Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware! This is real bad!


  • This topic is locked This topic is locked
22 replies to this topic

#1 MikeSeattle

MikeSeattle

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 10 November 2015 - 09:05 AM

Hi everyone,
For several weeks now, I have been fighting with this virus.
I am a fairly advanced computer user but for the life of me I could not find what's driving my malware. It is so bad I cannot really use the Internet. Just to register on this forum and post this message I had to close something like 50 windows. The behaviour is that when I click on a valid link, it goes to another web site with ads instead.
 
Operating system is Windows 8 and I am using Chrome.
I have checked Installed Programs under control panel, nothing unusual is installed.
Checked task manager, don't see any unusual process running.
Checked Chrome Extensions, there's nothing there.
Tried "reset settings" in Chrome, no change.
Windows defender found a problem and quaranteened dnsapi.dll. When I did this, I lost the ability to browse the Internet which I need for my work, so I reverted back.
Ran AdwCleaner several times, it suggested removing c:\windows\sysnative\dnsapi.dll and c:\windows\SysWOW64\dnsapi.dll however I unchecked those as I am afraid I will lose the ability to use the Internet. Ran AdwCleaner with those items unchecked, no change.
So at this point I am pretty sure the problem is with dnsapi.dll.
However, I am not sure what is the solution. Is it as simple as dropping a clean dll there? If so, where do I get it? I have attached an AdwCleaner log and a screen shot of what the malware is doing. It is also speaking through my computer speakers all the time! This is real bad!
Help!!! Thank you.

Attached Files


Edited by MikeSeattle, 10 November 2015 - 09:35 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:10 AM

Posted 11 November 2015 - 01:06 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 11 November 2015 - 04:58 PM

Hi Jürgen,

Thank you for your reply.

I am pretty sure the problem is with dnsapi.dll but I am not sure how to fix it. Where do I get a clean one?

Please see my original message where I describe the behavior I am experiencing.

I am posting the logs as you requested.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by me (2015-11-11 13:48:32)
Running from C:\Users\me\AppData\Local\Microsoft\Windows\INetCache\IE\QOKVC1D5
Windows 8.1 (X64) (2014-10-23 19:55:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1693388388-4027811455-3003149052-500 - Administrator - Disabled)
Guest (S-1-5-21-1693388388-4027811455-3003149052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1693388388-4027811455-3003149052-1006 - Limited - Enabled)
me (S-1-5-21-1693388388-4027811455-3003149052-1001 - Administrator - Enabled) => C:\Users\me
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version:  - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3153 for SQL Server 2012 (KB2977326) (64-bit) (HKLM\...\KB2977326) (Version: 11.1.3153.0 - Microsoft Corporation)
GDR 3156 for SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\HPConnectedMusic) (Version: 1.1 (build 88) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{8F3AB164-B4F3-45B1-A85A-F5E5815A44E1}) (Version: 11.1.2816.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BA39D494-DDE8-407A-AE5A-18A43DFF74EA}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.6 - Bluefive software)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.104 - Skype Technologies S.A.)
Soda PDF 5 (HKLM-x32\...\{B756A738-AC20-4C26-9EFD-80810B624642}) (Version: 5.0.133.9133 - LULU SOFTWARE LIMITED)
SQL Server 2012 Analysis Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Master Data Services (Version: 11.1.3156.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Updater By SweetPacks 2.0.0.586 (HKLM\...\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1) (Version: 2.0.0.586 - SweetPacks) <==== ATTENTION
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version:  9.0 SR-1 (6224) - WinZip Computing, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1693388388-4027811455-3003149052-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
15-10-2015 07:39:16 Windows Update
09-11-2015 06:59:51 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2015-11-09 05:48 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {076A5E8D-36B2-49DA-ABDF-9EA65186C2E3} - System32\Tasks\TidyNetwork Metro => C:\Program Files (x86)\TidyNetwork.com\tidy2start.exe
Task: {5269E794-18F1-4F72-B8DE-45BFEB6A5514} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {5A6AD646-2BB2-4C2B-957B-2FEB7C3CEB36} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {759042A8-91F5-41DF-8EA0-65DC6052F298} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {84C4FAE8-AB95-4E9B-B4C6-B22FE15D42C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9371800B-CB53-4A89-97B4-1CFC60492DF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A004955C-F872-4909-A430-C5AE870893A8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {A0BF7FFC-D00C-493C-BF65-682278826902} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {C3E45D8F-6CB3-44BF-9B3B-63310C03CA12} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {C41A09E8-C145-4ECF-965C-1042467C486B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {EAF4D89A-2FBA-4690-ACD7-71F278697975} - System32\Tasks\{59200364-5AC4-4130-B773-2181DE5EC686} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-10 18:11 - 2012-07-10 18:11 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-07-10 18:09 - 2012-07-10 18:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00052736 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-12-28 15:27 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-07-10 18:09 - 2012-07-10 18:09 - 00022528 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-07-10 18:14 - 2012-07-10 18:14 - 00072192 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2012-07-27 14:51 - 2012-07-27 14:51 - 00346112 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00052736 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2012-12-28 15:50 - 2012-06-07 19:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-08-10 10:55 - 2012-08-10 10:55 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 17:28 - 2012-05-02 17:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2012-07-10 18:09 - 2012-07-10 18:09 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2015-11-09 05:37 - 2015-10-20 06:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-11-09 05:37 - 2015-10-20 06:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
2015-11-09 05:37 - 2015-10-20 06:08 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll
2013-09-04 22:14 - 2013-09-04 22:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\StartupApproved\Run: => "HP ENVY 4500 series (NET)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{86A42C2E-A97D-44DA-B8CC-9ADBDFCB5505}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{01E7DC28-F00B-49A0-94CF-7D9581C1AED5}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [UDP Query User{E408CEB2-69F7-4A9B-B983-6727805984CB}C:\users\me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2C0CA5BA-996A-4288-B838-7B5C291495B2}C:\users\me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2293EDC7-3559-46E7-B82D-06C03AEE47E1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A6D8C880-022B-440C-B69F-08EB2206C044}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B2C3AEB6-82E9-489E-BD07-6AC504EF7406}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C0C03771-0267-40BF-B6A5-637836A7745C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6216B744-78A5-468C-8904-7DC03E19B1D0}C:\users\me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{FA080C41-725A-47E5-87CA-9904BD99A025}C:\users\me\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\me\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{24A48BA4-3D6F-4B02-9F57-23BEAED5944B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{B4F08E31-328E-47BE-A89A-6F6AB9D7F785}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A781B1EC-399F-433B-A3D2-6F352C20EC92}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{736A5CF8-683F-4C75-A330-4CFA9E86EE79}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{4A65BFBF-0319-4388-BC73-864B8649671A}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{C7562A95-6947-4F61-BC12-D79F93A65F43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B419DD22-F40C-433C-BAE6-76D62C4DDA98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59DAC045-29A8-4502-9F8A-5C0BB42C45AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B264813-32E1-4806-AA0E-A83644E70B79}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{20FDA679-48F1-4E56-B262-876D94C705B3}] => (Allow) LPort=1900
FirewallRules: [{122F757E-FDDC-4126-9C64-22417C9F7E50}] => (Allow) LPort=2869
FirewallRules: [{32907D23-3F54-4BF9-B5B7-AA78FB5893CC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{381B8D50-1FFA-4BFC-9F46-26A941D9FDA7}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{20AD1AF4-AC66-42BB-B769-036664A6A2F1}] => (Allow) LPort=5357
FirewallRules: [{1F74FCDD-445D-4E3A-BA9E-E6CE1B3C1E25}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{29D8144A-E11D-4383-BE03-E33C3C11A2C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2015 09:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPMSGSVC.exe, version: 3.0.3.0, time stamp: 0x4ffa6e72
Faulting module name: HPMSGSVC.exe, version: 3.0.3.0, time stamp: 0x4ffa6e72
Exception code: 0xc0000005
Fault offset: 0x0000394f
Faulting process id: 0x1434
Faulting application start time: 0xHPMSGSVC.exe0
Faulting application path: HPMSGSVC.exe1
Faulting module path: HPMSGSVC.exe2
Report Id: HPMSGSVC.exe3
Faulting package full name: HPMSGSVC.exe4
Faulting package-relative application ID: HPMSGSVC.exe5
 
Error: (11/10/2015 05:14:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: legap.dll, version: 1.0.0.23, time stamp: 0x5008c1e9
Exception code: 0xc0000005
Fault offset: 0x0000301d
Faulting process id: 0x1584
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
 
Error: (11/10/2015 05:02:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x1458
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
 
Error: (11/09/2015 06:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll_unloaded, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x6e4
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
 
Error: (11/09/2015 06:22:27 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (11/09/2015 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll_unloaded, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x628
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
 
Error: (11/09/2015 05:39:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.12.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 181c
 
Start Time: 01d11b33230bf583
 
Termination Time: 1982
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: 75410f95-8748-11e5-be97-b8763f39aef4
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (11/09/2015 07:09:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 3.4.4.40911, time stamp: 0x55c915ef
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000906
Fault offset: 0x0009d4f2
Faulting process id: 0x113c
Faulting application start time: 0xuTorrent.exe0
Faulting application path: uTorrent.exe1
Faulting module path: uTorrent.exe2
Report Id: uTorrent.exe3
Faulting package full name: uTorrent.exe4
Faulting package-relative application ID: uTorrent.exe5
 
Error: (11/09/2015 07:06:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 8.1.0.1252, time stamp: 0x4fe8a1b7
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000906
Fault offset: 0x0009d4f2
Faulting process id: 0xad0
Faulting application start time: 0xLMS.exe0
Faulting application path: LMS.exe1
Faulting module path: LMS.exe2
Report Id: LMS.exe3
Faulting package full name: LMS.exe4
Faulting package-relative application ID: LMS.exe5
 
Error: (11/09/2015 07:03:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll_unloaded, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x0000d53d
Faulting process id: 0x5ec
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5
 
 
System errors:
=============
Error: (11/11/2015 10:53:32 AM) (Source: DCOM) (EventID: 10010) (User: Maksim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (11/11/2015 08:04:25 AM) (Source: DCOM) (EventID: 10010) (User: Maksim)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (11/10/2015 09:17:57 AM) (Source: DCOM) (EventID: 10010) (User: Maksim)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (11/10/2015 09:06:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (11/10/2015 09:06:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (11/10/2015 08:25:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (11/10/2015 05:14:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (11/10/2015 05:10:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (11/10/2015 05:10:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
 
Error: (11/10/2015 05:02:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 2 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-11-11 13:47:36.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-11 13:47:31.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-11 13:35:47.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-11 13:24:44.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-11 13:22:38.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-11 13:22:38.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-11 13:22:38.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-11 13:22:37.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-11 13:22:37.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-11 13:22:37.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 6036.28 MB
Available physical RAM: 1938.41 MB
Total Virtual: 9876.28 MB
Available Virtual: 4188.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:671.77 GB) (Free:563.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.66 GB) (Free:3.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 151C1871)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by me (administrator) on MAKSIM (11-11-2015 13:45:59)
Running from C:\Users\me\AppData\Local\Microsoft\Windows\INetCache\IE\QOKVC1D5
Loaded Profiles: me & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: me & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\HelperService.exe
(LULU Software) C:\Program Files (x86)\Soda PDF 5\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Config.Msi\785304f.rbf
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Config.Msi\78530e7.rbf
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\Run: [uTorrent] => C:\Users\me\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.)
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50270848 2015-11-05] (Skype Technologies S.A.)
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-05-24]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0B534CC8-D443-424A-B611-8A445DABC461}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A2544617-46C4-4B83-BFEE-D9B52B242EA9}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1693388388-4027811455-3003149052-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
URLSearchHook: [S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {8F66F829-BF48-4956-8FB0-923677B210B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {41BA798A-948E-470F-8EDC-B253989AB1BB} URL = 
SearchScopes: HKLM-x32 -> {8F66F829-BF48-4956-8FB0-923677B210B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1693388388-4027811455-3003149052-1001 -> {8F66F829-BF48-4956-8FB0-923677B210B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1693388388-4027811455-3003149052-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1693388388-4027811455-3003149052-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582 -> {8F66F829-BF48-4956-8FB0-923677B210B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {8F66F829-BF48-4956-8FB0-923677B210B6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Soda PDF 5 IE Helper -> {C737F472-1193-4281-BF53-A00B67AB3E19} -> C:\Program Files (x86)\Soda PDF 5\PDFIEHelper.dll [2013-01-29] (LULU Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM-x32 - Soda PDF 5 IE Toolbar - {F335ABA2-FDB4-4644-92B2-5CC4B0FC91D6} - C:\Program Files (x86)\Soda PDF 5\PDFIEPlugin.dll [2013-01-29] (LULU Software)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,7123/mcfscan.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-01-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TopArcadeHits) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation) [File not signed]
U4 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation)
U4 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-08] (Microsoft Corporation)
U4 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation)
U4 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-28] (Microsoft Corporation)
U4 BthHFSrv; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-17] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
S3 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218816 2015-05-05] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [192192 2015-05-05] (Microsoft Corporation)
S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [72497640 2012-10-19] (Microsoft Corporation)
S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-19] (Microsoft Corporation)
R2 Soda PDF 5 Helper Service; C:\Program Files (x86)\Soda PDF 5\HelperService.exe [1069408 2013-01-29] (LULU Software)
R2 Soda PDF 5 Service; C:\Program Files (x86)\Soda PDF 5\ConversionService.exe [794464 2013-01-29] (LULU Software)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-23] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-23] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-11-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U0 yeyrl; C:\Windows\System32\drivers\eccyxn.sys [79064 2015-11-10] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 13:45 - 2015-11-11 13:46 - 00000000 ____D C:\FRST
2015-11-10 08:24 - 2015-11-10 08:24 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\eccyxn.sys
2015-11-10 06:57 - 2015-11-10 06:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-10 06:57 - 2015-11-10 06:57 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-10 06:57 - 2015-11-10 06:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-10 06:57 - 2015-11-10 06:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-10 06:57 - 2015-04-14 10:39 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-10 06:57 - 2015-04-14 10:38 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-10 06:57 - 2015-04-14 10:38 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-10 06:54 - 2015-11-10 06:55 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\me\Downloads\mbam-setup-sem-2.1.6.1022 (1).exe
2015-11-10 06:54 - 2015-11-10 06:54 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\me\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-11-09 18:00 - 2015-11-10 05:36 - 00000000 ____D C:\AdwCleaner
2015-11-09 17:59 - 2015-11-09 17:59 - 01712128 _____ C:\Users\me\Desktop\AdwCleaner.exe
2015-11-09 06:45 - 2015-11-10 09:27 - 00000000 ____D C:\Users\me\AppData\Local\CrashDumps
2015-11-09 05:55 - 2015-07-05 02:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-09 05:48 - 2015-11-09 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-09 05:48 - 2015-11-09 05:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-10-14 07:32 - 2015-10-14 07:32 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-10-14 06:39 - 2015-10-14 06:39 - 00010517 _____ C:\Users\me\Downloads\Инвестиции.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 13:46 - 2014-11-10 14:21 - 01519104 ___SH C:\Users\me\Downloads\Thumbs.db
2015-11-11 13:43 - 2014-11-30 09:34 - 00000000 __SHD C:\Users\me\AppData\Local\EmieBrowserModeList
2015-11-11 13:43 - 2014-10-31 19:48 - 00000000 __SHD C:\Users\me\AppData\Local\EmieUserList
2015-11-11 13:43 - 2014-10-31 19:48 - 00000000 __SHD C:\Users\me\AppData\Local\EmieSiteList
2015-11-11 13:35 - 2013-05-25 11:24 - 00000000 ____D C:\Users\me\AppData\Roaming\Skype
2015-11-11 13:06 - 2013-07-02 10:18 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-11 13:00 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-11 12:35 - 2014-10-23 11:51 - 01712577 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-11 10:53 - 2013-05-13 01:50 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1693388388-4027811455-3003149052-1001
2015-11-11 10:48 - 2014-10-23 12:00 - 00003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{97417937-52FA-489D-9CC3-582C9FDB4F7C}
2015-11-11 09:09 - 2013-07-02 10:19 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 09:06 - 2013-07-02 10:18 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-11 05:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-11 05:47 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 05:46 - 2013-05-13 20:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 03:24 - 2012-08-10 17:45 - 00000821 _____ C:\WINDOWS\SysWOW64\bscs.ini
2015-11-11 03:21 - 2012-12-28 15:36 - 00004524 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-11-11 03:21 - 2012-12-28 15:36 - 00000043 _____ C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-11-10 12:19 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-10 10:21 - 2013-05-20 09:01 - 00000000 ____D C:\Users\me\Documents\Personal
2015-11-10 08:24 - 2015-07-25 09:13 - 00000000 ____D C:\Users\me\AppData\LocalLow\Company
2015-11-10 06:30 - 2014-12-01 14:48 - 00495104 ___SH C:\Users\me\Documents\Thumbs.db
2015-11-10 05:03 - 2013-05-25 11:24 - 00000000 ____D C:\ProgramData\Skype
2015-11-09 18:29 - 2013-08-22 06:46 - 00456866 _____ C:\WINDOWS\setupact.log
2015-11-09 18:29 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-09 18:28 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-09 18:27 - 2013-08-04 08:51 - 00000000 ____D C:\Users\me\AppData\Roaming\uTorrent
2015-11-09 18:08 - 2013-08-22 06:44 - 00492664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-09 07:08 - 2014-09-23 23:15 - 01143088 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-09 06:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-09 06:36 - 2014-09-23 23:03 - 00733224 _____ C:\WINDOWS\PFRO.log
2015-11-09 06:36 - 2012-12-28 16:02 - 00000000 ____D C:\ProgramData\Norton
2015-11-09 06:36 - 2012-07-26 00:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-09 06:31 - 2013-08-04 09:30 - 00003046 _____ C:\WINDOWS\System32\Tasks\TidyNetwork Metro
2015-11-09 05:56 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-09 05:48 - 2015-06-19 07:29 - 00001950 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-09 05:24 - 2015-01-27 22:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-09 05:24 - 2015-01-27 22:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-15 20:51 - 2015-03-09 16:13 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 20:51 - 2015-03-09 16:13 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 10:11 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-14 07:30 - 2012-07-25 21:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-10-14 07:26 - 2013-07-29 09:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 07:16 - 2013-05-14 07:45 - 143481208 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-11-24 13:04 - 2015-05-19 14:02 - 0005120 _____ () C:\Users\me\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-08 18:56 - 2015-01-08 18:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-28 15:53 - 2012-12-28 15:53 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt
2013-05-28 11:26 - 2013-05-28 11:26 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\me\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-03-09 10:38] - [2015-09-21 09:36] - 0657920 ____A (Microsoft Corporation) 0D05F9196B8B6CE3B32614DAB06F50A8
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-03-09 10:37] - [2015-09-21 09:36] - 0498688 ____A (Microsoft Corporation) FB5BAF79AC28EF46DF3779DF39CC7C8B
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-09 18:40
 
==================== End of FRST.txt ============================
 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:10 AM

Posted 12 November 2015 - 05:40 AM

Running from C:\Users\me\AppData\Local\Microsoft\Windows\INetCache\IE\QOKVC1D5


Please follow the instructions more carefully. :)
 

save it to your Desktop

 
 

Step 1

frst.pngfrstsearch.png

  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 12 November 2015 - 05:35 PM

Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by me (2015-11-12 14:26:02)
Running from C:\Users\me\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
[2015-03-09 10:37][2014-10-28 17:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB [File is digitally signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_90d9b2b12b50777f\dnsapi.dll
[2014-09-23 23:50][2015-07-26 20:09] 0106819 ____A () 8352637D2731E59DD15E7D8DA9E2A1A0 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
[2015-03-09 10:38][2014-10-28 17:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_8685085ef6efb584\dnsapi.dll
[2014-09-23 23:50][2015-07-26 17:34] 0150063 ____A () 317AD768649A884ADF8325B18CD77A15 [File not signed]
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-03-09 10:37][2015-09-21 09:36] 0498688 ____A (Microsoft Corporation) FB5BAF79AC28EF46DF3779DF39CC7C8B [File not signed]
 
C:\Windows\System32\dnsapi.dll
[2015-03-09 10:38][2015-09-21 09:36] 0657920 ____A (Microsoft Corporation) 0D05F9196B8B6CE3B32614DAB06F50A8 [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
[2015-07-10 02:30][2015-07-10 02:30] 0680256 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\dnsapi.dll
[2015-07-10 02:30][2015-07-10 02:30] 0680256 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
====== End of Search ======


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:10 AM

Posted 13 November 2015 - 12:39 PM

Hi,

Step 1

frst.pngfrstfix.png

Press thew8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    CMD: sfc /scannow
    CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 13 November 2015 - 05:03 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by me (2015-11-13 13:43:11) Run:1
Running from C:\Users\me\Desktop
Loaded Profiles: me & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: me & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
*****************
 
Processes closed successfully.
 
=========  sfc /scannow =========
 
 
 
 
 B e g i n n i n g   s y s t e m   s c a n .     T h i s   p r o c e s s   w i l l   t a k e   s o m e   t i m e . 
 
 
 
 
 
 
 
 T h e r e   i s   a   s y s t e m   r e p a i r   p e n d i n g   w h i c h   r e q u i r e s   r e b o o t   t o   c o m p l e t e .     R e s t a r t   
 
 
 W i n d o w s   a n d   r u n   s f c   a g a i n . 
 
 
 
========= End of CMD: =========
 
 
=========  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 13:43:34 ====


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:10 AM

Posted 13 November 2015 - 11:39 PM

Step 1

frst.pngfrstfix.png

Press thew8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.



Step 3

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 November 2015 - 05:23 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by me (2015-11-16 14:14:26) Run:3
Running from C:\Users\me\Desktop
Loaded Profiles: me & MSSQLFDLauncher & MSSQLSERVER (Available Profiles: me & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & MSSQLSERVER)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
*****************
 
Processes closed successfully.
 
=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
 
 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d   
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t . 
 
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 14:15:00 ====


#10 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 November 2015 - 05:35 PM

Farbar Recovery Scan Tool (x64) Version:16-11-2015
Ran by me (2015-11-16 14:32:58)
Running from C:\Users\me\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
[2015-03-09 10:37][2014-10-28 17:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB [File is digitally signed]
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_90d9b2b12b50777f\dnsapi.dll
[2014-09-23 23:50][2015-07-26 20:09] 0106819 ____A () 8352637D2731E59DD15E7D8DA9E2A1A0 [File not signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
[2015-03-09 10:38][2014-10-28 17:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17039_none_8685085ef6efb584\dnsapi.dll
[2014-09-23 23:50][2015-07-26 17:34] 0150063 ____A () 317AD768649A884ADF8325B18CD77A15 [File not signed]
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-03-09 10:37][2014-10-28 17:06] 0498688 ____A (Microsoft Corporation) BD9C7A068C46053F8747CEA73B5930AB [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-03-09 10:38][2014-10-28 17:30] 0657920 ____A (Microsoft Corporation) A5675939CF0F99B20B5A3CFCC3C1B46A [File is digitally signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
[2015-07-10 02:30][2015-07-10 02:30] 0680256 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\dnsapi.dll
[2015-07-10 02:30][2015-07-10 02:30] 0680256 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
====== End of Search ======


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:10 AM

Posted 16 November 2015 - 05:39 PM

OK, please go ahead with the next steps:

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 21 November 2015 - 11:15 AM

Sorry, this computer is so screwed up that I am having problems doing anything. Chrome cannot download anything(when I click on a link, download does not happen, when I right click and choose "Save link as..." nothing happens. I had to download all of these using IE. Will do the best I can to go through the steps. Something has gotten this computer real bad


Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/16/2015
Scan Time: 5:25 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.16.07
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: me
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 511959
Time Elapsed: 1 hr, 2 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 21 November 2015 - 11:49 AM

# AdwCleaner v5.021 - Logfile created 16/11/2015 at 18:48:04
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : me - MAKSIM
# Running from : C:\Users\me\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\ProgramData\uninstaller.exe
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKU\S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [933 bytes] ##########


#14 MikeSeattle

MikeSeattle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 21 November 2015 - 01:24 PM

ESET Online Scanner - total scan time 2 hours, it's only at 19%



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:10 AM

Posted 22 November 2015 - 05:15 AM

OK.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users