Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malware informs me to contact ISP when Visiting websites to remove it


  • Please log in to reply
16 replies to this topic

#1 jackmeat

jackmeat

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 23 September 2015 - 06:55 PM

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager. Everything that has been done so faris outlined in previous correspondence here: http://www.bleepingcomputer.com/forums/t/590600/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/

 

All browsers are affected and seems to be triggered mostly by stream2watch.com but is not limited to there as I get the message randomly on other sites (ESPN, CNN, Bleeping computer included)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by justin (administrator) on ROCKHOUSE-PC (20-09-2015 05:23:17)
Running from C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order
Loaded Profiles: justin &  (Available Profiles: justin & Administrator)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Codebox Software) C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Codebox Software) C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files\SecureAge\Everything\Everything.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\i2p\I2Psvc.exe
() C:\Program Files (x86)\ZTE\Join Me\JoinMEAssistantServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_60\bin\java.exe
() C:\Windows\SysWOW64\dxconfig.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
(SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(SourceFire, Inc.) C:\Program Files\SecureAge\AntiVirus\clamd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\SecureAge\Everything\Everything.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Collectorz.com) C:\Program Files (x86)\Collectorz.com\Movie Collector\MovieCollector.exe
(Deluge Team) C:\Program Files (x86)\Deluge\deluge.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\CBB3FFDF-DC2B-4679-8E8A-9F01BD1100AA\DismHost.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [Everything] => C:\Program Files\SecureAge\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [8706752 2015-09-06] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [24395856 2015-09-06] (SecureAge Technology)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe"
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /0
HKLM-x32\...\Run: [adsnwk] => C:\Windows\System32\adsnwk.exe
HKLM-x32\...\Run: [JoinMEUIExec] => C:\Program Files (x86)\ZTE\Join Me\JoinMEUIExec.exe [137072 2013-06-05] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2015-08-03] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [Dropbox Update] => C:\Users\justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-22] (Dropbox, Inc.)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\Run: [StartMenuX90] => C:\Program Files\Start Menu X\StartMenuX.exe [5252416 2014-07-15] (OrdinarySoft)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\...\RunOnce: [Uninstall C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [45056 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\justin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-22] (Dropbox, Inc.)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [StartMenuX90] => C:\Program Files\Start Menu X\StartMenuX.exe [5252416 2014-07-15] (OrdinarySoft)
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\justin\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-1106552174-2026213447-2673983111-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [StartMenuX49] => C:\Program Files\Start Menu X\StartMenuX.exe [5252416 2014-07-15] (OrdinarySoft)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{08034e07-7442-49e5-a9a7-38b7aa239a22}: [DhcpNameServer] 10.9.0.1
Tcpip\..\Interfaces\{84C38F4A-DAEF-4C6D-8C72-2A96AFE51131}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8d0543db-48b8-45f1-8d27-e355d23edf66}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{bde6a774-fadd-49b9-86e7-674a16166e6f}: [DhcpNameServer] 61.9.195.193 61.9.194.49

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xfinitytv.comcast.net/tv-listings?cmpid=xf_dash_tvl&cid=customer
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xfinitytv.comcast.net/tv-listings?cmpid=xf_dash_tvl&cid=customer
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-17] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-17] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-1106552174-2026213447-2673983111-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF ProfilePath: C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default
FF Homepage: hxxp://127.0.0.1:7657/i2psnark/
hxxp://127.0.0.1:7657/home
hxxp://tracker2.postman.i2p/
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2007-05-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2007-05-02] (Apple Inc.)
FF Extension: Xmarks - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default\Extensions\foxmarks@kei.com [2015-09-07]
FF Extension: FoxyProxy Standard - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default\Extensions\foxyproxy@eric.h.jung [2015-05-31]
FF Extension: NoScript - C:\Users\justin\AppData\Roaming\Mozilla\Firefox\Profiles\2uvv5ml2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-04]

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxps://www.facebook.com/groups/jackmeatmovies/?ref=bookmarks","hxxps://www.facebook.com/CriminalCaseGame","hxxps://www.facebook.com/IslandExperiment"
CHR Profile: C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-16]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-16]
CHR Extension: (YouTube) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-16]
CHR Extension: (Adblock Plus) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-04]
CHR Extension: (Google Search) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-09-17]
CHR Extension: (Google Sheets) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-16]
CHR Extension: (Google Docs Offline) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-16]
CHR Extension: (Skype Click to Call) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-06-23]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-16]
CHR Extension: (Ghostery) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-16]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]
CHR Extension: (Gmail) - C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

Opera:
=======
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BitMeterCaptureService; C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterCaptureService.exe [99037 2012-03-04] (Codebox Software) [File not signed]
R2 BitMeterWebService; C:\Program Files (x86)\Codebox\BitMeterOS\BitMeterWebService.exe [148484 2012-03-04] (Codebox Software) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-05] (Dropbox, Inc.)
R2 Everything; C:\Program Files\SecureAge\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2014-01-14] ()
R2 i2p; C:\Program Files (x86)\i2p\I2Psvc.exe [389632 2015-08-15] (Tanuki Software, Ltd.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 JoinMEUI Assistant Service; C:\Program Files (x86)\ZTE\Join Me\JoinMEAssistantServices.exe [248688 2013-06-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Microsoft DirectX Configuration Service; C:\WINDOWS\SysWOW64\dxconfig.exe [64512 2015-08-25] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [913600 2015-09-06] (SecureAge Technology)
R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [202944 2015-06-15] (SecureAge Technology)
R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1040048 2015-09-06] (SecureAge Technology)
R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1168064 2015-09-06] (SecureAge Technology)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [989072 2015-09-06] (SecureAge Technology)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
R2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3272048 2015-03-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-28] (ASUS Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 massfilter_hs; C:\WINDOWS\system32\drivers\massfilter_hs.sys [18456 2013-06-05] (HandSet Incorporated)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [254432 2015-07-28] (SecureAge Technology)
R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-07-22] (SecureAge Technology)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 tapse01; C:\Windows\System32\drivers\tapse01.sys [26624 2015-03-05] (The OpenVPN Project)
S3 tapstrong; C:\Windows\system32\DRIVERS\tapstrong.sys [38760 2014-07-14] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-03-24] (Acronis International GmbH)
S3 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [183224 2015-03-24] (Acronis)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\system32\DRIVERS\zghsdiag.sys [129432 2013-06-05] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [129432 2013-06-05] (ZTE Incorporated)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-08-02] (CyberLink Corp.)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-20 05:22 - 2015-09-20 05:23 - 00000000 ____D C:\FRST
2015-09-20 03:00 - 2015-09-20 03:03 - 00000000 ___HD C:\$Windows.~BT
2015-09-20 02:19 - 2015-09-20 02:19 - 00773624 _____ (Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe
2015-09-20 02:19 - 2015-09-20 02:19 - 00000073 _____ C:\Users\justin\Downloads\AA_v3.log
2015-09-20 02:19 - 2015-09-20 02:19 - 00000000 ____D C:\ProgramData\AMMYY
2015-09-20 02:01 - 2015-09-20 02:01 - 00016148 _____ C:\WINDOWS\system32\ROCKHOUSE-PC_justin_HistoryPrediction.bin
2015-09-20 01:08 - 2015-09-20 01:12 - 3333357568 _____ C:\Users\justin\Downloads\Windows.iso
2015-09-20 00:20 - 2015-09-20 00:20 - 00000000 ___HD C:\$Windows.~WS
2015-09-19 23:44 - 2015-09-19 23:44 - 00016148 _____ C:\WINDOWS\system32\ROCKHOUSE-PC_Administrator_HistoryPrediction.bin
2015-09-19 23:43 - 2015-09-19 23:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\StartMenuX
2015-09-19 23:36 - 2015-09-19 23:36 - 00002400 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-19 23:36 - 2015-09-19 23:36 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-09-19 23:35 - 2015-09-19 23:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2015-09-19 23:35 - 2015-09-19 23:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\CyberLink
2015-09-19 23:33 - 2015-09-19 23:33 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2015-09-19 23:28 - 2015-09-19 23:30 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comms
2015-09-19 23:27 - 2015-09-19 23:27 - 00000258 __RSH C:\Users\Administrator\ntuser.pol
2015-09-19 23:27 - 2015-09-19 23:27 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-09-19 23:27 - 2015-09-19 23:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2015-09-19 23:07 - 2015-09-19 23:07 - 00000000 ___HD C:\OneDriveTemp
2015-09-19 17:26 - 2015-09-19 17:26 - 00000218 _____ C:\Users\justin\AppData\Local\recently-used.xbel
2015-09-19 03:42 - 2015-09-19 03:43 - 00000308 _____ C:\WINDOWS\SecuniaPackage.log
2015-09-19 02:47 - 2015-09-19 02:47 - 00001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-09-19 02:47 - 2015-09-19 02:47 - 00000000 ____D C:\Users\justin\AppData\Local\Secunia PSI
2015-09-19 02:46 - 2015-09-19 02:46 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-19 02:38 - 2015-09-19 02:38 - 00000000 ____D C:\Program Files\WOT
2015-09-19 02:38 - 2015-09-19 02:38 - 00000000 ____D C:\Program Files (x86)\WOT
2015-09-19 02:32 - 2015-09-19 02:32 - 41904448 _____ (Apple Inc.) C:\Users\justin\Downloads\QuickTimeInstaller.exe
2015-09-19 02:07 - 2015-09-19 02:07 - 00003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2015-09-19 02:02 - 2015-09-19 02:07 - 00001029 _____ C:\DelFix.txt
2015-09-19 02:02 - 2015-09-19 02:02 - 00000000 ____D C:\WINDOWS\ERUNT
2015-09-17 22:01 - 2015-09-19 23:13 - 00000000 ____D C:\ProgramData\Sophos
2015-09-17 09:13 - 2015-09-17 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-17 01:23 - 2015-09-20 02:46 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-17 01:21 - 2015-09-17 01:21 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-17 01:21 - 2015-09-17 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-17 01:21 - 2015-09-17 01:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-17 01:21 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-17 01:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-17 01:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-17 00:08 - 2015-09-17 00:08 - 00000000 ____D C:\Users\justin\AppData\Roaming\Sun
2015-09-17 00:08 - 2015-09-17 00:08 - 00000000 ____D C:\Users\justin\.oracle_jre_usage
2015-09-16 21:10 - 2015-09-20 05:23 - 00000000 ____D C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order
2015-09-15 15:03 - 2015-09-19 23:29 - 00000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 65503b91-30cb-493e-987a-9829a4b7377d.job
2015-09-15 15:03 - 2015-09-19 12:00 - 00000538 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0c79afc1-9427-46f0-acbf-9965802a5ab9.job
2015-09-15 15:03 - 2015-09-15 15:03 - 00003774 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0c79afc1-9427-46f0-acbf-9965802a5ab9
2015-09-15 15:03 - 2015-09-15 15:03 - 00003692 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 65503b91-30cb-493e-987a-9829a4b7377d
2015-09-14 18:45 - 2015-09-20 04:38 - 00000000 ____D C:\Users\justin\AppData\Roaming\vlc
2015-09-14 18:44 - 2015-09-14 18:44 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-09-14 18:44 - 2015-09-14 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-14 18:41 - 2015-09-14 18:41 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-09-14 18:40 - 2015-09-14 18:40 - 28849904 _____ C:\Users\justin\Downloads\vlc-2.2.1-win32.exe
2015-09-14 18:36 - 2015-09-14 18:36 - 00000000 ____D C:\Users\justin\Downloads\VSFilter_2.41.322_x64
2015-09-14 18:35 - 2015-09-14 18:35 - 00850726 _____ C:\Users\justin\Downloads\VSFilter_2.41.322_x64.zip
2015-09-13 23:38 - 2015-09-13 23:38 - 00001052 _____ C:\Users\Public\Desktop\Deluge.lnk
2015-09-13 23:35 - 2015-09-13 23:36 - 15320179 _____ (Deluge Team) C:\Users\justin\Downloads\deluge-1.3.12-win32-py2.6-setup.exe
2015-09-13 23:14 - 2015-09-13 23:15 - 00262144 _____ C:\WINDOWS\Minidump\091315-44140-01.dmp
2015-09-12 17:17 - 2015-09-15 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-09-12 17:17 - 2015-09-12 17:17 - 00000000 ____D C:\Users\justin\AppData\Roaming\SUPERAntiSpyware.com
2015-09-12 17:16 - 2015-09-12 17:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-12 17:16 - 2015-09-12 17:16 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-09-12 17:14 - 2015-09-12 17:14 - 00000000 ____D C:\Users\justin\Downloads\SUPERAntiSpyware.Professional.v6.0.1204.Database.12050
2015-09-12 16:28 - 2015-09-12 16:31 - 00000000 ____D C:\Users\justin\AppData\Local\Deployment
2015-09-12 14:57 - 2015-09-12 14:57 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\09897907.sys
2015-09-12 14:30 - 2015-09-12 14:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-12 08:23 - 2015-09-18 18:13 - 02501632 _____ C:\Users\justin\Downloads\AutoFeedPet.dll
2015-09-12 05:40 - 2015-09-12 05:40 - 00000000 ____D C:\Users\justin\Downloads\backups
2015-09-12 00:05 - 2015-09-12 00:05 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-09-12 00:02 - 2015-09-12 00:02 - 00679936 _____ C:\Users\justin\Downloads\Detection (4).msi
2015-09-11 05:06 - 2015-09-11 05:06 - 00001716 _____ C:\Users\justin\Desktop\IE Sync Xmarks.lnk
2015-09-10 19:21 - 2015-09-10 19:21 - 00003294 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-09-10 19:21 - 2015-09-10 19:21 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-09-10 19:21 - 2015-09-10 19:21 - 00003238 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-09-09 21:01 - 2015-09-09 21:01 - 00002361 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 15.lnk
2015-09-09 21:01 - 2015-09-09 21:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15
2015-09-09 20:49 - 2015-09-09 20:49 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-09-09 05:24 - 2015-08-27 01:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 05:24 - 2015-08-27 00:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 05:24 - 2015-08-27 00:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 05:24 - 2015-08-27 00:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 05:24 - 2015-08-27 00:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 05:24 - 2015-08-27 00:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 05:24 - 2015-08-27 00:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 05:24 - 2015-08-27 00:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 05:24 - 2015-08-27 00:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 05:24 - 2015-08-27 00:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 05:23 - 2015-09-01 20:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 05:23 - 2015-09-01 19:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 05:23 - 2015-09-01 19:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 05:23 - 2015-08-27 01:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 05:23 - 2015-08-27 01:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 05:23 - 2015-08-27 00:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 05:23 - 2015-08-27 00:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 05:23 - 2015-08-27 00:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 05:23 - 2015-08-27 00:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 05:23 - 2015-08-27 00:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 05:23 - 2015-08-27 00:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 05:23 - 2015-08-27 00:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 05:23 - 2015-08-27 00:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 05:23 - 2015-08-27 00:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 05:23 - 2015-08-27 00:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 05:23 - 2015-08-27 00:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 05:23 - 2015-08-27 00:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 05:23 - 2015-08-27 00:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 05:23 - 2015-08-27 00:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 05:23 - 2015-08-27 00:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 05:23 - 2015-08-27 00:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 05:23 - 2015-08-27 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 15:36 - 2015-09-07 15:36 - 00000655 _____ C:\Users\justin\Desktop\NFL 2015_2016 bye weeks.txt
2015-09-07 15:36 - 2015-09-07 15:36 - 00000000 _____ C:\Users\justin\Desktop\New Text Document.txt
2015-09-07 04:59 - 2015-09-13 23:30 - 00000000 ____D C:\Program Files\KMSpico
2015-09-07 04:59 - 2015-09-07 04:59 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-09-07 04:59 - 2015-09-07 04:59 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-09-07 04:59 - 2015-09-07 04:59 - 00003472 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-09-07 04:59 - 2015-09-07 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-09-07 04:59 - 2010-12-05 21:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2015-09-07 04:12 - 2015-09-15 19:49 - 00000000 ____D C:\Users\justin\AppData\Local\Xmarks
2015-09-07 04:12 - 2015-09-07 04:47 - 00000000 ____D C:\Users\justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xmarks
2015-09-07 04:12 - 2015-09-07 04:12 - 00000000 ____D C:\Program Files (x86)\Xmarks
2015-09-07 02:12 - 2015-09-07 02:12 - 02904064 _____ C:\Users\justin\Downloads\xmarks-installer-for-ie-1.3.15.msi
2015-09-06 22:22 - 2015-09-06 22:25 - 00000000 ____D C:\Program Files\Speccy
2015-09-06 22:22 - 2015-09-06 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-09-06 22:18 - 2015-09-06 22:18 - 05381587 _____ C:\Users\justin\Downloads\spsetup128.zip
2015-09-06 18:29 - 2015-09-06 18:29 - 19733696 _____ (Microsoft Corporation) C:\Users\justin\Downloads\MediaCreationToolx64.exe
2015-09-05 23:25 - 2015-09-05 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-05 23:20 - 2015-09-20 05:25 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-05 23:20 - 2015-09-19 23:27 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-05 23:20 - 2015-09-05 23:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-05 23:20 - 2015-09-05 23:20 - 00003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-09-05 23:20 - 2015-09-05 23:20 - 00003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-09-04 23:36 - 2015-09-04 23:36 - 00000000 ____D C:\Program Files\Logitech
2015-09-04 17:42 - 2015-09-04 17:42 - 00000000 ____D C:\Users\justin\AppData\Local\Slimjet
2015-09-04 17:41 - 2015-09-05 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak Slimjet
2015-09-04 17:41 - 2015-09-05 00:00 - 00000000 ____D C:\Program Files (x86)\Slimjet
2015-09-04 05:45 - 2015-09-04 22:38 - 00000000 ____D C:\Users\justin\Downloads\MouseFix
2015-09-04 05:45 - 2015-09-04 22:35 - 00000000 ____D C:\Program Files (x86)\Mousefix
2015-09-04 05:43 - 2015-09-04 05:43 - 00029739 _____ C:\Users\justin\Downloads\MouseFix.zip
2015-09-04 04:52 - 2015-09-04 04:52 - 02276560 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin95ip.dll
2015-09-04 04:41 - 2015-09-04 04:41 - 00000000 ____D C:\Users\justin\AppData\Roaming\sp6_log
2015-09-04 04:37 - 2015-09-04 04:37 - 03676416 _____ (Logitech Inc.) C:\Users\justin\Downloads\SetPoint6.67.82_smart.exe
2015-09-03 15:53 - 2015-09-15 16:26 - 00000000 ____D C:\Users\justin\AppData\Roaming\SlimBrowser
2015-09-03 15:53 - 2015-09-04 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser
2015-09-03 15:53 - 2015-09-04 22:35 - 00000000 ____D C:\Program Files (x86)\SlimBrowser
2015-09-03 15:29 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-03 15:29 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-03 15:28 - 2015-08-20 01:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-03 15:28 - 2015-08-20 01:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-03 15:28 - 2015-08-20 01:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-03 15:28 - 2015-08-20 00:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-03 15:28 - 2015-08-20 00:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-03 15:28 - 2015-08-20 00:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-03 15:28 - 2015-08-20 00:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-03 15:28 - 2015-08-20 00:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-03 15:28 - 2015-08-18 02:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-03 15:28 - 2015-08-18 02:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-03 15:28 - 2015-08-18 02:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-03 15:28 - 2015-08-18 02:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-03 15:28 - 2015-08-18 02:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-03 15:28 - 2015-08-18 02:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-03 15:28 - 2015-08-18 02:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-03 15:28 - 2015-08-18 02:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-03 15:28 - 2015-08-18 02:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-03 15:28 - 2015-08-18 02:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-03 15:28 - 2015-08-18 02:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-03 15:28 - 2015-08-18 01:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-03 15:28 - 2015-08-18 01:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-03 15:28 - 2015-08-18 01:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-03 15:28 - 2015-08-18 01:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-03 15:28 - 2015-08-18 01:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-03 15:28 - 2015-08-18 01:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-03 15:28 - 2015-08-18 01:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-03 15:28 - 2015-08-18 01:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-03 15:28 - 2015-08-18 01:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-03 15:28 - 2015-08-18 01:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-03 15:28 - 2015-08-18 01:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-03 15:28 - 2015-08-18 01:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-03 15:28 - 2015-08-18 01:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-03 15:28 - 2015-08-18 01:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-03 15:28 - 2015-08-18 01:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-03 15:28 - 2015-08-18 01:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-03 15:28 - 2015-08-17 23:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-03 15:28 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-03 15:28 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-03 15:28 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-03 15:28 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-03 15:28 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-03 15:28 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-03 15:28 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-03 15:28 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-03 15:28 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-03 15:28 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-03 15:28 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-03 15:28 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-03 15:28 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-03 15:28 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-03 15:28 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-03 15:28 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-03 15:28 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-03 15:28 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-03 15:28 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-03 15:28 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-03 15:28 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-03 15:28 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-03 15:28 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-03 15:28 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-03 15:28 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-03 15:28 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-03 15:28 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-03 15:28 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-03 15:28 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-03 15:28 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-03 15:28 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-03 15:28 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-03 15:28 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-03 15:28 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-03 15:28 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-03 15:28 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-03 15:28 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-03 15:28 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-03 15:28 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-03 15:28 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-03 15:28 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-03 15:28 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-03 15:28 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-03 15:28 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-03 15:28 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-03 15:28 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-03 15:28 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-03 15:28 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-03 15:28 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-03 15:28 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-03 15:28 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-03 15:28 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-03 15:28 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-03 15:28 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-03 15:28 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-03 15:28 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-03 15:28 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-03 15:28 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-09-03 15:28 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-03 15:28 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-03 15:28 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-03 15:27 - 2015-08-18 01:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-03 15:27 - 2015-08-18 01:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-03 15:27 - 2015-08-18 01:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-03 15:27 - 2015-08-18 01:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-03 15:27 - 2015-08-18 01:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-03 15:27 - 2015-08-18 01:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-03 15:27 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-03 15:27 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-03 15:27 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-03 15:27 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-09-02 21:54 - 2015-09-02 21:54 - 00000409 _____ C:\Users\justin\Downloads\playlist.asx
2015-09-01 21:03 - 2015-09-01 21:03 - 00000000 ____D C:\Users\justin\AppData\Roaming\Steam
2015-09-01 18:48 - 2015-09-20 04:57 - 10176778 _____ C:\WINDOWS\system32\Drivers\whitelist2.sa
2015-09-01 18:48 - 2015-09-04 22:41 - 08538692 ____N C:\WINDOWS\system32\Drivers\whitelist2(3850).sa
2015-09-01 18:47 - 2015-09-01 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2015-09-01 18:47 - 2015-09-01 18:47 - 00000000 ____D C:\ProgramData\ClamAV
2015-09-01 18:40 - 2015-09-01 18:40 - 01923776 _____ (SecureAge Technology) C:\Users\justin\Downloads\SecureAPlusSetup.exe
2015-08-31 21:30 - 2015-08-31 21:30 - 00001309 _____ C:\Users\justin\Desktop\ConvertXToDVD 5.lnk
2015-08-31 21:30 - 2015-08-31 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-08-31 04:02 - 2015-08-31 04:02 - 00929360 _____ (Google Inc.) C:\Users\justin\Downloads\googledrivesync.exe
2015-08-31 03:36 - 2015-08-31 03:36 - 00000000 ____D C:\Users\justin\Downloads\KMSpico.v10.1.6.Final
2015-08-31 03:29 - 2015-08-31 03:34 - 15721011 _____ C:\Users\justin\Downloads\KMSpico.v10.1.6.Final.rar
2015-08-30 18:53 - 2015-09-19 19:48 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-30 18:53 - 2015-08-30 18:53 - 00003968 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-08-30 18:37 - 2015-08-30 18:37 - 00003380 _____ C:\WINDOWS\System32\Tasks\{3EB4CA63-8102-49C6-A730-8CFB4EEE5416}
2015-08-30 15:47 - 2015-09-04 17:27 - 00000000 ____D C:\Users\justin\AppData\Local\Opera Software
2015-08-30 15:46 - 2015-09-04 22:38 - 00000000 ____D C:\Users\justin\AppData\Roaming\Opera Software
2015-08-30 15:46 - 2015-08-30 15:46 - 00003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1440967561
2015-08-30 15:46 - 2015-08-30 15:46 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-30 15:45 - 2015-09-19 23:08 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-30 15:44 - 2015-08-30 15:44 - 00703448 _____ (Opera Software) C:\Users\justin\Downloads\Opera_NI_stable.exe
2015-08-29 03:44 - 2015-08-29 03:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MISSING An Interactive Thriller Episode 1
2015-08-29 03:42 - 2015-08-29 03:42 - 00000000 ____D C:\Games
2015-08-28 18:51 - 2015-08-28 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepAliveHD
2015-08-27 15:51 - 2015-09-03 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-26 23:21 - 2015-08-26 23:21 - 02721255 _____ C:\Users\justin\Documents\recover 08.26.15.fss
2015-08-26 15:46 - 2015-08-26 15:46 - 00122654 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2015-08-26 15:30 - 2015-09-13 23:14 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-26 15:30 - 2015-08-26 15:30 - 00780712 _____ C:\WINDOWS\Minidump\082615-42328-01.dmp
2015-08-26 15:29 - 2015-09-13 23:14 - 912151808 _____ C:\WINDOWS\MEMORY.DMP
2015-08-26 08:36 - 2015-08-26 08:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-08-26 08:36 - 2015-08-26 08:36 - 00000000 ____D C:\Program Files\Recuva
2015-08-26 08:34 - 2015-08-26 08:35 - 04426120 _____ (Piriform Ltd) C:\Users\justin\Downloads\rcsetup152.exe
2015-08-25 06:26 - 2015-08-25 06:26 - 00064512 _____ C:\WINDOWS\SysWOW64\dxconfig.exe
2015-08-25 06:26 - 2015-08-25 06:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M3 RAW Drive Recovery
2015-08-25 06:25 - 2015-08-25 06:25 - 03548360 _____ (M3 Data Recovery ) C:\Users\justin\Downloads\m3rawdriverecovery.exe
2015-08-25 06:25 - 2015-08-25 06:25 - 00000000 ____D C:\Program Files (x86)\M3 Software
2015-08-24 18:01 - 2015-08-11 12:22 - 03067392 _____ C:\WINDOWS\system32\pwNative.exe
2015-08-24 18:01 - 2013-09-30 15:26 - 00019152 ____N C:\WINDOWS\system32\pwdrvio.sys
2015-08-24 18:01 - 2013-09-30 15:26 - 00012504 ____N C:\WINDOWS\system32\pwdspio.sys
2015-08-24 18:00 - 2015-08-24 18:01 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2015-08-24 18:00 - 2015-08-24 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Free 9.1
2015-08-24 17:58 - 2015-08-24 17:58 - 32262960 _____ (MiniTool Solution Ltd. ) C:\Users\justin\Downloads\pwfree91.exe
2015-08-24 17:38 - 2015-08-24 17:38 - 00223203 _____ C:\Users\justin\Documents\2015-08-24_17_37_DRW_PRecovery.rsf
2015-08-24 17:35 - 2015-08-24 17:36 - 12444088 _____ C:\Users\justin\Downloads\testdisk-7.0.win.zip
2015-08-22 06:15 - 2015-09-20 05:21 - 00000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1106552174-2026213447-2673983111-1001UA.job
2015-08-22 06:15 - 2015-09-19 06:20 - 00000896 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1106552174-2026213447-2673983111-1001Core.job
2015-08-22 06:15 - 2015-08-22 06:15 - 00004070 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1106552174-2026213447-2673983111-1001UA
2015-08-22 06:15 - 2015-08-22 06:15 - 00003694 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1106552174-2026213447-2673983111-1001Core
2015-08-22 06:15 - 2015-08-22 06:15 - 00000000 ____D C:\Users\justin\AppData\Local\Dropbox
2015-08-22 06:15 - 2015-08-22 06:15 - 00000000 ____D C:\ProgramData\Dropbox
2015-08-22 06:13 - 2015-08-22 06:13 - 00000000 ____D C:\Users\justin\AppData\Local\PeerDistRepub
2015-08-22 04:15 - 2015-08-22 04:15 - 00002209 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-08-22 04:15 - 2015-08-22 04:15 - 00000000 ____D C:\Program Files (x86)\Belarc
2015-08-22 02:18 - 2015-09-01 21:25 - 00000000 ____D C:\Users\justin\AppData\Local\DayDreamer
2015-08-21 18:16 - 2015-08-21 19:52 - 00003686 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateClient
2015-08-21 18:16 - 2015-08-21 18:16 - 00003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdate
2015-08-21 04:26 - 2015-08-21 04:27 - 00008190 _____ C:\Users\justin\Downloads\a-girl-walks-home-alone-at-night_english-1086391.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-20 05:29 - 2015-03-22 18:03 - 00000000 ____D C:\ProgramData\BitMeterOS
2015-09-20 05:10 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-20 05:06 - 2014-06-18 21:08 - 00000000 ____D C:\Users\justin\Documents\Movie Collector
2015-09-20 05:03 - 2015-03-13 06:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-20 03:42 - 2015-03-12 23:10 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-20 03:32 - 2014-07-26 12:36 - 00000000 ____D C:\Users\justin\Downloads\BitTorrent
2015-09-20 03:03 - 2015-07-10 07:20 - 00000364 _____ C:\WINDOWS\setupact.log
2015-09-20 03:03 - 2015-03-12 22:26 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2015-09-20 03:03 - 2015-03-12 22:26 - 00001908 _____ C:\WINDOWS\diagerr.xml
2015-09-20 03:01 - 2015-08-13 06:33 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-20 02:59 - 2015-07-10 07:20 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-20 02:55 - 2015-06-06 05:12 - 00000000 ____D C:\Users\justin\Downloads\Windows Isos
2015-09-20 02:30 - 2015-08-15 05:22 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0073C7F7-D427-466E-8E92-99DB8C40E445}
2015-09-19 23:50 - 2014-06-18 21:10 - 00000000 ____D C:\Users\justin\Documents\PST Folder
2015-09-19 23:36 - 2015-08-13 03:44 - 00000000 ____D C:\Users\Administrator
2015-09-19 23:34 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-19 23:34 - 2015-05-20 03:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-09-19 23:31 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-19 23:30 - 2015-05-13 06:41 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-09-19 23:27 - 2015-08-13 05:01 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-09-19 23:27 - 2015-08-13 03:44 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-19 23:27 - 2015-05-20 03:14 - 00002332 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-09-19 23:11 - 2014-06-18 21:05 - 00000000 ___RD C:\Users\justin\Desktop\Maintenance
2015-09-19 23:07 - 2014-06-18 19:47 - 00000000 ___DO C:\Users\justin\SkyDrive
2015-09-19 23:03 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-19 23:03 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-19 22:57 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-19 20:52 - 2015-03-14 18:41 - 00000000 ____D C:\Users\justin\AppData\Local\CrashDumps
2015-09-19 17:24 - 2015-07-12 20:37 - 00000000 ____D C:\Program Files (x86)\SurfEasy VPN
2015-09-19 02:29 - 2015-03-13 06:35 - 00000000 ____D C:\Users\justin\AppData\Local\Adobe
2015-09-18 18:22 - 2015-06-28 21:25 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-09-18 18:21 - 2015-04-30 02:20 - 00000000 ____D C:\Users\justin\Downloads\Adobe CS5.5 Master Collection
2015-09-18 18:13 - 2015-04-27 18:09 - 00000074 _____ C:\Users\justin\Downloads\AutoPetFeed.ini
2015-09-18 18:12 - 2015-08-13 04:12 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-18 10:00 - 2015-08-13 06:25 - 00000000 ____D C:\Windows.old
2015-09-17 21:47 - 2015-08-13 03:44 - 00000000 ____D C:\Users\justin
2015-09-17 20:09 - 2014-06-18 21:08 - 00000000 ____D C:\Users\justin\Documents\ConvertXtoDVD
2015-09-17 19:52 - 2015-03-20 18:25 - 00000000 ____D C:\Users\justin\AppData\Roaming\deluge
2015-09-17 16:41 - 2015-08-13 03:34 - 00022706 _____ C:\WINDOWS\PFRO.log
2015-09-17 00:47 - 2015-03-19 20:45 - 00000000 ____D C:\ProgramData\Oracle
2015-09-17 00:09 - 2015-03-19 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-17 00:07 - 2015-03-19 20:46 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-17 00:06 - 2015-03-19 20:45 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-16 14:54 - 2014-06-18 19:45 - 00000000 ____D C:\Users\justin\AppData\Local\Packages
2015-09-15 19:08 - 2014-10-05 05:29 - 00000000 ____D C:\Users\justin\Desktop\ZProper Bookmark File
2015-09-15 03:37 - 2015-03-12 23:10 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 03:37 - 2015-03-12 23:10 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 03:37 - 2015-03-12 23:10 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 06:18 - 2014-08-25 13:47 - 00000000 ____D C:\Users\justin\Downloads\Temp Games
2015-09-13 23:38 - 2015-03-20 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2015-09-13 23:37 - 2015-03-20 18:23 - 00000000 ____D C:\Program Files (x86)\Deluge
2015-09-13 06:51 - 2015-03-12 23:09 - 00000000 ____D C:\Users\justin\AppData\Local\Google
2015-09-12 16:30 - 2015-05-24 04:17 - 00000000 ____D C:\Users\justin\AppData\Roaming\Bleep
2015-09-12 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-12 05:48 - 2015-07-10 07:20 - 00348792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-12 05:44 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 05:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-11 20:10 - 2014-08-26 14:18 - 00017707 _____ C:\Users\justin\Documents\Untitled.rar
2015-09-11 05:15 - 2015-08-13 05:05 - 00002383 _____ C:\Users\justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-10 05:41 - 2015-05-12 03:40 - 00007575 _____ C:\Users\justin\AppData\Local\Resmon.ResmonCfg
2015-09-09 21:20 - 2014-06-18 21:14 - 00000000 ___RD C:\Users\justin\Google Drive
2015-09-09 21:18 - 2014-06-18 21:08 - 00000000 ____D C:\Users\justin\Documents\CyberLink
2015-09-09 21:04 - 2015-03-13 07:09 - 00000000 ____D C:\ProgramData\install_clap
2015-09-09 21:02 - 2015-03-13 07:15 - 00000000 ____D C:\Users\justin\AppData\Local\CyberLink
2015-09-09 21:02 - 2015-03-13 07:09 - 00000000 ____D C:\ProgramData\CyberLink
2015-09-09 21:01 - 2015-03-13 03:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-09 20:48 - 2015-03-13 07:09 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-09-09 19:51 - 2015-03-13 00:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 18:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-09 18:45 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-09 01:35 - 2014-08-25 18:56 - 00000000 ____D C:\Users\justin\Desktop\eBooks
2015-09-06 04:42 - 2014-06-18 21:13 - 00000000 ___RD C:\Users\justin\Dropbox
2015-09-05 23:27 - 2015-03-15 07:23 - 00001303 _____ C:\Users\justin\Desktop\Dropbox.lnk
2015-09-05 23:27 - 2015-03-15 07:19 - 00000000 ____D C:\Users\justin\AppData\Roaming\Dropbox
2015-09-05 17:50 - 2014-06-18 21:05 - 00000000 ___RD C:\Users\justin\Desktop\Games
2015-09-05 00:05 - 2014-06-18 21:05 - 00000000 ___RD C:\Users\justin\Desktop\Browsers
2015-09-04 23:42 - 2015-08-13 03:39 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-09-04 23:42 - 2015-08-13 03:39 - 00002651 _____ C:\WINDOWS\LkmdfCoInst.log
2015-09-04 23:42 - 2015-03-13 03:27 - 00029045 _____ C:\WINDOWS\LDPINST.LOG
2015-09-04 23:42 - 2015-03-13 03:26 - 00000000 ____D C:\Program Files\Common Files\Logishrd
2015-09-04 23:37 - 2015-03-13 03:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-09-04 23:37 - 2015-03-13 03:27 - 00000000 ____D C:\ProgramData\Logishrd
2015-09-04 22:38 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-09-04 22:38 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\servicing
2015-09-04 22:38 - 2015-03-22 06:04 - 00000000 ____D C:\Users\justin\Desktop\Torrents
2015-09-04 22:38 - 2015-03-19 20:51 - 00000000 ____D C:\Users\justin\AppData\Roaming\I2P
2015-09-04 22:38 - 2015-03-15 06:36 - 00000000 ____D C:\Users\justin\AppData\Roaming\Winamp
2015-09-04 22:18 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
2015-09-04 22:13 - 2015-05-26 17:32 - 00000000 ____D C:\Tor Browser
2015-09-04 22:13 - 2015-03-19 20:50 - 00000000 ____D C:\ProgramData\i2p
2015-09-04 17:21 - 2015-05-24 05:20 - 00000000 ____D C:\Users\justin\AppData\Roaming\Yandex
2015-09-03 17:11 - 2015-03-13 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-02 17:05 - 2015-03-28 18:00 - 00000000 ____D C:\Program Files (x86)\OBS
2015-09-01 18:46 - 2015-04-24 22:24 - 00000000 ____D C:\Program Files\SecureAge
2015-09-01 02:01 - 2015-04-16 01:05 - 00000000 ____D C:\Users\justin\AppData\Roaming\Vso
2015-09-01 01:45 - 2015-06-28 21:46 - 00000000 ____D C:\ProgramData\vsosdk
2015-08-31 21:30 - 2015-04-16 01:05 - 00099384 _____ C:\Users\justin\AppData\Roaming\inst.exe
2015-08-31 21:30 - 2015-04-16 01:05 - 00082816 _____ (VSO Software) C:\Users\justin\AppData\Roaming\pcouffin.sys
2015-08-31 21:30 - 2015-04-16 01:05 - 00007859 _____ C:\Users\justin\AppData\Roaming\pcouffin.cat
2015-08-31 21:30 - 2015-04-16 01:05 - 00000055 _____ C:\Users\justin\AppData\Roaming\pcouffin.log
2015-08-31 21:29 - 2015-04-16 01:04 - 00000000 ____D C:\Program Files (x86)\VSO
2015-08-30 18:53 - 2015-03-13 06:36 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-27 22:16 - 2015-04-09 21:47 - 00000000 ____D C:\Users\justin\AppData\Local\Popcorn-Time
2015-08-26 18:37 - 2015-03-13 00:06 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-24 08:17 - 2015-03-13 16:28 - 00000000 ____D C:\Users\justin\AppData\Roaming\uTorrent
2015-08-21 00:50 - 2015-08-13 04:37 - 00000000 ____D C:\Users\justin\AppData\Local\Comms
2015-08-21 00:11 - 2015-03-19 21:24 - 00000000 ____D C:\Program Files\PeerBlock

==================== Files in the root of some directories =======

2015-04-16 01:05 - 2015-08-31 21:30 - 0099384 _____ () C:\Users\justin\AppData\Roaming\inst.exe
2015-04-16 01:05 - 2015-08-31 21:30 - 0007859 _____ () C:\Users\justin\AppData\Roaming\pcouffin.cat
2015-04-16 01:05 - 2015-08-31 21:30 - 0001167 _____ () C:\Users\justin\AppData\Roaming\pcouffin.inf
2015-04-16 01:05 - 2015-08-31 21:30 - 0000055 _____ () C:\Users\justin\AppData\Roaming\pcouffin.log
2015-04-16 01:05 - 2015-08-31 21:30 - 0082816 _____ (VSO Software) C:\Users\justin\AppData\Roaming\pcouffin.sys
2015-04-29 06:22 - 2015-04-29 06:22 - 0000000 _____ () C:\Users\justin\AppData\Local\ars.cache
2015-04-29 06:22 - 2015-04-29 06:22 - 0001594 _____ () C:\Users\justin\AppData\Local\census.cache
2015-04-28 07:59 - 2015-04-28 07:59 - 0000036 _____ () C:\Users\justin\AppData\Local\housecall.guid.cache
2015-09-19 17:26 - 2015-09-19 17:26 - 0000218 _____ () C:\Users\justin\AppData\Local\recently-used.xbel
2015-05-12 03:40 - 2015-09-10 05:41 - 0007575 _____ () C:\Users\justin\AppData\Local\Resmon.ResmonCfg
2015-06-25 23:36 - 2015-06-25 23:36 - 0000000 _____ () C:\Users\justin\AppData\Local\{8771A1E8-1CF5-4A32-A495-9222298C389F}
2015-08-13 03:37 - 2015-08-13 03:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-11 06:04 - 2015-06-11 06:09 - 0000102 ____H () C:\ProgramData\emopts.dat
2002-05-15 21:41 - 2015-06-11 05:01 - 0001401 ____H () C:\ProgramData\saopts.dat
2015-06-11 06:04 - 2015-06-11 06:09 - 0001756 ____H () C:\ProgramData\sys001.log
2015-06-11 05:02 - 2015-06-11 05:02 - 0000399 ____H () C:\ProgramData\sys004.log
2015-06-11 06:09 - 2015-06-11 06:09 - 0000002 ____H () C:\ProgramData\sys006.log
2015-06-11 06:04 - 2015-06-11 06:09 - 0000076 ____H () C:\ProgramData\sys007.log
2015-06-11 06:04 - 2015-06-11 06:09 - 0017539 ____H () C:\ProgramData\sys008.log
2015-06-11 06:04 - 2015-06-11 06:09 - 0000755 ____H () C:\ProgramData\sys011.log
2015-06-11 06:04 - 2015-06-11 06:09 - 0000054 ____H () C:\ProgramData\sys012.log
2015-06-11 06:04 - 2015-06-11 06:09 - 0005269 ____H () C:\ProgramData\sys013.log

Files to move or delete:
====================
C:\ProgramData\emopts.dat
C:\ProgramData\saopts.dat

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpub_wpf.dll
C:\Users\justin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcytgi3.dll
C:\Users\justin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-18 09:20

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 24 September 2015 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Program Files\KMSpico
C:\Users\justin\Downloads\AA_v3.exe
C:\Program Files (x86)\KGB
C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

How is the computer running now?

#3 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 24 September 2015 - 11:39 PM

The same window still appears which informs me to call my ISP about malware. Here is the frst fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by justin (2015-09-24 17:10:38) Run:1
Running from C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order
Loaded Profiles: justin (Available Profiles: justin & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Program Files\KMSpico
C:\Users\justin\Downloads\AA_v3.exe
C:\Program Files (x86)\KGB
C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\KMSpico\Service_KMS.exe => No running process found
C:\Users\justin\Downloads\AA_v3.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Mpk.exe => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found.
C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo => moved successfully
Service KMSELDI => service removed successfully
VBoxNetFlt => service removed successfully
wfpcapture => service removed successfully
C:\Program Files\KMSpico => moved successfully
C:\Users\justin\Downloads\AA_v3.exe => moved successfully
"C:\Program Files (x86)\KGB" => File/Folder not found.
"C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo" => File/Folder not found.
EmptyTemp: => 613.7 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 17:16:04 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 25 September 2015 - 07:41 AM

Clean your Java cache.
https://www.java.com/en/download/help/plugin_cache.xml

===

Clean your Flash cache.
https://forums.adobe.com/message/4278569
===

If the problem persists can you give me the task name that you terminate?

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager.



#5 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 25 September 2015 - 05:56 PM

THe process I terminate is very simple, I have to terminate whatever browser I am using at the time. Leads me to believe it is some service that starts (I do this for a living as well)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 26 September 2015 - 07:37 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

Any luck?

#7 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 October 2015 - 01:57 AM

Here you go. Sorry for the delay, Outlook moved last reply to junk for some reason. I had already run rkill for the previous person but here is also a new log, let me know if you want the log from 9/17 for comparison. Thanx.

 

RogueKiller V10.10.7.0 [Sep 28 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : justin [Administrator]
Started from : C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order\RogueKiller.exe
Mode : Scan -- Date : 10/02/2015 01:39:44

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1106552174-2026213447-2673983111-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://extratorrent.cc/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1106552174-2026213447-2673983111-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://extratorrent.cc/  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1106552174-2026213447-2673983111-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1106552174-2026213447-2673983111-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08034e07-7442-49e5-a9a7-38b7aa239a22} | DhcpNameServer : 10.9.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8d0543db-48b8-45f1-8d27-e355d23edf66} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bde6a774-fadd-49b9-86e7-674a16166e6f} | DhcpNameServer : 61.9.195.193 61.9.194.49 ([-][AUSTRALIA (AU)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08034e07-7442-49e5-a9a7-38b7aa239a22} | DhcpNameServer : 10.9.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8d0543db-48b8-45f1-8d27-e355d23edf66} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bde6a774-fadd-49b9-86e7-674a16166e6f} | DhcpNameServer : 61.9.195.193 61.9.194.49 ([-][AUSTRALIA (AU)])  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \GoogleUpdate -- C:\Users\justin\AppData\Roaming\Google\downloader.exe (/VERYSILENT) -> Found
[Suspicious.Path] \GoogleUpdateClient -- C:\Users\justin\AppData\Roaming\Google\downloader.exe (/VERYSILENT) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 5 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                       cap.cyberlink.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   activation.cyberlink.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cap.cyberlink.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 license.superantispyware.com
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 license.superantispyware.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 2uvv5ml2.default : user_pref("browser.startup.homepage", "http://127.0.0.1:7657/i2psnark/|http://127.0.0.1:7657/home|http://tracker2.postman.i2p/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 +++++
--- User ---
[MBR] ddc031143d80c537f33b3f1c729fc893
[BSP] d28e338c2261577215d19a426d664c81 : Empty MBR Code
Partition table:
0 -  | Offset (sectors): 2048 | Size: 300 MB
1 -  | Offset (sectors): 616448 | Size: 99 MB
2 -  | Offset (sectors): 1081344 | Size: 475923 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 975773696 | Size: 487 MB
User = LL1 ... OK
User = LL2 ... OK

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2015 01:54:03 AM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\dxconfig.exe (PID: 2144) [WD-HEUR]
 * C:\Windows\SysWOW64\dxconfig.exe (PID: 3084) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * HdAudAddService [Missing Service]
 * wfpcapture [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1                       cap.cyberlink.com
  127.0.0.1                   activation.cyberlink.com
  127.0.0.1 cap.cyberlink.com
  127.0.0.1 license.superantispyware.com
  0.0.0.0 license.superantispyware.com

Program finished at: 10/02/2015 01:56:28 AM
Execution time: 0 hours(s), 2 minute(s), and 24 seconds(s)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 02 October 2015 - 07:13 AM


Please run the RogueKiller and fix these two items.
[Suspicious.Path] \GoogleUpdate -- C:\Users\justin\AppData\Roaming\Google\downloader.exe (/VERYSILENT) -> Found
[Suspicious.Path] \GoogleUpdateClient -- C:\Users\justin\AppData\Roaming\Google\downloader.exe (/VERYSILENT) -> Found


If not located in Australia I suggest your fix these items also
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bde6a774-fadd-49b9-86e7-674a16166e6f} | DhcpNameServer : 61.9.195.193 61.9.194.49 ([-][AUSTRALIA (AU)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bde6a774-fadd-49b9-86e7-674a16166e6f} | DhcpNameServer : 61.9.195.193 61.9.194.49 ([-][AUSTRALIA (AU)]) -> Found

===

* HOSTS file entries found:
127.0.0.1 cap.cyberlink.com
127.0.0.1 activation.cyberlink.com
127.0.0.1 cap.cyberlink.com
127.0.0.1 license.superantispyware.com <- duplicate remove

0.0.0.0 license.superantispyware.com


As suggested on this page the 127.0.0.1 should be changed to 0.0.0.0
http://winhelp2002.mvps.org/hosts.htm
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#9 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 03 October 2015 - 03:52 AM

I removed the entries marked with Rogue Killer for the google update but not the others that applied to australia (i am in australia and i bet those apply for the usb router i bought here for when traveling). The superantispyware hosts entries were removed as I removed the program anyway. I am sure you know why. Here is the log. Oh, luckily that zoek didn't perfor what it said it would about purging my temp folder. I use that and had about 65gb worth of data in it for someone lol. Phew that it failed after reboot on that one BUT makes me wonder what else did it possibly not do?

 

Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by justin on Fri 10/02/2015 at 21:56:03.90.
Microsoft Windows 10 Pro 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/2/2015 10:10:25 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\AgentSS deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Jackmeat.IIS APPPOOL\AppData\LocalLow deleted successfully
C:\Users\justin\AppData\Local\Adobe deleted successfully
C:\Users\justin\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\justin\AppData\Local\EmieSiteList deleted successfully
C:\Users\justin\AppData\Local\EmieUserList deleted successfully
C:\Users\justin\AppData\Local\NetworkTiles deleted successfully
C:\Users\justin\AppData\Local\Opera Software deleted successfully
C:\Users\justin\AppData\Local\PackageStaging deleted successfully
C:\Users\justin\AppData\Local\PeerDistRepub deleted successfully
C:\Users\justin\AppData\Local\Secunia PSI deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Mortal Kombat Komplete Edition deleted
C:\PROGRA~2\Seagate File Recovery for Windows deleted
C:\FileRecovery.log deleted
C:\PROGRA~3\emopts.dat deleted
C:\PROGRA~3\saopts.dat deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\Users\justin\AppData\Local\{8771A1E8-1CF5-4A32-A495-9222298C389F}" deleted
"C:\Users\justin\AppData\Roaming\Yandex\ui" deleted
"C:\Users\justin\AppData\Roaming\Yandex" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [09/04/2015 11:37 PM]

==== Chromium Look ======================

Google Chrome Version: 45.0.2454.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/01/2015 11:17 AM]

AdBlock - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Ghostery - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
F.B. Purity - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Logitech Smooth Scrolling - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
AdBlock - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Skype Click to Call - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Ghostery - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
F.B. Purity - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Logitech Smooth Scrolling - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk
AdBlock - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Maelstrom Internals - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\lkdlimpomlfahmnpblfdniloeahgbnck
Google Drive App Launcher - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Ghostery - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
F.B. Purity - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl

==== Chromium Fix ======================

C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\justin\AppData\Local\Maelstrom\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\justin\AppData\Local\Maelstrom\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\justin\AppData\Local\Maelstrom\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\justin\AppData\Local\Maelstrom\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://extratorrent.cc/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://extratorrent.cc/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\justin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\justin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\justin\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\justin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\justin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\justin\AppData\Local\Maelstrom\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 03 October 2015 - 07:49 AM



Phew that it failed after reboot on that one BUT makes me wonder what else did it possibly not do?


If missing anything you can always used the restore point created.

==== System Restore Info ======================
10/2/2015 10:10:25 PM Zoek.exe System Restore Point Created Successfully.


===

Remove Adblock from Chrome.
AdBlock - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AdBlock - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AdBlock - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Source: http://blog.kotowicz.net/2012/03/chrome-addons-hacking-bye-bye-adblock.html

You already have this one. It's much safer
Adblock Plus
https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

===

I did not find any reference to this Chrome extension.
Maelstrom Internals - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\lkdlimpomlfahmnpblfdniloeahgbnck
If you do not know what it is delete it.

===

This Chrome extension is also not recommended.
F.B. Purity - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
F.B. Purity - justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
F.B. Purity - justin\AppData\Local\Maelstrom\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl

Source: https://www.reasoncoresecurity.com/manifest.json-49e05309b771a58895f87a39b766f64702b9cb40.aspx

===

How is the computer running now?

#11 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 03 October 2015 - 04:40 PM

I don't recall system restore ever retrieving deleted data, but anyway, like I said, it didn't work anyway. Maybe in Windows 10 system restore does bring back removed data. Adblok is removed, FB purity is quite useful and since i have been using it for many years andonly had this issue start up since upgrading to Windows 10, I will assume that has nothig to do with it. Maelstrom is a bittorrent created web browser that I tested but don't use, so that has been removed. https://torrentfreak.com/beating-internet-censors-with-bittorrents-maelstrom-browser-150419/

 

As of today, the "call security/fake blue screen came up immediately when I visited IMDB.com . So as of now, it still isn't fixed.



#12 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 03 October 2015 - 05:22 PM

Oh, and this morning Chrome needed to be re-installed. After rebooting it, SecureAPlus detects this as malware (possibly) Any idea what it is?

C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\delegate_execute.exe


Edited by jackmeat, 03 October 2015 - 05:23 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 04 October 2015 - 07:54 AM

After rebooting it, SecureAPlus detects this as malware (possibly) Any idea what it is?
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\delegate_execute.exe


That is the latest Crome Update. I have it installed. It's a false positive.
===

I have not problem going to IMDB.com with IE or Chrome.
Which browser were you using at the time?


Run the RogueKiller tool and remove this item.
[PUM.HomePage][FIREFX:Config] 2uvv5ml2.default : user_pref("browser.startup.homepage", "http://127.0.0.1:7657/i2psnark/|http://127.0.0.1:7657/home|http://tracker2.postman.i2p/"); -> Found

Keep me posted

#14 jackmeat

jackmeat
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 04 October 2015 - 08:42 AM

 

After rebooting it, SecureAPlus detects this as malware (possibly) Any idea what it is?
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\delegate_execute.exe

That is the latest Crome Update. I have it installed. It's a false positive.
===

I have not problem going to IMDB.com with IE or Chrome.
Which browser were you using at the time?
-------------

At that moment, IE.

Run the RogueKiller tool and remove this item.
[PUM.HomePage][FIREFX:Config] 2uvv5ml2.default : user_pref("browser.startup.homepage", "http://127.0.0.1:7657/i2psnark/|http://127.0.0.1:7657/home|http://tracker2.postman.i2p/"); -> Found

 

-------------

 

Getting the I2P network setup to run flawlessly was a pain, but again it has been setup for about a year this way and had no problems, I really don't want to mess with firefox, it is ONLY used for I2P traffic, no other browsing.

Keep me posted

 


Edited by jackmeat, 04 October 2015 - 08:44 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:13 AM

Posted 04 October 2015 - 01:37 PM

This is not caused by malware.

If you have cleared the IE cache as suggested in post not 2 I can only suggest you start a new topic in the Windows 10 Forum.
http://www.bleepingcomputer.com/forums/f/229/windows-10-support/

I do not have Windows 10 and possibly there is an other way to clean the cache etc...

I will keep this topic open for 6 days if you need to return please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users