Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

myPC Backup popup will NOT go away!


  • This topic is locked This topic is locked
10 replies to this topic

#1 axeinurface

axeinurface

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 11 November 2015 - 01:34 AM

So I downloaded some sketchy software (against my better judgement) and got slammed with a bunch of crapware being suddenly installed on to my system. I got into safe mode, and removed everything I could see from the control panel. I also ran MalWarebytes and my AV to get rid of everything they could find. BUT, I am still having this stupid popup with the URL http://jmp2.in/taskmbbackuppclgwarn, which then immediately directs to mypcbackup.com. I updated to win10 from my win7 and it continues. I have tried several antimalwares besides MB. They don't find anything. I have browsed through my registry for anything connected to it and can find nothing. I have checked out a few forums about removing it, but nothing has worked. Anyone have any ideas? I'd hate to have to do a clean install. Thanks.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 14 November 2015 - 09:48 AM

Greetings axeinurface and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Which browser(s) is doing this?

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 14 November 2015 - 09:49 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 17 November 2015 - 10:04 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 axeinurface

axeinurface
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 17 November 2015 - 05:44 PM

Hey Oh My!:

     Thanks for replying to my post. This popup thing is annoying the hell out of me. Here is the .txt files from the FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-11-2015
Ran by New Owner (administrator) on VIOLATRON (17-11-2015 14:27:23)
Running from C:\Users\New Owner\Desktop
Loaded Profiles: UpdatusUser & New Owner (Available Profiles: UpdatusUser & New Owner & Guest)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [35440 2010-09-14] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2010-11-02] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-28] (Google Inc.)
HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-09] (Microsoft Corporation)
HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\RunOnce: [Uninstall C:\Users\New Owner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\New Owner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_Plugin.exe [1157320 2015-10-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\MountPoints2: {283382f6-8811-11e5-8d88-68a3c4aaea63} - "E:\LG_PC_Programs.exe"
HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\MountPoints2: {9005c8b1-72c9-11e5-8d70-68a3c4aaea63} - "E:\LG_PC_Programs.exe"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5F7395F6-10A6-40C9-9295-7E53128837ED}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{728fc851-fcff-4b52-a66c-7f8079ca7e0f}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2751227608-273511618-715688685-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2751227608-273511618-715688685-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130889963188359464&GUID=80AA85C5-E37C-4EC7-9B38-C23841E98E63
HKU\S-1-5-21-2751227608-273511618-715688685-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
HKU\S-1-5-21-2751227608-273511618-715688685-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130889963187059462&GUID=80AA85C5-E37C-4EC7-9B38-C23841E98E63
HKU\S-1-5-21-2751227608-273511618-715688685-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0936F432-107A-4657-BC11-91F71443782D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0936F432-107A-4657-BC11-91F71443782D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> {0936F432-107A-4657-BC11-91F71443782D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> {C71EE80D-4DDC-4398-A954-FD2F268E1629} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 -> DefaultScope {E25F2A71-333B-43E9-BF1E-C61F7E813C3D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 -> {3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL =
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 -> {7B81521B-C601-44D4-8048-3350652AB3B5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 -> {E25F2A71-333B-43E9-BF1E-C61F7E813C3D} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-07] (AO Kaspersky Lab)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-28] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-07] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\New Owner\AppData\Roaming\Mozilla\Firefox\Profiles\axd3r3yb.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2751227608-273511618-715688685-1008: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\New Owner\AppData\Roaming\Mozilla\Firefox\Profiles\axd3r3yb.default\Extensions\artur.dubovoy@gmail.com [2015-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-07] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-11-07] (Kaspersky Lab ZAO)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-28] (www.BitComet.com)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-10-13] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-09] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-10-13] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-10-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-10-13] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [504832 2015-10-13] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-09-21] (Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-10-21] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-10-21] (Windows ® Win 7 DDK provider)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-07] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-07] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-11-07] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-07] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-07] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-10-13] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-17] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-10-13] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 14:27 - 2015-11-17 14:28 - 00024545 _____ C:\Users\New Owner\Desktop\FRST.txt
2015-11-17 14:26 - 2015-11-17 14:27 - 00000000 ____D C:\FRST
2015-11-17 14:26 - 2015-11-17 14:26 - 02008576 _____ (Farbar) C:\Users\New Owner\Desktop\FRST64.exe
2015-11-17 14:24 - 2015-11-17 14:24 - 02008576 _____ (Farbar) C:\Users\New Owner\Downloads\FRST64.exe
2015-11-17 14:17 - 2015-11-17 14:17 - 00016148 _____ C:\WINDOWS\system32\VIOLATRON_New Owner_HistoryPrediction.bin
2015-11-11 15:53 - 2015-11-11 15:55 - 00000000 ____D C:\AdwCleaner
2015-11-11 15:52 - 2015-11-11 15:53 - 01712128 _____ C:\Users\New Owner\Downloads\AdwCleaner.exe
2015-11-11 12:45 - 2015-11-11 13:36 - 00000000 ____D C:\Users\New Owner\Documents\testdisk-7.0
2015-11-11 12:33 - 2015-11-11 14:08 - 00000000 ____D C:\Program Files (x86)\Wondershare
2015-11-11 12:32 - 2015-11-11 12:33 - 07171680 _____ (Wondershare Co., Ltd. ) C:\Users\New Owner\Downloads\photo-recovery_full831.exe
2015-11-11 11:55 - 2015-11-11 11:59 - 00000000 ____D C:\Users\New Owner\Desktop\sd_recov
2015-11-11 11:53 - 2015-11-11 11:53 - 00001710 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-11-11 11:53 - 2015-11-11 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-11-11 11:53 - 2015-11-11 11:53 - 00000000 ____D C:\Program Files\Recuva
2015-11-11 11:43 - 2015-11-11 11:53 - 04426120 _____ (Piriform Ltd) C:\Users\New Owner\Downloads\rcsetup152.exe
2015-11-11 11:17 - 2015-11-11 11:18 - 00000881 _____ C:\WINDOWS\setupact.log
2015-11-11 11:17 - 2015-11-11 11:17 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-11-11 11:08 - 2015-11-11 11:22 - 00000000 ____D C:\Users\New Owner\Desktop\old phone
2015-11-11 11:03 - 2015-11-11 11:03 - 00000648 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-10 17:35 - 2015-11-04 21:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 17:35 - 2015-11-04 21:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 17:35 - 2015-11-04 21:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 17:35 - 2015-11-04 21:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 17:35 - 2015-11-04 21:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 17:35 - 2015-11-04 21:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 17:35 - 2015-11-04 20:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 17:35 - 2015-11-04 20:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 17:35 - 2015-11-04 20:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 17:35 - 2015-11-04 20:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 17:35 - 2015-11-04 20:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 17:35 - 2015-11-04 20:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 17:35 - 2015-11-04 20:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 17:35 - 2015-11-04 20:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 17:35 - 2015-11-04 20:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 17:35 - 2015-11-04 20:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 17:35 - 2015-11-04 20:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 17:35 - 2015-11-04 20:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 17:35 - 2015-11-04 20:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 17:35 - 2015-11-04 20:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 17:35 - 2015-11-04 20:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 17:35 - 2015-11-04 20:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 17:35 - 2015-11-04 20:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 17:35 - 2015-11-04 20:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 17:35 - 2015-11-04 20:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 17:35 - 2015-11-04 20:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 17:35 - 2015-11-04 19:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 17:35 - 2015-11-04 19:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 17:35 - 2015-11-04 19:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 17:35 - 2015-11-04 19:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 17:35 - 2015-11-04 19:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 17:35 - 2015-11-04 19:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 17:35 - 2015-11-04 19:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 17:35 - 2015-11-04 19:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 17:35 - 2015-11-04 19:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 17:35 - 2015-11-04 19:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 17:35 - 2015-11-04 19:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 17:35 - 2015-11-04 19:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 17:35 - 2015-11-04 19:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 17:35 - 2015-11-04 19:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 17:35 - 2015-11-04 19:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 17:34 - 2015-11-04 21:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 17:34 - 2015-11-04 21:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 17:34 - 2015-11-04 20:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 17:34 - 2015-11-04 20:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 17:34 - 2015-11-04 20:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 17:34 - 2015-11-04 20:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 17:34 - 2015-11-04 20:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 17:34 - 2015-11-04 19:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 17:34 - 2015-11-04 19:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 17:34 - 2015-11-04 19:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 17:34 - 2015-11-04 19:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 17:34 - 2015-11-04 19:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 17:11 - 2015-11-11 15:58 - 00006206 _____ C:\WINDOWS\PFRO.log
2015-11-10 12:33 - 2015-11-10 12:33 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\W10LogonChanger
2015-11-10 12:32 - 2015-11-10 12:32 - 00000000 ____D C:\Users\New Owner\Documents\GUI
2015-11-10 12:31 - 2015-11-10 12:31 - 02681221 _____ C:\Users\New Owner\Downloads\Win10BGChanger1.2.0.0.zip
2015-11-09 21:10 - 2015-11-09 21:10 - 00000028 _____ C:\Users\New Owner\Desktop\popup.txt
2015-11-09 20:59 - 2015-11-17 13:26 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-09 20:43 - 2015-11-09 21:05 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\GlarySoft
2015-11-09 20:43 - 2015-11-09 20:43 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2015-11-09 20:43 - 2015-11-09 20:43 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\DiskDefrag
2015-11-09 20:41 - 2015-11-09 20:42 - 15326448 _____ C:\Users\New Owner\Downloads\gu5setup.exe
2015-11-09 20:32 - 2015-11-09 21:26 - 00000000 ____D C:\Users\New Owner\Downloads\Ant Man 2015 1080p WEB-Rip H264 AAC - KiNGDOM
2015-11-09 20:28 - 2015-11-10 14:17 - 00000000 ____D C:\Users\New Owner\Downloads\Adventure Time - Season 6 Complete
2015-11-09 19:55 - 2015-11-09 19:55 - 00001133 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-11-09 19:55 - 2015-11-09 19:55 - 00000000 ____D C:\Users\New Owner\AppData\Local\VS Revo Group
2015-11-09 19:55 - 2015-11-09 19:55 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-11-09 19:55 - 2015-11-09 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-11-09 19:55 - 2015-11-09 19:55 - 00000000 ____D C:\Program Files\VS Revo Group
2015-11-09 19:55 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-11-09 19:54 - 2015-11-09 19:54 - 11069616 _____ (VS Revo Group ) C:\Users\New Owner\Downloads\RevoUninProSetup.exe
2015-11-09 15:16 - 2015-11-09 15:16 - 11337112 _____ (SurfRight B.V.) C:\Users\New Owner\Downloads\HitmanPro_x64.exe
2015-11-09 15:05 - 2015-11-09 15:05 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-11-09 14:51 - 2015-11-09 14:51 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-09 14:48 - 2015-11-09 14:51 - 02012464 _____ C:\Users\New Owner\Downloads\Adaware_Installer.exe
2015-11-07 22:11 - 2015-11-09 14:30 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-07 22:06 - 2015-11-09 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-11-07 22:06 - 2015-11-07 22:06 - 00000000 ____D C:\ProgramData\Anvisoft
2015-11-07 22:06 - 2015-11-07 22:06 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2015-11-07 22:06 - 2015-09-16 17:52 - 00051608 _____ (Anvisoft) C:\WINDOWS\system32\Drivers\asd2fsm.sys
2015-11-07 22:04 - 2015-11-09 15:29 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-11-07 20:54 - 2009-06-10 13:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20151107-205406.backup
2015-11-07 19:55 - 2015-11-07 22:06 - 39269240 _____ (Anvisoft) C:\Users\New Owner\Downloads\asdsetup.exe
2015-11-07 19:29 - 2015-11-07 19:29 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-07 19:28 - 2015-11-08 22:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-07 17:40 - 2015-11-07 17:40 - 00002478 _____ C:\Users\New Owner\Desktop\Safe Money.lnk
2015-11-07 17:35 - 2015-11-07 17:35 - 00002216 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-11-07 17:35 - 2015-11-07 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-11-07 17:35 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-11-07 17:34 - 2015-11-07 18:31 - 00925064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-11-07 17:34 - 2015-11-07 18:31 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-11-07 17:34 - 2015-11-07 17:44 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-11-07 17:23 - 2015-11-07 17:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-11-07 17:20 - 2015-11-07 17:20 - 00000000 ____D C:\KVRT_Data
2015-11-07 17:17 - 2015-11-17 13:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-07 17:17 - 2015-11-09 15:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-07 17:17 - 2015-11-07 17:17 - 00717656 _____ (Kaspersky Lab) C:\Users\New Owner\Downloads\setup.exe
2015-11-07 17:16 - 2015-11-07 17:20 - 94051992 _____ (Kaspersky Lab ZAO) C:\Users\New Owner\Downloads\KVRT.exe
2015-11-07 17:14 - 2015-11-07 17:14 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\New Owner\Downloads\tdsskiller.exe
2015-11-07 16:34 - 2015-11-07 16:34 - 00000000 _____ C:\autoexec.bat
2015-11-07 16:11 - 2015-11-07 16:11 - 00001585 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-11-07 16:11 - 2015-11-07 16:11 - 00000000 ____D C:\Riot Games
2015-11-07 16:11 - 2015-11-07 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-11-07 16:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-11-07 16:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-11-07 16:11 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-11-07 16:11 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-11-07 16:11 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-11-07 16:09 - 2015-11-07 16:12 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\Riot Games
2015-11-07 10:52 - 2015-11-07 10:53 - 06762072 _____ (Piriform Ltd) C:\Users\New Owner\Downloads\ccsetup511.exe
2015-11-07 07:00 - 2015-11-07 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-21 15:03 - 2015-10-21 15:03 - 03867040 _____ C:\WINDOWS\system32\PortChanger.exe
2015-10-21 15:03 - 2015-10-21 15:03 - 02398112 _____ (Hewlett Packard) C:\WINDOWS\system32\hppldcoi.dll
2015-10-21 15:03 - 2015-10-21 15:03 - 01304576 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpowiav1.dll
2015-10-21 15:03 - 2015-10-21 15:03 - 00736256 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl1.dll
2015-10-21 15:03 - 2015-10-21 15:03 - 00151968 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4.sys
2015-10-21 15:03 - 2015-10-21 15:03 - 00049056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dot4usb.sys
2015-10-21 15:03 - 2015-10-21 15:03 - 00027040 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4Prt.sys
2015-10-19 14:04 - 2015-10-31 19:47 - 00000000 ____D C:\Users\New Owner\Downloads\Fable Anniversary PC full game + DLC ^^nosTEAM^^
2015-10-18 21:32 - 2015-11-09 14:38 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-18 01:37 - 2015-10-18 01:37 - 00000000 ____D C:\Users\New Owner\AppData\LocalLow\Temp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-17 14:23 - 2010-12-28 16:52 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-17 14:08 - 2012-04-29 17:31 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751227608-273511618-715688685-1001UA.job
2015-11-17 14:07 - 2012-04-29 17:31 - 00000872 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751227608-273511618-715688685-1001Core.job
2015-11-17 13:51 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-17 13:37 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-17 13:31 - 2014-12-23 13:44 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\vlc
2015-11-17 13:23 - 2015-10-13 05:12 - 00000000 ____D C:\Users\New Owner
2015-11-17 13:23 - 2015-10-10 16:20 - 00001004 _____ C:\WINDOWS\Tasks\VUvszdTz.job
2015-11-17 13:23 - 2015-10-10 16:20 - 00001002 _____ C:\WINDOWS\Tasks\OlA9my4.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001036 _____ C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001032 _____ C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job
2015-11-17 13:23 - 2012-03-10 00:33 - 00000000 ____D C:\Temp
2015-11-17 13:23 - 2010-12-28 16:52 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-17 12:50 - 2015-07-30 13:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-11 15:58 - 2015-07-10 01:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-11 15:56 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 11:55 - 2015-10-13 05:10 - 01006528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-11 11:39 - 2015-10-14 16:24 - 00000000 ____D C:\Users\New Owner\Desktop\phone_Stuff
2015-11-11 11:04 - 2015-01-02 11:56 - 00000000 ____D C:\Users\New Owner\Documents\mine
2015-11-10 17:54 - 2015-07-30 14:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 17:54 - 2011-08-21 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 17:48 - 2013-08-12 16:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 17:44 - 2011-08-19 20:05 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 17:10 - 2014-12-26 00:20 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\BitComet
2015-11-10 09:51 - 2014-12-31 01:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-09 20:37 - 2015-01-21 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter
2015-11-09 20:04 - 2011-09-13 23:27 - 00000000 ____D C:\ProgramData\BOINC
2015-11-09 15:29 - 2015-07-30 13:49 - 00331776 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-09 14:38 - 2015-10-13 06:02 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-09 14:38 - 2014-12-31 12:08 - 00000000 ____D C:\Users\New Owner\AppData\Local\CrashDumps
2015-11-07 22:50 - 2015-01-21 18:27 - 00000000 ____D C:\Program Files (x86)\freac
2015-11-07 18:31 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-11-07 18:31 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-11-07 17:35 - 2015-07-10 01:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-07 17:34 - 2015-07-30 14:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-07 17:31 - 2015-10-11 09:14 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-07 17:30 - 2015-10-12 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 16:05 - 2015-10-13 07:09 - 00000000 ____D C:\Users\New Owner\AppData\Local\Comms
2015-11-07 08:57 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-03 10:20 - 2015-07-30 14:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 10:20 - 2015-07-30 14:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-31 17:26 - 2015-10-06 00:30 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-31 17:26 - 2015-10-06 00:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-21 16:08 - 2015-10-17 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 16:08 - 2010-12-28 07:41 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-21 16:07 - 2011-10-22 18:46 - 00000000 ____D C:\ProgramData\Apple
2015-10-21 13:48 - 2015-10-17 23:22 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 13:48 - 2015-10-17 23:22 - 00000000 ____D C:\Users\New Owner\.oracle_jre_usage
2015-10-21 13:36 - 2015-01-15 13:42 - 00000000 ____D C:\Users\New Owner\AppData\Local\Adobe
2015-10-21 13:36 - 2014-12-22 23:38 - 00000000 ____D C:\Users\New Owner\AppData\Roaming\Adobe
2015-10-19 10:46 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-18 04:23 - 2015-10-13 07:55 - 00000776 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor Browser.lnk
2015-10-18 04:23 - 2015-10-13 07:38 - 00000624 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2015-10-18 04:23 - 2015-10-13 07:34 - 00000607 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.lnk
2015-10-18 04:23 - 2015-10-13 07:34 - 00000604 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music.lnk
2015-10-18 04:23 - 2015-10-13 07:11 - 00002395 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-18 04:22 - 2015-10-12 14:59 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-18 04:22 - 2015-10-06 18:50 - 00001432 _____ C:\Users\New Owner\Desktop\Castlevania - Lords of Shadow.lnk
2015-10-18 04:22 - 2014-12-26 00:17 - 00001068 _____ C:\Users\Public\Desktop\OpenVPN.lnk
2015-10-18 04:22 - 2014-04-06 03:08 - 00001876 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-10-18 04:22 - 2012-04-07 17:36 - 00002034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.6 64-bit.lnk

==================== Files in the root of some directories =======

2014-12-22 13:43 - 2014-12-22 13:43 - 6000640 _____ () C:\Program Files (x86)\GUT1342.tmp
2014-03-08 11:27 - 2014-03-08 11:27 - 49940480 _____ () C:\Program Files (x86)\GUT458D.tmp
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OlA9my4
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\VUvszdTz
2012-06-21 19:37 - 2012-06-21 19:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-08-28 18:08 - 2014-12-23 09:50 - 0008340 _____ () C:\ProgramData\hpzinstall.log
2011-08-30 17:34 - 2011-08-30 17:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Some files in TEMP:
====================
C:\Users\New Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-09 21:36

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-11-2015
Ran by New Owner (2015-11-17 14:28:42)
Running from C:\Users\New Owner\Desktop
Windows 10 Home (X64) (2015-10-13 15:07:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2751227608-273511618-715688685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2751227608-273511618-715688685-503 - Limited - Disabled)
Guest (S-1-5-21-2751227608-273511618-715688685-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2751227608-273511618-715688685-1007 - Limited - Enabled)
New Owner (S-1-5-21-2751227608-273511618-715688685-1008 - Administrator - Enabled) => C:\Users\New Owner
UpdatusUser (S-1-5-21-2751227608-273511618-715688685-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
BitComet 1.37 (HKLM-x32\...\BitComet) (Version: 1.37 - CometNetwork)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Castlevania - Lords of Shadow (HKLM-x32\...\Castlevania - Lords of Shadow_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Livescribe Connect (HKLM-x32\...\com.livescribe.LivescribeConnect) (Version: 1.2.1.58498 - Livescribe Inc)
Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.2.35 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 1.0.41 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\MusicManager) (Version:  - Google, Inc.)
NVIDIA 3D Vision Controller Driver 265.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 265.89 - NVIDIA Corporation)
NVIDIA Graphics Driver 265.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.89 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenVPN 2.3.3-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.3-I001 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{F1487CE7-F221-4391-B0EE-7009A668ED2B}) (Version: 1.3.3.64V - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.1.3C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.32C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.85.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.3.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 for x64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.6 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.5.07-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.5.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.30 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-10-2015 13:29:02 Installed iTunes
31-10-2015 14:34:03 Windows Update
07-11-2015 16:09:52 Installed League of Legends
09-11-2015 14:51:40 AA11
17-11-2015 13:07:28 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-11-07 20:54 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15463 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0328A098-1467-4A62-8A3D-9905D300F7A2} - System32\Tasks\VUvszdTz => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION
Task: {069867FD-B6B9-4B49-B9EC-DC4712EC7059} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2751227608-273511618-715688685-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {080574B0-6EEC-48CE-9769-F5844BE34C2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {0AE8B8B5-15B5-4ABF-BE28-8A31BDF06E18} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2751227608-273511618-715688685-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {0BBE6885-6CC7-4B0F-BF49-023B134CC16C} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {0CEAE641-E0C6-4663-96EC-B96A5B4D28EE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2751227608-273511618-715688685-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {1C6AF0F0-4407-47FE-A787-9A1067A2F1B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {1F6A15CC-CB72-4CE0-9413-4D663E92CFFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751227608-273511618-715688685-1001UA => C:\Users\G-Unit707\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {252539A8-BD7A-4CA9-8441-24F8C10F4686} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {25641FBC-F920-4A5E-9055-643501B9FDB1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751227608-273511618-715688685-1001Core => C:\Users\G-Unit707\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2848C859-EBB6-4BE2-A3CD-897C049B5742} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2EC88916-CC1A-4637-8A39-164A1FDD6CDE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4C12C53C-CA1B-4F8D-A3A3-FFEEFC0FC044} - System32\Tasks\OVL8xAISyVpfq0JSwPPj5DVm => C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION
Task: {4EA14119-7400-42B2-A838-E9D643896F81} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {56782509-86BA-4FD9-B3C3-6FCA43BF3125} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56F35CCD-0B21-42A9-8484-365CEEE47897} - System32\Tasks\L9DXap5fBfDxHdtnuEspxW => C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW.exe <==== ATTENTION
Task: {5CE71F00-4F12-4901-B7B5-1C8FA0139449} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2751227608-273511618-715688685-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {6D07AA53-283E-43C2-A751-664C29A7E17D} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {70E73D2E-0C2C-4504-945D-C8C4EF979BC7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
Task: {715CB81B-D12F-4321-806D-266A7ACE2279} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {72DF5BE2-D6F3-4E71-8B0D-59306A7ED0E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77ABB44D-0101-4E54-B822-D6C1F91E818E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {79EDB309-94CC-4DB3-9E2A-ADF4B2604898} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {7D1F5D15-B385-4977-A6DC-C912A88B7FB7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D8C877E-C745-4F1E-9E3F-E1353F871530} - System32\Tasks\Backup Update Service => p:\\jmp2.in\
Task: {838A582E-1072-4A55-8E7D-AB8355427126} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {8A0C8EDA-E764-451E-867B-05E438AB140B} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {8CF4905D-B42E-42EA-9992-2E24C5AB5CF7} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {9722E527-A384-4579-BC19-A30A77AC2B7C} - \Win Update Service -> No File <==== ATTENTION
Task: {991F22F5-2E76-46FD-8347-3F541917B8BB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2751227608-273511618-715688685-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {99A1BAFD-F3CE-4658-AEA7-70C180F5E77E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9CA9E034-C1A9-414C-8EA7-CB2971D195C5} - \Inst_Rep -> No File <==== ATTENTION
Task: {9F814CBB-F3F0-4DD8-B904-D601F078993F} - System32\Tasks\{C53A285B-4520-4AEE-BA33-C29BAAF71E22} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/7940
Task: {A168BAD6-02B9-45F4-9AA6-38917D1EB754} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A828488F-0539-441D-984F-A588C6097C04} - System32\Tasks\OlA9my4 => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION
Task: {AE026301-64D4-4401-9F62-11A0212C0B55} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2751227608-273511618-715688685-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {BE5BAFD1-64CC-494D-AD6F-AE00740592E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D771A22E-D6E1-4F92-B150-C59A1E96EAA8} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {DA6AC55B-B316-4E2C-B002-646506AEF975} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DAE6C77B-B4FA-4D5C-9710-343355751806} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-09-28] ()
Task: {EEDB81AA-B7DA-4D92-A05A-16A4811BDE1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F5832AD8-BE95-442C-84CF-128EC4AF452F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {FA79536E-35DB-4BBD-9D83-698CA1145636} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751227608-273511618-715688685-1001Core.job => C:\Users\G-Unit707\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751227608-273511618-715688685-1001UA.job => C:\Users\G-Unit707\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job => C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OlA9my4.job => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job => C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VUvszdTz.job => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-09-09 21:08 - 2015-09-09 21:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-13 05:07 - 2015-07-13 09:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-09 21:08 - 2015-09-09 21:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2012-10-02 10:45 - 2012-10-02 10:45 - 00120728 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
2015-10-13 05:58 - 2015-10-13 05:58 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2012-10-02 10:41 - 2012-10-02 10:41 - 00694168 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
2015-10-13 05:58 - 2015-10-13 05:58 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-13 05:58 - 2015-10-13 05:58 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-13 05:58 - 2015-10-13 05:58 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-13 05:58 - 2015-10-13 05:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-13 05:58 - 2015-10-13 05:58 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 19:13 - 2015-09-09 21:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-10-13 05:58 - 2015-10-13 05:58 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-10-31 17:29 - 2015-10-31 17:29 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-10-31 17:29 - 2015-10-31 17:29 - 10958848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-10-31 17:25 - 2015-10-31 17:25 - 00245760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-09-09 21:08 - 2015-09-09 21:08 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-11-10 09:50 - 2015-11-10 09:51 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2015-10-13 07:46 - 2015-10-13 07:47 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2012-09-26 13:57 - 2012-09-26 13:57 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1000\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2751227608-273511618-715688685-1008\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2751227608-273511618-715688685-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2751227608-273511618-715688685-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\New Owner\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^G-Unit707^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MusicManager => "C:\Users\G-Unit707\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"
HKLM\...\StartupApproved\StartupFolder: => "Kaspersky Software Updater Beta.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{A93E2C47-642E-44AE-AE59-83B0C84F5DBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{9D4138CE-ED2A-45D2-8AB1-C8B1F3017C6D}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{008A9F72-BEB5-4FDF-AFFB-80CCEC576008}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{7217DB95-6B3D-43C1-AC46-2DF32A90099C}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{EEFB9772-2E8E-4BFE-A781-6F0AD0380587}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{BC8DA03C-3B16-4449-9BE9-3840474282D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{23EE68E1-0C9E-42FB-A3CA-91F308A51568}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{C02D1005-6DE2-4388-8758-AF7577022964}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{369303B0-B551-4AB6-ACBA-52724DA6FD2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{037266F1-2B0C-4DFE-88A2-9373A1FE043C}] => (Allow) C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{43031197-5C22-4968-9018-916BC072AD02}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{391DE090-92E1-435C-847B-0EE618C17E73}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{0675A17E-5F58-40F0-926D-790849308948}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{9D6FB2A6-86E9-4E67-B3A5-19BB9AA05124}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{AF55ECBA-D9BF-4FAA-9453-F611BE29F4CB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{89CF3F7C-B222-4B77-9184-C99188B36980}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [TCP Query User{44A174B4-D05C-4B12-91B4-B192FF806E83}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{B1EA1D60-5FBC-46DB-9FC6-CA8BD0FEB35C}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{89C27F27-14B2-4FD3-8697-3FAE807E55C4}C:\program files (x86)\bitcomet\bitcomet.exe] => (Allow) C:\program files (x86)\bitcomet\bitcomet.exe
FirewallRules: [UDP Query User{5AF0F61C-8A96-4C4C-B9E5-6DB3665DA879}C:\program files (x86)\bitcomet\bitcomet.exe] => (Allow) C:\program files (x86)\bitcomet\bitcomet.exe
FirewallRules: [{BB87C6A7-D4A3-4068-B597-FBFA914ACEAC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96AFC59F-408F-49B5-82AB-F764450CB644}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2015 01:24:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16515, time stamp: 0x55fa599a
Faulting module name: StartUI.dll, version: 10.0.10240.16515, time stamp: 0x55fa5463
Exception code: 0xc0000005
Fault offset: 0x00000000000368c3
Faulting process id: 0x11d0
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (11/17/2015 01:08:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/11/2015 03:55:51 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: PC Health Info Connection. Error: Operation failed.

Error: (11/11/2015 03:55:51 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Alerts. Error: Operation failed.

Error: (11/11/2015 03:55:51 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

Error: (11/11/2015 00:31:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIOLATRON)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/11/2015 07:30:02 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIOLATRON)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/10/2015 09:48:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIOLATRON)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/10/2015 04:39:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIOLATRON)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/10/2015 04:22:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VIOLATRON)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (11/17/2015 01:27:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/17/2015 00:50:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/17/2015 00:50:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:00:00 PM on ‎11/‎11/‎2015 was unexpected.

Error: (11/11/2015 04:06:19 PM) (Source: DCOM) (EventID: 10016) (User: VIOLATRON)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}VIOLATRONNew OwnerS-1-5-21-2751227608-273511618-715688685-1008LocalHost (Using LRPC)Microsoft.WindowsStore_2015.21.12.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (11/11/2015 04:00:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (11/11/2015 03:56:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/11/2015 03:55:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/11/2015 03:55:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/11/2015 03:55:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/11/2015 03:55:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-11-17 13:19:58.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:19:57.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:19:54.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:19:53.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:14:55.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:14:55.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:14:52.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-17 13:14:50.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-11-07 18:26:58.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-07 18:26:58.793
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 6050.68 MB
Available physical RAM: 3579.05 MB
Total Virtual: 12194.68 MB
Available Virtual: 9334.13 MB

==================== Drives ================================

Drive c: (TI106051W0J) (Fixed) (Total:581.21 GB) (Free:341.2 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: D82D6D2D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13 GB) - (Type=17)

==================== End of Addition.txt ============================

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 17 November 2015 - 11:10 PM

Thank you. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2751227608-273511618-715688685-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 -> {3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL =
oolbar: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin HKU\S-1-5-21-2751227608-273511618-715688685-1008: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-11-17 13:23 - 2015-10-10 16:20 - 00001004 _____ C:\WINDOWS\Tasks\VUvszdTz.job
2015-11-17 13:23 - 2015-10-10 16:20 - 00001002 _____ C:\WINDOWS\Tasks\OlA9my4.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001036 _____ C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001032 _____ C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job
2014-12-22 13:43 - 2014-12-22 13:43 - 6000640 _____ () C:\Program Files (x86)\GUT1342.tmp
2014-03-08 11:27 - 2014-03-08 11:27 - 49940480 _____ () C:\Program Files (x86)\GUT458D.tmp
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OlA9my4
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\VUvszdTz
Task: {0328A098-1467-4A62-8A3D-9905D300F7A2} - System32\Tasks\VUvszdTz => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION
Task: {0BBE6885-6CC7-4B0F-BF49-023B134CC16C} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {252539A8-BD7A-4CA9-8441-24F8C10F4686} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2EC88916-CC1A-4637-8A39-164A1FDD6CDE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4C12C53C-CA1B-4F8D-A3A3-FFEEFC0FC044} - System32\Tasks\OVL8xAISyVpfq0JSwPPj5DVm => C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION
Task: {4EA14119-7400-42B2-A838-E9D643896F81} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {56782509-86BA-4FD9-B3C3-6FCA43BF3125} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56F35CCD-0B21-42A9-8484-365CEEE47897} - System32\Tasks\L9DXap5fBfDxHdtnuEspxW => C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW.exe <==== ATTENTION
Task: {72DF5BE2-D6F3-4E71-8B0D-59306A7ED0E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77ABB44D-0101-4E54-B822-D6C1F91E818E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {79EDB309-94CC-4DB3-9E2A-ADF4B2604898} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {7D1F5D15-B385-4977-A6DC-C912A88B7FB7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D8C877E-C745-4F1E-9E3F-E1353F871530} - System32\Tasks\Backup Update Service => p:\\jmp2.in\
Task: {8A0C8EDA-E764-451E-867B-05E438AB140B} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {9722E527-A384-4579-BC19-A30A77AC2B7C} - \Win Update Service -> No File <==== ATTENTION
Task: {99A1BAFD-F3CE-4658-AEA7-70C180F5E77E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9CA9E034-C1A9-414C-8EA7-CB2971D195C5} - \Inst_Rep -> No File <==== ATTENTION
Task: {A168BAD6-02B9-45F4-9AA6-38917D1EB754} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A828488F-0539-441D-984F-A588C6097C04} - System32\Tasks\OlA9my4 => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION
Task: {BE5BAFD1-64CC-494D-AD6F-AE00740592E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D771A22E-D6E1-4F92-B150-C59A1E96EAA8} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {DA6AC55B-B316-4E2C-B002-646506AEF975} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EEDB81AA-B7DA-4D92-A05A-16A4811BDE1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job => C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OlA9my4.job => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job => C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VUvszdTz.job => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Junkware log
  • ListParts log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 axeinurface

axeinurface
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 17 November 2015 - 11:39 PM

Hey Gary,

     Thanks for helping me out. I know the p2p thing is never a good idea, but I really never have any serious issues from it. I downloaded a program from a forum I was on and as the files were installing, I noticed it had automatically began to download a bunch of random, crappy software. Good looking out though. Anywho, I'll definitely keep you posted on if anything changes. Here are the next set of logs you wanted. Cheers.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-11-2015
Ran by New Owner (2015-11-17 20:14:44) Run:1
Running from C:\Users\New Owner\Desktop
Loaded Profiles: UpdatusUser & New Owner (Available Profiles: UpdatusUser & New Owner & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] ->
{472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2751227608-273511618-715688685-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 ->
{3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL =
oolbar: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin HKU\S-1-5-21-2751227608-273511618-715688685-1008: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-11-17 13:23 - 2015-10-10 16:20 - 00001004 _____ C:\WINDOWS\Tasks\VUvszdTz.job
2015-11-17 13:23 - 2015-10-10 16:20 - 00001002 _____ C:\WINDOWS\Tasks\OlA9my4.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001036 _____ C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001032 _____
C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job
2014-12-22 13:43 - 2014-12-22 13:43 - 6000640 _____ () C:\Program Files (x86)\GUT1342.tmp
2014-03-08 11:27 - 2014-03-08 11:27 - 49940480 _____ () C:\Program Files (x86)\GUT458D.tmp
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OlA9my4
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\VUvszdTz
Task: {0328A098-1467-4A62-8A3D-9905D300F7A2} - System32\Tasks\VUvszdTz => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION
Task: {0BBE6885-6CC7-4B0F-BF49-023B134CC16C} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {252539A8-BD7A-4CA9-8441-24F8C10F4686} -
\Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 10 Home x64
Ran by New Owner (Administrator) on Tue 11/17/2015 at 20:27:06.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\New Owner\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\New Owner\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\New Owner\AppData\Roaming\freefileviewer (Folder)



Registry: 1

Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/17/2015 at 20:28:57.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ListParts by Farbar Version: 31-07-2014
Ran by New Owner (administrator) on 17-11-2015 at 20:31:05
WIN_81 (X64)
Running From: C:\Users\New Owner\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 6050.68 MB
Available physical RAM: 4061.64 MB
Total Pagefile: 12194.68 MB
Available Pagefile: 10254.44 MB
Total Virtual: 131072 MB
Available Virtual: 131071.87 MB

======================= Partitions =========================

1 Drive c: (TI106051W0J) (Fixed) (Total:581.21 GB) (Free:342.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          596 GB      0 B         

Partitions of Disk 0:
===============


Disk ID: D82D6D2D

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            581 GB  1501 MB
  Partition 3    Recovery           504 MB   582 GB
  Partition 4    Primary             13 GB   583 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         System       NTFS   Partition   1500 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI106051W0J  NTFS   Partition    581 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 3
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3                      NTFS   Partition    504 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 4
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: D82D6D2D
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13 GB) - (Type=17)


****** End Of Log ******

 

 

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 18 November 2015 - 10:58 AM

Greetings,

I don't see a full Fixlog report. It should not only list the contents of the Fixlist but also show the results of running the Fix. Can you check the report to see if there is additional information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 axeinurface

axeinurface
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 18 November 2015 - 07:37 PM

I might have just missed it when I was copy and pasting everything to the reply. I haven't had any popup issues since doing the things you told me to do. Here is the complete contents of the fixlog::

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-11-2015
Ran by New Owner (2015-11-17 20:14:44) Run:1
Running from C:\Users\New Owner\Desktop
Loaded Profiles: UpdatusUser & New Owner (Available Profiles: UpdatusUser & New Owner & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] ->
{472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2751227608-273511618-715688685-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 ->
{3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL =
oolbar: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin HKU\S-1-5-21-2751227608-273511618-715688685-1008: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-11-17 13:23 - 2015-10-10 16:20 - 00001004 _____ C:\WINDOWS\Tasks\VUvszdTz.job
2015-11-17 13:23 - 2015-10-10 16:20 - 00001002 _____ C:\WINDOWS\Tasks\OlA9my4.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001036 _____ C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job
2015-11-17 13:23 - 2015-10-10 16:19 - 00001032 _____
C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job
2014-12-22 13:43 - 2014-12-22 13:43 - 6000640 _____ () C:\Program Files (x86)\GUT1342.tmp
2014-03-08 11:27 - 2014-03-08 11:27 - 49940480 _____ () C:\Program Files (x86)\GUT458D.tmp
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OlA9my4
2015-04-19 04:20 - 2015-10-11 13:53 - 0000626 _____ () C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm
2015-04-14 08:28 - 2015-04-14 08:28 - 0001171 _____ () C:\Users\New Owner\AppData\Roaming\VUvszdTz
Task: {0328A098-1467-4A62-8A3D-9905D300F7A2} - System32\Tasks\VUvszdTz => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION
Task: {0BBE6885-6CC7-4B0F-BF49-023B134CC16C} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {252539A8-BD7A-4CA9-8441-24F8C10F4686} -
\Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2EC88916-CC1A-4637-8A39-164A1FDD6CDE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4C12C53C-CA1B-4F8D-A3A3-FFEEFC0FC044} - System32\Tasks\OVL8xAISyVpfq0JSwPPj5DVm => C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION
Task: {4EA14119-7400-42B2-A838-E9D643896F81} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {56782509-86BA-4FD9-B3C3-6FCA43BF3125} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56F35CCD-0B21-42A9-8484-365CEEE47897} - System32\Tasks\L9DXap5fBfDxHdtnuEspxW => C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW.exe <==== ATTENTION
Task: {72DF5BE2-D6F3-4E71-8B0D-59306A7ED0E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77ABB44D-0101-4E54-B822-D6C1F91E818E} -
\Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {79EDB309-94CC-4DB3-9E2A-ADF4B2604898} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {7D1F5D15-B385-4977-A6DC-C912A88B7FB7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7D8C877E-C745-4F1E-9E3F-E1353F871530} - System32\Tasks\Backup Update Service => p:\\jmp2.in\
Task: {8A0C8EDA-E764-451E-867B-05E438AB140B} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {9722E527-A384-4579-BC19-A30A77AC2B7C} - \Win Update Service -> No File <==== ATTENTION
Task: {99A1BAFD-F3CE-4658-AEA7-70C180F5E77E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9CA9E034-C1A9-414C-8EA7-CB2971D195C5} - \Inst_Rep -> No File <==== ATTENTION
Task: {A168BAD6-02B9-45F4-9AA6-38917D1EB754} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task:
{A828488F-0539-441D-984F-A588C6097C04} - System32\Tasks\OlA9my4 => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION
Task: {BE5BAFD1-64CC-494D-AD6F-AE00740592E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D771A22E-D6E1-4F92-B150-C59A1E96EAA8} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {DA6AC55B-B316-4E2C-B002-646506AEF975} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EEDB81AA-B7DA-4D92-A05A-16A4811BDE1C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job => C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OlA9my4.job => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job => C:\Users\New
Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VUvszdTz.job => C:\Users\New Owner\AppData\Roaming\VUvszdTz.exe <==== ATTENTION

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [00avast] -> => key not found.
HKCR\CLSID\ShellIconOverlayIdentifiers: [00avast] -> => key not found.
{472083B0-C522-11CF-8763-00608CC02F24} =>  No File => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2751227608-273511618-715688685-1008\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 ->\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SearchScopes: HKU\S-1-5-21-2751227608-273511618-715688685-1008 -> => value not found.
{3B742306-AEA3-4EA0-8F46-8542FD3EDDA2} URL = => Error: No automatic fix found for this entry.
oolbar: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2751227608-273511618-715688685-1008\Software\MozillaPlugins\anvisoft.com/AdblockPlugin" => key removed successfully
C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\WINDOWS\Tasks\VUvszdTz.job => moved successfully
C:\WINDOWS\Tasks\OlA9my4.job => moved successfully
C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job => moved successfully
"2015-11-17 13:23 - 2015-10-10 16:19 - 00001032 _____" => not found.
C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job => moved successfully
C:\Program Files (x86)\GUT1342.tmp => moved successfully
C:\Program Files (x86)\GUT458D.tmp => moved successfully
C:\Users\New Owner\AppData\Roaming\L9DXap5fBfDxHdtnuEspxW => moved successfully
C:\Users\New Owner\AppData\Roaming\OlA9my4 => moved successfully
C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm => moved successfully
C:\Users\New Owner\AppData\Roaming\VUvszdTz => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0328A098-1467-4A62-8A3D-9905D300F7A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0328A098-1467-4A62-8A3D-9905D300F7A2}" => key removed successfully
C:\WINDOWS\System32\Tasks\VUvszdTz => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VUvszdTz" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BBE6885-6CC7-4B0F-BF49-023B134CC16C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BBE6885-6CC7-4B0F-BF49-023B134CC16C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {252539A8-BD7A-4CA9-8441-24F8C10F4686} - => key not found.
\Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EC88916-CC1A-4637-8A39-164A1FDD6CDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EC88916-CC1A-4637-8A39-164A1FDD6CDE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C12C53C-CA1B-4F8D-A3A3-FFEEFC0FC044}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C12C53C-CA1B-4F8D-A3A3-FFEEFC0FC044}" => key removed successfully
C:\WINDOWS\System32\Tasks\OVL8xAISyVpfq0JSwPPj5DVm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OVL8xAISyVpfq0JSwPPj5DVm" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EA14119-7400-42B2-A838-E9D643896F81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA14119-7400-42B2-A838-E9D643896F81}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56782509-86BA-4FD9-B3C3-6FCA43BF3125}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56782509-86BA-4FD9-B3C3-6FCA43BF3125}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56F35CCD-0B21-42A9-8484-365CEEE47897}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56F35CCD-0B21-42A9-8484-365CEEE47897}" => key removed successfully
C:\WINDOWS\System32\Tasks\L9DXap5fBfDxHdtnuEspxW => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\L9DXap5fBfDxHdtnuEspxW" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72DF5BE2-D6F3-4E71-8B0D-59306A7ED0E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DF5BE2-D6F3-4E71-8B0D-59306A7ED0E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {77ABB44D-0101-4E54-B822-D6C1F91E818E} - => key not found.
\Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79EDB309-94CC-4DB3-9E2A-ADF4B2604898}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79EDB309-94CC-4DB3-9E2A-ADF4B2604898}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D1F5D15-B385-4977-A6DC-C912A88B7FB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D1F5D15-B385-4977-A6DC-C912A88B7FB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D8C877E-C745-4F1E-9E3F-E1353F871530}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D8C877E-C745-4F1E-9E3F-E1353F871530}" => key removed successfully
C:\WINDOWS\System32\Tasks\Backup Update Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Backup Update Service" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A0C8EDA-E764-451E-867B-05E438AB140B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A0C8EDA-E764-451E-867B-05E438AB140B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9722E527-A384-4579-BC19-A30A77AC2B7C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9722E527-A384-4579-BC19-A30A77AC2B7C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Update Service" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99A1BAFD-F3CE-4658-AEA7-70C180F5E77E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A1BAFD-F3CE-4658-AEA7-70C180F5E77E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CA9E034-C1A9-414C-8EA7-CB2971D195C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CA9E034-C1A9-414C-8EA7-CB2971D195C5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A168BAD6-02B9-45F4-9AA6-38917D1EB754}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A168BAD6-02B9-45F4-9AA6-38917D1EB754}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
Task: => Error: No automatic fix found for this entry.
{A828488F-0539-441D-984F-A588C6097C04} - System32\Tasks\OlA9my4 => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE5BAFD1-64CC-494D-AD6F-AE00740592E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE5BAFD1-64CC-494D-AD6F-AE00740592E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D771A22E-D6E1-4F92-B150-C59A1E96EAA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D771A22E-D6E1-4F92-B150-C59A1E96EAA8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA6AC55B-B316-4E2C-B002-646506AEF975}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA6AC55B-B316-4E2C-B002-646506AEF975}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EEDB81AA-B7DA-4D92-A05A-16A4811BDE1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDB81AA-B7DA-4D92-A05A-16A4811BDE1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
C:\WINDOWS\Tasks\L9DXap5fBfDxHdtnuEspxW.job => not found.
C:\WINDOWS\Tasks\OlA9my4.job => not found.
C:\WINDOWS\Tasks\OVL8xAISyVpfq0JSwPPj5DVm.job => not found.
Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe <==== ATTENTION => Error: No automatic fix found for this entry.
C:\WINDOWS\Tasks\VUvszdTz.job => not found.


The system needed a reboot.

==== End of Fixlog 20:14:55 ====


Edited by axeinurface, 18 November 2015 - 07:39 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 18 November 2015 - 08:01 PM

Very good.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {77ABB44D-0101-4E54-B822-D6C1F91E818E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d
Toolbar: HKU\S-1-5-21-2751227608-273511618-715688685-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Task: {252539A8-BD7A-4CA9-8441-24F8C10F4686} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: C:\WINDOWS\Tasks\OlA9my4.job => C:\Users\New Owner\AppData\Roaming\OlA9my4.exe
Task: {4C12C53C-CA1B-4F8D-A3A3-FFEEFC0FC044} - System32\Tasks\OVL8xAISyVpfq0JSwPPj5DVm => C:\Users\New Owner\AppData\Roaming\OVL8xAISyVpfq0JSwPPj5DVm.exe 
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 21 November 2015 - 09:31 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:13 PM

Posted 23 November 2015 - 09:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users