015-08-19 11:04:43    B3F90790F991A5A21113B58EE50FA696    4048808    ----a-w-    C:\WINDOWS\explorer.exe
====== C:\Users\Peter\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2015-09-15 05:06:57    4EA4A97A8C5F1691B88CFAB530ECC14E    16148    ----a-w-    C:\WINDOWS\System32\PETER-THINK_Peter_HistoryPrediction.bin
2015-09-09 11:12:25    5614386D4CFDF9E56F355C45BEEBC976    12872    ----a-w-    C:\WINDOWS\System32\bootdelete.exe
2015-09-09 09:33:06    3C670437DFA989E708D897D385517885    18806272    ----a-w-    C:\WINDOWS\System32\edgehtml.dll
2015-09-09 09:33:04    D5C86731E14EB3C6A7FBB9D296A724FD    19324416    ----a-w-    C:\WINDOWS\System32\mshtml.dll
2015-09-09 09:33:02    35CBA36E7A48260FC97E35010257F3F7    11262464    ----a-w-    C:\WINDOWS\System32\ieframe.dll
2015-09-09 09:32:59    E59B00C9058EC451E85A14C877E143CA    2880032    ----a-w-    C:\WINDOWS\System32\iertutil.dll
2015-09-09 09:32:59    BE9AA31EFDC5AF3605599A63AFD62B34    2153472    ----a-w-    C:\WINDOWS\System32\authui.dll
2015-09-09 09:32:58    A429ED80A03D29F43E99A08CA76E3CFD    1612288    ----a-w-    C:\WINDOWS\System32\Windows.UI.Immersive.dll
2015-09-09 09:32:55    6C488DD1B6A034B393116C18B48624EF    822272    ----a-w-    C:\WINDOWS\System32\schedsvc.dll
2015-09-09 09:32:11    6F896017729ECFDF0D38A58C2D4A1865    2985984    ----a-w-    C:\WINDOWS\System32\win32kfull.sys
2015-09-09 09:32:10    223F4A196FEDDC45F431D79B833521E6    484352    ----a-w-    C:\WINDOWS\System32\SettingSync.dll
2015-09-09 09:32:09    6B1F5CA61757844148C06E3F328C2913    504320    ----a-w-    C:\WINDOWS\System32\vbscript.dll
2015-09-09 09:32:09    1C0F275FC68BD670107D4782E09B9AA6    650752    ----a-w-    C:\WINDOWS\System32\jscript.dll
2015-09-09 09:32:09    10AF578C46EF469B3C2DDC0E4267D9E4    490496    ----a-w-    C:\WINDOWS\System32\winlogon.exe
2015-09-09 09:32:08    E2A8B3E2B05C6C4C0FB6BC45655ED714    541248    ----a-w-    C:\WINDOWS\System32\fontdrvhost.exe
2015-09-09 09:32:08    2FA6AE2352567748CD332B2529756EC6    303104    ----a-w-    C:\WINDOWS\System32\atmfd.dll
2015-09-09 09:32:07    CAB82A22D64284C06DD7670F48D4191F    1134080    ----a-w-    C:\WINDOWS\System32\win32kbase.sys
2015-09-09 09:32:06    C1B5BE074E1D85D4C1267B9678F9669D    139776    ----a-w-    C:\WINDOWS\System32\shacct.dll
2015-09-09 09:32:06    B9411F28E4FF8BB1566A5A61A39D5BD7    157696    ----a-w-    C:\WINDOWS\System32\Windows.UI.PicturePassword.dll
2015-09-09 09:32:05    F3913BDD1CB4A02A8B91F6CC43B775E3    69208    ----a-w-    C:\WINDOWS\System32\acmigration.dll
2015-09-09 09:31:26    5C3D6ECECE28FA7883E44C8D89ED1933    37376    ----a-w-    C:\WINDOWS\System32\atmlib.dll
2015-09-07 09:40:47    0F28342C2317F232FACAB77A8CEFD6D0    10708    ----a-w-    C:\WINDOWS\System32\.crusader
2015-09-02 20:16:47    053167C74F214E49198BF2A3AC18150B    4    ----a-w-    C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7
====== C:\WINDOWS\system32\drivers =====
2015-09-14 22:00:14    FD44FA80DA03EA144153A76DEBBB61B4    35064    ----a-w-    C:\WINDOWS\System32\drivers\TrueSight.sys
2015-09-07 06:18:04    739164A8B8FB2F1B50A498F20AF7B21E    98520    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-07 06:17:03    B4CD87E78A01562E3DA67FE1C2779204    23256    ----a-w-    C:\WINDOWS\System32\drivers\mbam.sys
2015-09-07 06:17:03    A1E3A332E76F48410CF403FDF85FAFE0    94936    ----a-w-    C:\WINDOWS\System32\drivers\mbamchameleon.sys
2015-09-07 06:17:03    3EC04B261C2834555D3C52A32D2FD1EC    51928    ----a-w-    C:\WINDOWS\System32\drivers\mwac.sys
2015-08-29 07:01:14    F15F967A11D933C9AB14550B5933570D    284000    ----a-w-    C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-29 07:01:11    A5BE8D560E8EE0BBEF5478B319D84444    725504    ----a-w-    C:\WINDOWS\System32\drivers\bthport.sys
2015-08-19 11:04:27    C55E0B58A2CFB3A12018D1D65706C423    66896    ----a-w-    C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-19 11:04:24    A7F798B33AFA41FEA13E9180E3F1F3D2    392032    ----a-w-    C:\WINDOWS\System32\drivers\storport.sys
====== C:\WINDOWS\Tasks ======
2015-09-02 21:19:10    46270A91B815FD45A537F0576A14A62E    4158    ----a-w-    C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7773AF5E-93F6-4822-81C0-776DC6AF4A35}
2015-09-02 20:55:43    AF11222A08D4C6862A44E9110A973025    3222    ----a-w-    C:\WINDOWS\system32\Tasks\{2E707BD4-92FF-412C-BADA-04704C2FA932}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-09-07 09:19:15    --------    d-----w-    C:\Program Files\HitmanPro
2015-09-02 20:14:13    --------    d-----w-    C:\Program Files\Opera
2015-08-30 05:49:30    --------    d-----w-    C:\Program Files\Common Files\Skype
======= C: =====
====== C:\Users\Peter\AppData\Roaming ======
2015-09-14 18:39:34    --------    d-----w-    C:\Users\Peter\AppData\Local\Temp
2015-09-14 08:39:42    --------    d-----w-    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Garmin_Ltd._or_its_subsid
2015-09-02 20:20:54    --------    d-----w-    C:\Users\Peter\AppData\Local\Opera Software
2015-08-25 00:13:46    --------    d-----w-    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Trusteer
====== C:\Users\Peter ======
2015-09-14 22:00:12    --------    d-----w-    C:\ProgramData\RogueKiller
2015-09-14 21:55:56    D07AB63CF55723B9CD6498526EF42BF1    18780744    ----a-w-    C:\Users\Peter\Desktop\RogueKiller.exe
2015-09-14 09:15:12    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-14 06:08:37    8E1B08222F20E45A3E8DB04C569F9CB7    8    --sha-r-    C:\ProgramData\ntuser.pol
2015-09-10 07:26:29    EFE61D13D17B339204FA47910DA164C7    1694208    ----a-w-    C:\Users\Peter\Desktop\FRST.exe
2015-09-09 10:27:28    D3B6FA14CB7E12B7FBC0B3AA26235898    24345872    ----a-w-    C:\Users\Peter\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-09 08:32:40    080B16BA75F35930D761A96C073131C7    1660416    ----a-w-    C:\Users\Peter\Downloads\adwcleaner_5.007.exe
2015-09-07 13:01:11    0170A4503F85F2D7ABCBEF0419B1C35A    4404952    ----a-w-    C:\Users\Peter\Downloads\tdsskiller.exe
2015-09-07 09:19:15    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-07 09:18:13    --------    d-----w-    C:\ProgramData\HitmanPro
2015-09-07 06:04:08    F7237344FADDF9FC25C562F1B9A906F1    1799392    ----a-w-    C:\Users\Peter\Downloads\JRT.exe
2015-09-05 10:06:15    D3B6FA14CB7E12B7FBC0B3AA26235898    24345872    ----a-w-    C:\Users\Peter\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-05 10:05:57    42C863C3A8BC6089785F4676F9611B14    10369928    ----a-w-    C:\Users\Peter\Downloads\HitmanPro.exe
2015-08-30 05:49:32    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

====== C: exe-files ==
2015-09-11 05:48:32    898F20847EFAFA91EB8936D39A9B6F7D    762272    ----a-w-    C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
2015-09-11 05:48:26    433B77A496F42D603E7E71F172878BE6    25912    ----a-w-    C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
2015-09-11 05:48:18    A9D8725CFC8F65E73CF89EA2CFA2B68F    18212232    ----a-w-    C:\Program Files\Garmin\Express\express.exe
2015-09-11 05:48:04    F5164E5D119C2892168B46D4C8FA16A7    1403192    ----a-w-    C:\Program Files\Garmin\Express Tray\ExpressTray.exe
2015-09-11 05:47:58    3D6A1EE03A33A70C04F7E75B91A21947    66872    ----a-w-    C:\Program Files\Garmin\Express Elevated Installer\ElevatedInstaller.exe
=== C: other files ==
2015-09-14 07:00:16    614CDC0D5687C614A0AEF94B61DAAC6F    74083    ----a-w-    C:\Users\Peter\Desktop\System.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-537159405-3133871740-3674865302-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"VoipConnect"="C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe -nosplash -minimized"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3CGFXHN005KC:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"
"Viber"="C:\Users\Peter\AppData\Local\Viber\Viber.exe StartMinimized"
"OneDrive"="C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"RtHDVBg_LENOVO_MICPKEY"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /LENOVO_MICPKEY"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SynLenovoHelper"="%ProgramFiles%\Synaptics\SynTP\SynLenovoHelper.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"VoipConnect"="C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe -nosplash -minimized"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3CGFXHN005KC:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"
"Viber"="C:\Users\Peter\AppData\Local\Viber\Viber.exe StartMinimized"
"OneDrive"="C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcWin7Hlpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcWin7Hlpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\Access Connections\\AcTBenabler.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmoltoRecorder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AmoltoRecorder"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Amolto Call Recorder for Skype\\AmoltoRecorder.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Citrix\\ICA Client\\concentr.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAAnotif"
"hkey"="HKLM"
"command"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LENOVO.TPFNF6R]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LENOVO.TPFNF6R"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\HOTKEY\\TPFNF6R.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Message Center Plus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Message Center Plus"
"hkey"="HKLM"
"command"="C:\\Program Files\\LENOVO\\Message Center Plus\\MCPLaunch.exe /start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nuance PDF Reader-reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nuance PDF Reader-reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Nuance\\PDF Reader\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\Nuance\\PDF Reader\\Ereg\\Ereg.ini\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PWMTRV]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWMTRV"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWMTR32V.DLL,PwrMgrBkGndMonitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPHOTKEY]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPHOTKEY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Lenovo\\HOTKEY\\TPOSDSVC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TpShocks]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TpShocks"
"hkey"="HKLM"
"command"="TpShocks.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\ThinkPad\\Bluetooth Software\\BTTray.exe"
"item"="Bluetooth"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]
"backup"="C:\\Windows\\pss\\WD Quick View.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"item"="WD Quick View"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WDDMStatus.lnk"
"backup"="C:\\Windows\\pss\\WDDMStatus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMStatus.exe"
"item"="WDDMStatus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WDSmartWare.lnk"
"backup"="C:\\Windows\\pss\\WDSmartWare.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WESTER~1\\WDSMAR~1\\FRONTP~1\\WDSMAR~1.EXE View=show_in_tray



 

View=show_in_tray"
"item"="WDSmartWare"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\btwdins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDDMService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDFMEService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WDRulesService]


==== Startup Folders ======================

2011-03-28 20:26:55    1654    --sha-w-    C:\Users\Peter\AppData\Roaming\Microsoft\LastFlashConfig.wfc

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12/08/2015 16:26]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [28/08/2015 07:58]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [28/08/2015 07:58]
C:\WINDOWS\tasks\SystemToolsDailyTest.job --a-------- [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\system32\tasks\Apple Diagnostics" [C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe]
"C:\WINDOWS\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\HPCustParticipation HP Officejet Pro 8600" ["C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe"]
"C:\WINDOWS\system32\tasks\PMTask" [C:\PROGRA~1\ThinkPad\UTILIT~1\PwmIdTsv.exe]
"C:\WINDOWS\system32\tasks\RealUpgradeLogonTaskS-1-5-21-537159405-3133871740-3674865302-1004" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-537159405-3133871740-3674865302-1004" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\system32\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\WINDOWS\system32\tasks\SystemToolsDailyTest" [C:\Program Files\PC-Doctor\pcdrcui.exe]
"C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{7773AF5E-93F6-4822-81C0-776DC6AF4A35}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\system32\tasks\{0A476B36-B095-42ED-8060-757101985B03}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\WINDOWS\system32\tasks\{A2ACFD29-1C1C-4FA3-A2B0-61AE6A466AD9}" [C:\Program Files\Skype\Phone\Skype.exe]
"C:\WINDOWS\system32\tasks\{CEEF4CA4-36E0-4AA0-A39E-61E888B926ED}" ["c:\program files\mozilla firefox\firefox.exe"]
"C:\WINDOWS\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
user_pref("browser.startup.homepage", "http://www.bbc.com/news");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [26/05/2015 10:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru_bak
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103
D937A4645EFF8CB4F123E3C899C052B2    - C:\Program Files\QuickTime\Plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B    - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B    - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA    - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4    - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.6
DC26A2A219E08DE10320E8B7D5433690    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
D413E84938C2039272DC711BC20FFB4E    - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll -    Gaaiho Doc
E42650C972D21F334EB0D3264941DCD7    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
D1DC265C3FF7F92B4A75A55B3749D48C    - C:\Program Files\VideoLAN\VLC\npvlc.dll -    VLC Web Plugin
F542B4E8DF11DCF7C974548A2D2BD624    - C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll -    Google Update
E32771B0AE3F18CEFFC12D682025238A    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)
555E65306A5D3A5978BE74E1DD62CDD9    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ Chrome Background Extension Plug-In (32-bit)
0A1FF0B674E2F268799442A434A63BB3    - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll -    Windows Live? Photo Gallery
0A7CFC4EE9CC3206B1DC522FCB8C3DB1    - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll -    Silverlight Plug-In
92AB52FC695C1D459E3BE9AFD6CE218D    - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL -    Microsoft Office 2003
99F97C9FE748C37528C338A423577FCB    - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll -    Microsoft® Windows Media Player Firefox Plugin
B14F181EF479FF2A343D0D214250F25B    - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll -    Citrix ICA Client
9291708CCD967887AF94BE708B43D64D    - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
D937A4645EFF8CB4F123E3C899C052B2    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -    QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -    QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -    QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -    QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4    - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -    QuickTime Plug-in 7.7.6
DC26A2A219E08DE10320E8B7D5433690    - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll -    Adobe Acrobat
D31C4608FDCD9CEB756F45E91DCF64F8    - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll -    Java™ Platform SE 8 U45
66F9ADD8A2335EF9870AFDA4F35F492B    - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll -    Java Deployment Toolkit 8.0.450.14
0205ADAFFDDF04F0F69200E5CFB5FFD9    - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll -    Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
EC55112EDB2CE5BC2BFCACDB9C2150F4    - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll -    Shockwave Flash
0B8378EA70622A6F3EC50CC4AF62764C    - c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrlui.dll -    Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[14/01/2013 14:43]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[14/01/2013 14:43]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[18/02/2015 03:07]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09/10/2013 11:59]
lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{56481B3E-029C-40E3-9974-847AC10EBBBD}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{56481B3E-029C-40E3-9974-847AC10EBBBD} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo  Url="http://www.google.com/search?q={sear"

==== HijackThis Entries ======================

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [RtHDVBg_LENOVO_MICPKEY] "C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe" /LENOVO_MICPKEY
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynLenovoHelper] %ProgramFiles%\Synaptics\SynTP\SynLenovoHelper.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VoipConnect] "C:\Program Files\VoipConnect.com\VoipConnect\voipconnect.exe" -nosplash -minimized
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3CGFXHN005KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Viber] "C:\Users\Peter\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{359e7dd5-2101-409e-a5c7-879635bd3923}: NameServer = 8.8.8.8
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Amolto Call Recorder for Skype\Skype4COM.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @oem96.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Broadcom Corporation. - C:\WINDOWS\system32\BtwRSupportService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @oem104.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\5r7z4sum.default-1441626705103\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Peter\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=28 folders=32 98755118 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Peter\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y" not found

==== EOF on 15/09/2015 at 10:04:56.16 ======================
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 15 September 2015 - 10:20 AM

Thank you,

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop (<<<Important) as fixlist.txt
C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7
C:\WINDOWS\tasks\SystemToolsDailyTest.job
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y
cmd: reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a22e503-4943-48fb-acc5-a9b992a29aa8} /f
CMD: bitsadmin /reset /allusers
Reboot:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Your computer will automatically reboot
  • Test your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer behaving?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 15 September 2015 - 11:00 AM

Dear Gary,

 

I do not know what all the tasks you have given me over the past days have brought about but today I have not experienced any problem at all. Not a single ad on a page, being redirected to other sites, hyperlinks hyjacked or having to re-click a link more than once. It is even better than before the probem started. So, as for now, you have worked wonders.

 

I hope this is permanent and if not, maybe I can learn how to handle in such case before bothering you guys again.

 

But I have of course also carried out your todays task and the result you find here after.

 

All the best

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:13-09-2015 02
Ran by Peter (2015-09-15 18:37:48) Run:3
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7
C:\WINDOWS\tasks\SystemToolsDailyTest.job
C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y
cmd: reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a22e503-4943-48fb-acc5-a9b992a29aa8} /f
CMD: bitsadmin /reset /allusers
Reboot:
*****************

C:\WINDOWS\System32\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\WINDOWS\tasks\SystemToolsDailyTest.job => moved successfully
"C:\Users\Peter\AppData\Local\Microsoft\Windows\INetCache\IE\MXGNN61Y" => File/Folder not found.

=========  reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0a22e503-4943-48fb-acc5-a9b992a29aa8} /f =========

The operation completed successfully.


========= End of CMD: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0173CE11-1AC2-484D-B4A8-3C423CD6B79A}.
{FD1CBE58-0EEC-401D-9EDE-FCB83A9D03AA} canceled.
{55D20FC0-EC8D-45FC-96E6-42B66B3D09BA} canceled.
2 out of 3 jobs canceled.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 18:37:52 ====



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 15 September 2015 - 02:14 PM

That is good to hear. There are a few things things which might have resolved the issue. It could even be a combination of things. I would like to run 2 more programs please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Edited by Oh My!, 15 September 2015 - 02:15 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ppauli

ppauli
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey
  • Local time:03:02 AM

Posted 16 September 2015 - 11:06 AM

Ok, here we go:

 

C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\NixSrv.exe.vir    a variant of MSIL/Amonetize.AA potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\1be59753-b789-458a-b68d-e7e2977faab1\file.exe.vir    MSIL/StartPage.BG trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\32a0fd99-b0e8-45b9-8601-881e9caea1ba\Jackson.exe.vir    a variant of MSIL/Toolbar.Linkury.AH potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\32a0fd99-b0e8-45b9-8601-881e9caea1ba\xtc.exe.vir    MSIL/Toolbar.Linkury.AF potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\6301072e-6204-467d-a28c-1fb695620658\NixHost.exe.vir    a variant of MSIL/Amonetize.AB potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\6301072e-6204-467d-a28c-1fb695620658\setup\JavaUpdate.8.0.450.14.exe.vir    a variant of Win32/OutBrowse.BY potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\6301072e-6204-467d-a28c-1fb695620658\setup\VLCUpdate.2.2.1.exe.vir    a variant of Win32/OutBrowse.BY potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\packages\6301072e-6204-467d-a28c-1fb695620658\temp\WinRAR.exe.vir    a variant of Win32/OutBrowse.BY potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\Ecola.dll.vir    a variant of Win32/Toolbar.Linkury.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.vir    a variant of MSIL/Toolbar.Linkury.AH potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\Funzap.exe.vir    a variant of MSIL/Toolbar.Linkury.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\Hottex.exe.vir    a variant of Win64/Toolbar.Linkury.I potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\Topstrong.dll.vir    a variant of Win32/Toolbar.Linkury.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\Zathphase.dll.vir    a variant of Win32/Toolbar.Linkury.Y potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\8158FD20-1441232404-CB11-A0FC-D4A92023FEE9\onsc9ABA.tmp.vir    Win32/Adware.ConvertAd.XQ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\8158FD20-1441232404-CB11-A0FC-D4A92023FEE9\pnsc9ABB.exe.vir    Win32/Adware.ConvertAd.YB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\8158FD20-1441232404-CB11-A0FC-D4A92023FEE9\rnsc9AB9.exe.vir    a variant of Win32/Adware.ConvertAd.YQ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\8158FD20-1441232404-CB11-A0FC-D4A92023FEE9\snsh9A89.tmp.vir    Win32/Adware.ConvertAd.UC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\119.js.vir    JS/Toolbar.Crossrider.K potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\179.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\180.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\200.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\231.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\232.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\234.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\242.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\253.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\273.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\281.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\335.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\339.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\376.js.vir    JS/Toolbar.Crossrider.L potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\385.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\389.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\390.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\424.js.vir    JS/Toolbar.Crossrider.J potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\extensionData\plugins\91.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\4162b2da329074fb3a89e9ca367ee9cf.js.vir    JS/Toolbar.Crossrider.E potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\api\3d0dc244d0e2ab21c9277aa8f0cc0a6f.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\api\5d35deb9d1690e0650f79a5b9b0818e9.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\api\688a80bfc20e5000628f153f9d287391.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\54777ba8af9db690d45864c1687f0723.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\5536c5831f54cdeb7967498bf1f22628.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\7d9687592484456108c029d9631bc721.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\b3d081e01560259c465e33e3b625e5e3.js.vir    JS/Toolbar.Crossrider.H potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\bfeddbf2ee1604c2167bc400240a1b1d.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\c2cdd9e21ef6c550ddbba1a32149de38.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.105_0\js\lib\fe61be2d23d99b7a4f3d5cf1f4ecc1e1.js.vir    JS/Toolbar.Crossrider.G potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\AnyProtectEx\swf\swf1km.swf.vir    Win32/AnyProtect.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\AnyProtectEx\swf\swfEZFP.swf.vir    Win32/AnyProtect.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\AnyProtectEx\swf\swfJF.swf.vir    Win32/AnyProtect.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\AnyProtectEx\swf\swflf.swf.vir    Win32/AnyProtect.H potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir    a variant of Win32/Toolbar.Babylon.W potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cvob4rta.default-1441386499713\Extensions\defsearchp@gmail.com\chrome\content\jquery-2.1.0.min.js.vir    Win32/Toolbar.TNT2.I potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\roboot.exe.vir    a variant of Win32/Systweak.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Peter\AppData\Local\Temp\DVQ8B31.exe.xBAD    a variant of MSIL/Adware.Imali.C application    cleaned by deleting - quarantined
C:\Users\Peter\Downloads\Babylon9_setup.exe    a variant of Win32/Toolbar.Babylon.C potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Peter\Downloads\ViberSetup.exe    Win32/Toolbar.SearchSuite.W potentially unwanted application    cleaned by deleting - quarantined
 

 

 Results of screen317's Security Check version 1.008  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player     18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C::  
````````````````````End of Log``````````````````````
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,621 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:02 PM

Posted 16 September 2015 - 11:16 AM

That looks excellent. Almost all of the detections are things that were already removed.

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
  • If Java notifies you older versions of the program need to be removed allow the program to complete that
  • Reboot your computer once all Java components are removed.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java update?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users