Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access internet or run Malwarebytes Anti-Malware


  • This topic is locked This topic is locked
26 replies to this topic

#1 cartong

cartong

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 11 November 2015 - 04:09 PM

I downloaded .zip and .exe file. I ran .exe file and then the internet stop working. Webpage said not connected to internet. Both firefox and internet explorer. A toolbar appeared on my desktop. I was able to uninstall toolbar. I believe it was named search module. Malwarebytes doesn't start says missing DNSAPI.dll to run. Ran Rkill to try to use Malwarbytes, says file is corrupted and runs halfway. Mentioned Windv.exe and Deskbar in rkill file. Any help would be much appreciated! Thanks so much!

 

 

 

 

 

Here is the Farbar Scan Report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by April (administrator) on APRIL-PC (11-11-2015 13:34:57)
Running from E:\
Loaded Profiles: April (Available Profiles: April)Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by April (administrator) on APRIL-PC (11-11-2015 13:34:57)
Running from E:\
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Razer Inc.) D:\program files\Razer Game Booster\RzKLService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [791200 2011-07-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-07-15] (Atheros Commnucations)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234456 2013-06-07] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286272 2015-06-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-16] ()
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4538680 2015-08-15] (iolo technologies, LLC)
HKLM-x32\...\Run: [QuickTime Task] => D:\program files\Quicktime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_014010137] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [Spotify Web Helper] => C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-10-24] (Electronic Arts)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [DeskBar] => C:\Users\April\AppData\Local\DeskBar\dblaunch.exe [239104 2015-10-08] ()
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [Windv] => C:\ProgramData\DataFile\Downloads\Windv.exe [288256 2015-10-21] ()
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\MountPoints2: {17f628ad-b758-11e3-82ca-e8039a169fff} - "G:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-02]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-02]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: 瘘ැਯኁɫ㱨ጦ䐰্ﭡɪ㱨ጦ

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 02 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 03 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 04 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 16 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{D1AA60B3-05CD-4442-91D4-4886F5C8793F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130917467114681543&GUID=305B0C50-61AD-E934-BDCA-3C01FF0B1CEA
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?s=F2Ab&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> DefaultScope {CF80EB17-9B30-4A4E-8220-42EBA8492F1C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPED69ACE3-12BA-42BD-A241-02958173208D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8,&prd=smw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8,&prd=smw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {9FC27B49-9C6F-4277-8D1E-0F66D38A9B54} URL = hxxp://go.speedbit.com/search.aspx?s=F2Ab&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {CF80EB17-9B30-4A4E-8220-42EBA8492F1C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-06] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-08-05] (DVDVideoSoft Ltd.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-06] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-07-15] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-09-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-22] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-06-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-06-28] (RealTimes)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970\user.js [2015-11-06]
FF SearchPlugin: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970\searchplugins\smod.xml [2015-11-06]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-08-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-07-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{FAE09A30-4998-4889-8597-B406AAF6D3DC}] - C:\Program Files\shopperz061120150809\Firefox\{FAE09A30-4998-4889-8597-B406AAF6D3DC}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{FAE09A30-4998-4889-8597-B406AAF6D3DC}] - C:\Program Files\shopperz061120150809\Firefox\{FAE09A30-4998-4889-8597-B406AAF6D3DC}.xpi => not found
FF HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
StartMenuInternet: FIREFOX.EXE - D:\program files\Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-29]
CHR HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-07-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-07-15] (Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2015-07-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-10-24] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-28] (RealNetworks, Inc.)
R2 RzKLService; D:\program files\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2545272 2014-04-15] (Speedbit Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 2015-11-06] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-09-15] (EldoS Corporation)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] ()
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42136 2015-11-05] () [File not signed]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-11 13:34 - 2015-11-11 13:35 - 00000000 ____D C:\FRST
2015-11-11 12:51 - 2015-11-11 13:34 - 00001684 _____ C:\Users\April\Desktop\Rkill.txt
2015-11-11 12:42 - 2015-11-11 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-11 12:42 - 2015-11-11 12:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-06 01:39 - 2015-11-06 01:52 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2015-11-06 01:39 - 2015-11-06 01:46 - 00004736 _____ C:\windows\SysWOW64\Udigrin.ini
2015-11-06 01:39 - 2015-11-06 01:46 - 00002456 _____ C:\windows\SysWOW64\UdigrinOff.ini
2015-11-06 01:39 - 2015-11-06 01:46 - 00002456 _____ C:\windows\system32\UdigrinOff.ini
2015-11-06 01:38 - 2015-11-06 01:50 - 00000000 ____D C:\Program Files\BubbleSound
2015-11-06 01:38 - 2015-11-06 01:38 - 00004240 _____ C:\windows\System32\Tasks\SMW_UpdateTask_Time_3734313431353130332d3250575723326c6c552a2a45
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\windows\system32\sag
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Roaming\ortmp
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Local\Tempfolder
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Local\DeskBar
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\ProgramData\SearchModule
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-11-06 01:38 - 2015-11-05 23:11 - 00375120 _____ C:\windows\system32\Udigrin64.dll
2015-11-06 01:38 - 2015-11-05 23:11 - 00289104 _____ C:\windows\SysWOW64\Udigrin.dll
2015-11-06 01:37 - 2015-11-06 01:53 - 00000000 ____D C:\Program Files\shopperz061120150809
2015-11-06 01:37 - 2015-11-06 01:37 - 00003532 _____ C:\windows\System32\Tasks\Inst_Rep
2015-11-06 01:37 - 2015-11-06 01:37 - 00003338 _____ C:\windows\System32\Tasks\Sinne
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\April\AppData\LocalLow\Company
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\April\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\uninst
2015-11-06 01:27 - 2015-11-11 13:32 - 00000342 ____H C:\windows\Tasks\HUWWDXJLNSAYNRAF.job
2015-11-06 01:27 - 2015-11-06 01:55 - 00000000 ____D C:\ProgramData\DataFile
2015-11-06 01:27 - 2015-11-06 01:27 - 00003376 _____ C:\windows\System32\Tasks\HUWWDXJLNSAYNRAF
2015-11-06 01:27 - 2015-11-06 01:27 - 00000000 ____D C:\Program Files (x86)\execnowait
2015-11-06 01:26 - 2015-11-06 01:26 - 00000000 ____D C:\ProgramData\Service0561
2015-11-06 01:26 - 2015-11-06 01:26 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-11-06 01:25 - 2015-11-06 01:25 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2015-11-06 01:24 - 2015-11-06 01:24 - 00000000 ____D C:\windows\Quicky Translator
2015-11-06 01:23 - 2015-11-06 01:23 - 00000000 ____D C:\Users\April\Downloads\NRaasPacker
2015-11-06 01:20 - 2015-11-06 01:20 - 00089284 _____ C:\Users\April\Downloads\liugnocvzgnomon.zip
2015-11-06 01:07 - 2015-11-06 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-06 00:55 - 2015-11-06 00:55 - 00003216 _____ C:\windows\System32\Tasks\{A177994F-C613-478A-A500-6ED65E832F51}
2015-11-06 00:55 - 2015-11-06 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora sims - Sex parts patch
2015-11-05 23:12 - 2015-11-06 01:37 - 00061344 _____ (Cherimoya Ltd) C:\windows\system32\Drivers\cherimoya.sys
2015-11-05 18:46 - 2015-11-05 18:46 - 00186880 _____ (TODO: <Company name>) C:\windows\system32\rsrcs.dll
2015-10-26 20:00 - 2015-10-26 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-26 19:56 - 2015-10-26 19:56 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-26 19:56 - 2015-10-26 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-26 19:55 - 2015-10-26 19:56 - 00000000 ____D C:\Program Files\iTunes
2015-10-26 19:55 - 2015-10-26 19:55 - 00000000 ____D C:\Program Files\iPod
2015-10-26 19:55 - 2015-10-26 19:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-22 07:29 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-22 07:29 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-10-22 07:29 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-10-22 07:29 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-10-22 07:29 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-10-22 07:29 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-10-22 07:29 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-10-22 07:29 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-10-22 07:29 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-10-22 07:00 - 2015-09-18 11:58 - 00345688 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-10-22 07:00 - 2015-09-15 21:48 - 25851904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-22 07:00 - 2015-09-15 21:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-10-22 07:00 - 2015-09-15 21:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-10-22 07:00 - 2015-09-15 21:22 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-10-22 07:00 - 2015-09-15 21:21 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-10-22 07:00 - 2015-09-15 21:13 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-10-22 07:00 - 2015-09-15 21:10 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-22 07:00 - 2015-09-15 21:09 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-22 07:00 - 2015-09-15 21:08 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-22 07:00 - 2015-09-15 21:08 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-10-22 07:00 - 2015-09-15 21:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-10-22 07:00 - 2015-09-15 21:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-10-22 07:00 - 2015-09-15 21:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-10-22 07:00 - 2015-09-15 20:58 - 20357632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-22 07:00 - 2015-09-15 20:46 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-10-22 07:00 - 2015-09-15 20:45 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-10-22 07:00 - 2015-09-15 20:45 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-22 07:00 - 2015-09-15 20:41 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-10-22 07:00 - 2015-09-15 20:33 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-22 07:00 - 2015-09-15 20:33 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-10-22 07:00 - 2015-09-15 20:32 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-10-22 07:00 - 2015-09-15 20:32 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-10-22 07:00 - 2015-09-15 20:31 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-10-22 07:00 - 2015-09-15 20:31 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-10-22 07:00 - 2015-09-15 20:29 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-22 07:00 - 2015-09-15 20:29 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-10-22 07:00 - 2015-09-15 20:28 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-22 07:00 - 2015-09-15 20:28 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-10-22 07:00 - 2015-09-15 20:26 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-10-22 07:00 - 2015-09-15 20:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-10-22 07:00 - 2015-09-15 20:24 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-22 07:00 - 2015-09-15 20:23 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-10-22 07:00 - 2015-09-15 20:22 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-22 07:00 - 2015-09-15 20:22 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-22 07:00 - 2015-09-15 20:22 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-10-22 07:00 - 2015-09-15 20:15 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-22 07:00 - 2015-09-15 20:10 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-22 07:00 - 2015-09-15 20:07 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-10-22 07:00 - 2015-09-15 20:06 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-22 07:00 - 2015-09-15 20:05 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-22 07:00 - 2015-09-15 20:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-22 07:00 - 2015-09-15 20:04 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-10-22 07:00 - 2015-09-15 19:58 - 12853760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-22 07:00 - 2015-09-15 19:58 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-10-22 07:00 - 2015-09-15 19:56 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-22 07:00 - 2015-09-15 19:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-22 07:00 - 2015-09-15 19:55 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-10-22 07:00 - 2015-09-15 19:37 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-22 07:00 - 2015-09-15 19:34 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-22 07:00 - 2015-09-15 19:32 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-10-22 06:59 - 2015-09-18 12:31 - 00391784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-22 06:59 - 2015-09-15 21:14 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-10-22 06:59 - 2015-09-15 20:58 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-22 06:59 - 2015-09-15 20:50 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-22 06:59 - 2015-09-15 20:43 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-22 06:59 - 2015-09-15 20:26 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-22 06:59 - 2015-09-15 20:11 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-22 06:59 - 2015-09-15 19:59 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-22 06:59 - 2015-09-15 19:48 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-10-15 08:13 - 2015-09-25 11:06 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-15 08:13 - 2015-09-25 11:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-10-15 08:13 - 2015-09-25 11:06 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-10-15 08:13 - 2015-09-25 11:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-10-15 08:13 - 2015-09-25 10:58 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-10-15 08:13 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-15 08:13 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-10-15 08:13 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-15 08:13 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-10-15 08:06 - 2015-09-18 12:22 - 00025432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 08:06 - 2015-09-18 12:19 - 01291264 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-15 08:06 - 2015-09-18 12:09 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-15 07:43 - 2015-10-22 12:58 - 00000000 ____D C:\Users\April\Documents\Bluetooth Folder
2015-10-13 01:29 - 2015-10-13 01:29 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-10-13 01:22 - 2015-10-13 01:22 - 00869568 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-11 13:26 - 2009-07-13 21:45 - 00028848 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-11 13:26 - 2009-07-13 21:45 - 00028848 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-11 13:22 - 2011-11-16 21:07 - 01368295 _____ C:\windows\WindowsUpdate.log
2015-11-11 13:18 - 2014-02-07 12:49 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-11 13:18 - 2014-02-05 19:31 - 00000000 ____D C:\Users\April\AppData\Local\CrashDumps
2015-11-11 13:13 - 2015-07-25 15:07 - 00006476 _____ C:\windows\setupact.log
2015-11-11 13:13 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-11 13:06 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-11 13:05 - 2014-02-06 02:28 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-11 12:58 - 2014-03-29 08:15 - 00000000 ____D C:\Program Files (x86)\mbam
2015-11-11 12:42 - 2015-07-29 10:23 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-11 12:29 - 2015-07-25 15:17 - 00012460 _____ C:\windows\PFRO.log
2015-11-06 02:35 - 2014-02-05 19:19 - 00000000 ____D C:\Users\April
2015-11-06 02:14 - 2014-04-09 14:29 - 00000000 ____D C:\windows\Minidump
2015-11-06 02:14 - 2014-03-21 14:42 - 00000000 ____D C:\Users\April\Documents\Youcam
2015-11-06 01:59 - 2014-05-30 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 01:50 - 2014-11-29 15:16 - 00000000 ___RD C:\Users\April\iCloudDrive
2015-11-06 01:47 - 2014-04-24 13:14 - 00000000 ____D C:\Users\April\AppData\Local\Spotify
2015-11-06 01:35 - 2014-02-05 19:24 - 00001417 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-06 01:07 - 2011-11-16 04:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-06 01:06 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 23:12 - 2014-06-15 14:12 - 00000000 ____D C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 21:47 - 2015-04-17 22:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-05 21:45 - 2015-04-17 22:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-05 21:02 - 2014-02-05 22:22 - 00000000 ____D C:\ProgramData\Origin
2015-11-05 20:31 - 2014-04-24 13:13 - 00000000 ____D C:\Users\April\AppData\Roaming\Spotify
2015-11-05 20:28 - 2015-04-10 12:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-26 20:00 - 2014-02-05 22:36 - 00000000 ____D C:\Users\April\AppData\Local\Apple Computer
2015-10-26 20:00 - 2014-02-05 19:38 - 00000000 ____D C:\Users\April\AppData\Roaming\Apple Computer
2015-10-26 19:55 - 2014-02-05 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-25 16:47 - 2014-03-29 08:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 10:13 - 2014-02-05 22:21 - 00000000 ____D C:\Program Files (x86)\Origin
2015-10-22 10:51 - 2014-02-06 01:48 - 00000000 ____D C:\windows\system32\MRT
2015-10-22 10:44 - 2014-02-06 01:48 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-22 08:18 - 2014-02-07 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-22 08:18 - 2014-02-07 12:49 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-22 08:18 - 2014-02-07 12:49 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-22 07:40 - 2014-12-18 14:50 - 00000000 ____D C:\windows\system32\appraiser
2015-10-22 07:40 - 2014-05-07 11:53 - 00000000 ____D C:\windows\system32\CompatTel
2015-10-22 07:06 - 2014-03-29 08:15 - 00001066 _____ C:\Users\Public\Desktop\iexplorer.lnk
2015-10-22 07:06 - 2014-03-29 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 08:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2015-10-14 20:16 - 2015-04-03 18:44 - 00000000 ____D C:\windows\system32\GWX

==================== Files in the root of some directories =======

2014-03-06 10:52 - 2014-07-18 14:12 - 0000571 _____ () C:\Users\April\AppData\Roaming\AutoGK.ini
2015-04-03 21:58 - 2015-04-03 21:58 - 0069441 _____ () C:\Users\April\AppData\Local\1DC8B7A7_stp.CIS
2015-04-03 21:58 - 2015-04-03 21:58 - 0000309 _____ () C:\Users\April\AppData\Local\1DC8B7A7_stp.CIS.part
2015-04-03 22:06 - 2015-04-03 22:06 - 0191544 _____ () C:\Users\April\AppData\Local\38C2540F_stp.CIS
2015-04-03 22:06 - 2015-04-03 22:06 - 0000290 _____ () C:\Users\April\AppData\Local\38C2540F_stp.CIS.part
2015-04-03 22:07 - 2015-04-03 22:07 - 0702170 _____ () C:\Users\April\AppData\Local\42819D84_stp.CIS
2015-04-03 22:07 - 2015-04-03 22:07 - 0000303 _____ () C:\Users\April\AppData\Local\42819D84_stp.CIS.part
2015-04-03 21:58 - 2015-04-03 21:58 - 0385602 _____ () C:\Users\April\AppData\Local\5D515C96_stp.CIS
2015-04-03 21:58 - 2015-04-03 21:58 - 0000220 _____ () C:\Users\April\AppData\Local\5D515C96_stp.CIS.part
2014-03-01 15:23 - 2014-03-01 15:23 - 0007638 _____ () C:\Users\April\AppData\Local\Resmon.ResmonCfg
2015-07-24 11:57 - 2015-07-24 11:57 - 0000696 _____ () C:\ProgramData\SMRResults501.dat
2011-11-16 05:39 - 2011-11-16 05:39 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-11-16 05:31 - 2011-11-16 05:32 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-11-16 05:36 - 2011-11-16 05:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-11-16 05:32 - 2011-11-16 05:36 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-11-16 05:37 - 2011-11-16 05:39 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2011-11-16 04:43] - [2011-11-16 04:43] - 0357888 ____A (Microsoft Corporation) D803D8DB693BC1C18F25A32D2EDEAF2D

C:\windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 18:07

==================== End of FRST.txt ============================
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Razer Inc.) D:\program files\Razer Game Booster\RzKLService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [791200 2011-07-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-07-15] (Atheros Commnucations)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234456 2013-06-07] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286272 2015-06-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-16] ()
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4538680 2015-08-15] (iolo technologies, LLC)
HKLM-x32\...\Run: [QuickTime Task] => D:\program files\Quicktime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [ospd_us_014010137] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [Spotify Web Helper] => C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-10-24] (Electronic Arts)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [DeskBar] => C:\Users\April\AppData\Local\DeskBar\dblaunch.exe [239104 2015-10-08] ()
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [Windv] => C:\ProgramData\DataFile\Downloads\Windv.exe [288256 2015-10-21] ()
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\MountPoints2: {17f628ad-b758-11e3-82ca-e8039a169fff} - "G:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-02]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-02]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: 瘘ැਯኁɫ㱨ጦ䐰্ﭡɪ㱨ጦ

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 02 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 03 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 04 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Winsock: Catalog9 16 C:\windows\SysWOW64\Udigrin.dll [289104 2015-11-05] ()
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{D1AA60B3-05CD-4442-91D4-4886F5C8793F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130917467114681543&GUID=305B0C50-61AD-E934-BDCA-3C01FF0B1CEA
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?s=F2Ab&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> DefaultScope {CF80EB17-9B30-4A4E-8220-42EBA8492F1C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPED69ACE3-12BA-42BD-A241-02958173208D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www-searching.com/search.aspx?s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8,&prd=smw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8,&prd=smw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {9FC27B49-9C6F-4277-8D1E-0F66D38A9B54} URL = hxxp://go.speedbit.com/search.aspx?s=F2Ab&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {CF80EB17-9B30-4A4E-8220-42EBA8492F1C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-06] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-08-05] (DVDVideoSoft Ltd.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-06] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-07-15] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-09-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970
FF Homepage: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8
FF NewTab: hxxp://www-searching.com/?site=shyosffdefault&prd=set&s=FB6zbwybl001,3b707787-f726-4e18-82f4-cde6dcde42b8
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-22] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-06-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-06-28] (RealTimes)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970\user.js [2015-11-06]
FF SearchPlugin: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970\searchplugins\smod.xml [2015-11-06]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-08-05] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-07-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{FAE09A30-4998-4889-8597-B406AAF6D3DC}] - C:\Program Files\shopperz061120150809\Firefox\{FAE09A30-4998-4889-8597-B406AAF6D3DC}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{FAE09A30-4998-4889-8597-B406AAF6D3DC}] - C:\Program Files\shopperz061120150809\Firefox\{FAE09A30-4998-4889-8597-B406AAF6D3DC}.xpi => not found
FF HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
StartMenuInternet: FIREFOX.EXE - D:\program files\Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-29]
CHR HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-07-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-07-15] (Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2015-07-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-10-24] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-28] (RealNetworks, Inc.)
R2 RzKLService; D:\program files\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2545272 2014-04-15] (Speedbit Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 2015-11-06] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-09-15] (EldoS Corporation)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] ()
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42136 2015-11-05] () [File not signed]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-11 13:34 - 2015-11-11 13:35 - 00000000 ____D C:\FRST
2015-11-11 12:51 - 2015-11-11 13:34 - 00001684 _____ C:\Users\April\Desktop\Rkill.txt
2015-11-11 12:42 - 2015-11-11 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-11 12:42 - 2015-11-11 12:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-06 01:39 - 2015-11-06 01:52 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2015-11-06 01:39 - 2015-11-06 01:46 - 00004736 _____ C:\windows\SysWOW64\Udigrin.ini
2015-11-06 01:39 - 2015-11-06 01:46 - 00002456 _____ C:\windows\SysWOW64\UdigrinOff.ini
2015-11-06 01:39 - 2015-11-06 01:46 - 00002456 _____ C:\windows\system32\UdigrinOff.ini
2015-11-06 01:38 - 2015-11-06 01:50 - 00000000 ____D C:\Program Files\BubbleSound
2015-11-06 01:38 - 2015-11-06 01:38 - 00004240 _____ C:\windows\System32\Tasks\SMW_UpdateTask_Time_3734313431353130332d3250575723326c6c552a2a45
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\windows\system32\sag
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Roaming\ortmp
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Local\Tempfolder
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Local\DeskBar
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\ProgramData\SearchModule
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Program Files\Common Files\Goobzo
2015-11-06 01:38 - 2015-11-05 23:11 - 00375120 _____ C:\windows\system32\Udigrin64.dll
2015-11-06 01:38 - 2015-11-05 23:11 - 00289104 _____ C:\windows\SysWOW64\Udigrin.dll
2015-11-06 01:37 - 2015-11-06 01:53 - 00000000 ____D C:\Program Files\shopperz061120150809
2015-11-06 01:37 - 2015-11-06 01:37 - 00003532 _____ C:\windows\System32\Tasks\Inst_Rep
2015-11-06 01:37 - 2015-11-06 01:37 - 00003338 _____ C:\windows\System32\Tasks\Sinne
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\April\AppData\LocalLow\Company
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\April\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\uninst
2015-11-06 01:27 - 2015-11-11 13:32 - 00000342 ____H C:\windows\Tasks\HUWWDXJLNSAYNRAF.job
2015-11-06 01:27 - 2015-11-06 01:55 - 00000000 ____D C:\ProgramData\DataFile
2015-11-06 01:27 - 2015-11-06 01:27 - 00003376 _____ C:\windows\System32\Tasks\HUWWDXJLNSAYNRAF
2015-11-06 01:27 - 2015-11-06 01:27 - 00000000 ____D C:\Program Files (x86)\execnowait
2015-11-06 01:26 - 2015-11-06 01:26 - 00000000 ____D C:\ProgramData\Service0561
2015-11-06 01:26 - 2015-11-06 01:26 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-11-06 01:25 - 2015-11-06 01:25 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2015-11-06 01:24 - 2015-11-06 01:24 - 00000000 ____D C:\windows\Quicky Translator
2015-11-06 01:23 - 2015-11-06 01:23 - 00000000 ____D C:\Users\April\Downloads\NRaasPacker
2015-11-06 01:20 - 2015-11-06 01:20 - 00089284 _____ C:\Users\April\Downloads\liugnocvzgnomon.zip
2015-11-06 01:07 - 2015-11-06 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-06 00:55 - 2015-11-06 00:55 - 00003216 _____ C:\windows\System32\Tasks\{A177994F-C613-478A-A500-6ED65E832F51}
2015-11-06 00:55 - 2015-11-06 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora sims - Sex parts patch
2015-11-05 23:12 - 2015-11-06 01:37 - 00061344 _____ (Cherimoya Ltd) C:\windows\system32\Drivers\cherimoya.sys
2015-11-05 18:46 - 2015-11-05 18:46 - 00186880 _____ (TODO: <Company name>) C:\windows\system32\rsrcs.dll
2015-10-26 20:00 - 2015-10-26 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-26 19:56 - 2015-10-26 19:56 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-26 19:56 - 2015-10-26 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-26 19:55 - 2015-10-26 19:56 - 00000000 ____D C:\Program Files\iTunes
2015-10-26 19:55 - 2015-10-26 19:55 - 00000000 ____D C:\Program Files\iPod
2015-10-26 19:55 - 2015-10-26 19:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-22 07:29 - 2015-10-01 11:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-22 07:29 - 2015-10-01 11:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-10-22 07:29 - 2015-10-01 11:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-10-22 07:29 - 2015-10-01 11:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-10-22 07:29 - 2015-10-01 11:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-10-22 07:29 - 2015-10-01 11:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-10-22 07:29 - 2015-10-01 11:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-10-22 07:29 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-10-22 07:29 - 2015-10-01 10:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-10-22 07:00 - 2015-09-18 11:58 - 00345688 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-10-22 07:00 - 2015-09-15 21:48 - 25851904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-22 07:00 - 2015-09-15 21:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-10-22 07:00 - 2015-09-15 21:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-10-22 07:00 - 2015-09-15 21:22 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-10-22 07:00 - 2015-09-15 21:21 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-10-22 07:00 - 2015-09-15 21:21 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-10-22 07:00 - 2015-09-15 21:13 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-10-22 07:00 - 2015-09-15 21:10 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-22 07:00 - 2015-09-15 21:09 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-22 07:00 - 2015-09-15 21:08 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-22 07:00 - 2015-09-15 21:08 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-10-22 07:00 - 2015-09-15 21:08 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-10-22 07:00 - 2015-09-15 21:08 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-10-22 07:00 - 2015-09-15 21:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-10-22 07:00 - 2015-09-15 20:58 - 20357632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-22 07:00 - 2015-09-15 20:46 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-10-22 07:00 - 2015-09-15 20:45 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-10-22 07:00 - 2015-09-15 20:45 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-22 07:00 - 2015-09-15 20:41 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-10-22 07:00 - 2015-09-15 20:33 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-22 07:00 - 2015-09-15 20:33 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-10-22 07:00 - 2015-09-15 20:32 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-10-22 07:00 - 2015-09-15 20:32 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-10-22 07:00 - 2015-09-15 20:31 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-10-22 07:00 - 2015-09-15 20:31 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-10-22 07:00 - 2015-09-15 20:29 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-22 07:00 - 2015-09-15 20:29 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-10-22 07:00 - 2015-09-15 20:28 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-22 07:00 - 2015-09-15 20:28 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-10-22 07:00 - 2015-09-15 20:26 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-10-22 07:00 - 2015-09-15 20:26 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-10-22 07:00 - 2015-09-15 20:24 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-22 07:00 - 2015-09-15 20:23 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-10-22 07:00 - 2015-09-15 20:22 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-22 07:00 - 2015-09-15 20:22 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-22 07:00 - 2015-09-15 20:22 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-10-22 07:00 - 2015-09-15 20:15 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-22 07:00 - 2015-09-15 20:10 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-22 07:00 - 2015-09-15 20:07 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-10-22 07:00 - 2015-09-15 20:06 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-22 07:00 - 2015-09-15 20:05 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-22 07:00 - 2015-09-15 20:05 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-22 07:00 - 2015-09-15 20:04 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-10-22 07:00 - 2015-09-15 19:58 - 12853760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-22 07:00 - 2015-09-15 19:58 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-10-22 07:00 - 2015-09-15 19:56 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-22 07:00 - 2015-09-15 19:55 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-22 07:00 - 2015-09-15 19:55 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-10-22 07:00 - 2015-09-15 19:37 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-22 07:00 - 2015-09-15 19:34 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-22 07:00 - 2015-09-15 19:32 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-10-22 06:59 - 2015-09-18 12:31 - 00391784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-22 06:59 - 2015-09-15 21:14 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-10-22 06:59 - 2015-09-15 20:58 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-22 06:59 - 2015-09-15 20:50 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-10-22 06:59 - 2015-09-15 20:43 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-22 06:59 - 2015-09-15 20:26 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-22 06:59 - 2015-09-15 20:11 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-22 06:59 - 2015-09-15 19:59 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-22 06:59 - 2015-09-15 19:48 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-10-15 08:13 - 2015-09-25 11:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-10-15 08:13 - 2015-09-25 11:06 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-15 08:13 - 2015-09-25 11:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-10-15 08:13 - 2015-09-25 11:06 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-10-15 08:13 - 2015-09-25 11:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-10-15 08:13 - 2015-09-25 10:59 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-10-15 08:13 - 2015-09-25 10:58 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-10-15 08:13 - 2015-08-06 11:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-15 08:13 - 2015-08-06 11:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-10-15 08:13 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-15 08:13 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-10-15 08:06 - 2015-09-18 12:22 - 00025432 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-10-15 08:06 - 2015-09-18 12:19 - 01291264 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00766464 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-10-15 08:06 - 2015-09-18 12:19 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-10-15 08:06 - 2015-09-18 12:09 - 01163776 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-15 07:57 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-15 07:43 - 2015-10-22 12:58 - 00000000 ____D C:\Users\April\Documents\Bluetooth Folder
2015-10-13 01:29 - 2015-10-13 01:29 - 00875720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2015-10-13 01:22 - 2015-10-13 01:22 - 00869568 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-11 13:26 - 2009-07-13 21:45 - 00028848 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-11 13:26 - 2009-07-13 21:45 - 00028848 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-11 13:22 - 2011-11-16 21:07 - 01368295 _____ C:\windows\WindowsUpdate.log
2015-11-11 13:18 - 2014-02-07 12:49 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-11 13:18 - 2014-02-05 19:31 - 00000000 ____D C:\Users\April\AppData\Local\CrashDumps
2015-11-11 13:13 - 2015-07-25 15:07 - 00006476 _____ C:\windows\setupact.log
2015-11-11 13:13 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-11 13:06 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-11 13:05 - 2014-02-06 02:28 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-11 12:58 - 2014-03-29 08:15 - 00000000 ____D C:\Program Files (x86)\mbam
2015-11-11 12:42 - 2015-07-29 10:23 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-11 12:29 - 2015-07-25 15:17 - 00012460 _____ C:\windows\PFRO.log
2015-11-06 02:35 - 2014-02-05 19:19 - 00000000 ____D C:\Users\April
2015-11-06 02:14 - 2014-04-09 14:29 - 00000000 ____D C:\windows\Minidump
2015-11-06 02:14 - 2014-03-21 14:42 - 00000000 ____D C:\Users\April\Documents\Youcam
2015-11-06 01:59 - 2014-05-30 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 01:50 - 2014-11-29 15:16 - 00000000 ___RD C:\Users\April\iCloudDrive
2015-11-06 01:47 - 2014-04-24 13:14 - 00000000 ____D C:\Users\April\AppData\Local\Spotify
2015-11-06 01:35 - 2014-02-05 19:24 - 00001417 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-06 01:07 - 2011-11-16 04:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-06 01:06 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 23:12 - 2014-06-15 14:12 - 00000000 ____D C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 21:47 - 2015-04-17 22:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-05 21:45 - 2015-04-17 22:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-05 21:02 - 2014-02-05 22:22 - 00000000 ____D C:\ProgramData\Origin
2015-11-05 20:31 - 2014-04-24 13:13 - 00000000 ____D C:\Users\April\AppData\Roaming\Spotify
2015-11-05 20:28 - 2015-04-10 12:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-26 20:00 - 2014-02-05 22:36 - 00000000 ____D C:\Users\April\AppData\Local\Apple Computer
2015-10-26 20:00 - 2014-02-05 19:38 - 00000000 ____D C:\Users\April\AppData\Roaming\Apple Computer
2015-10-26 19:55 - 2014-02-05 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-25 16:47 - 2014-03-29 08:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-24 10:13 - 2014-02-05 22:21 - 00000000 ____D C:\Program Files (x86)\Origin
2015-10-22 10:51 - 2014-02-06 01:48 - 00000000 ____D C:\windows\system32\MRT
2015-10-22 10:44 - 2014-02-06 01:48 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-10-22 08:18 - 2014-02-07 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-22 08:18 - 2014-02-07 12:49 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-22 08:18 - 2014-02-07 12:49 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-22 07:40 - 2014-12-18 14:50 - 00000000 ____D C:\windows\system32\appraiser
2015-10-22 07:40 - 2014-05-07 11:53 - 00000000 ____D C:\windows\system32\CompatTel
2015-10-22 07:06 - 2014-03-29 08:15 - 00001066 _____ C:\Users\Public\Desktop\iexplorer.lnk
2015-10-22 07:06 - 2014-03-29 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-15 08:02 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2015-10-14 20:16 - 2015-04-03 18:44 - 00000000 ____D C:\windows\system32\GWX

==================== Files in the root of some directories =======

2014-03-06 10:52 - 2014-07-18 14:12 - 0000571 _____ () C:\Users\April\AppData\Roaming\AutoGK.ini
2015-04-03 21:58 - 2015-04-03 21:58 - 0069441 _____ () C:\Users\April\AppData\Local\1DC8B7A7_stp.CIS
2015-04-03 21:58 - 2015-04-03 21:58 - 0000309 _____ () C:\Users\April\AppData\Local\1DC8B7A7_stp.CIS.part
2015-04-03 22:06 - 2015-04-03 22:06 - 0191544 _____ () C:\Users\April\AppData\Local\38C2540F_stp.CIS
2015-04-03 22:06 - 2015-04-03 22:06 - 0000290 _____ () C:\Users\April\AppData\Local\38C2540F_stp.CIS.part
2015-04-03 22:07 - 2015-04-03 22:07 - 0702170 _____ () C:\Users\April\AppData\Local\42819D84_stp.CIS
2015-04-03 22:07 - 2015-04-03 22:07 - 0000303 _____ () C:\Users\April\AppData\Local\42819D84_stp.CIS.part
2015-04-03 21:58 - 2015-04-03 21:58 - 0385602 _____ () C:\Users\April\AppData\Local\5D515C96_stp.CIS
2015-04-03 21:58 - 2015-04-03 21:58 - 0000220 _____ () C:\Users\April\AppData\Local\5D515C96_stp.CIS.part
2014-03-01 15:23 - 2014-03-01 15:23 - 0007638 _____ () C:\Users\April\AppData\Local\Resmon.ResmonCfg
2015-07-24 11:57 - 2015-07-24 11:57 - 0000696 _____ () C:\ProgramData\SMRResults501.dat
2011-11-16 05:39 - 2011-11-16 05:39 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-11-16 05:31 - 2011-11-16 05:32 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-11-16 05:36 - 2011-11-16 05:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-11-16 05:32 - 2011-11-16 05:36 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-11-16 05:37 - 2011-11-16 05:39 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2011-11-16 04:43] - [2011-11-16 04:43] - 0357888 ____A (Microsoft Corporation) D803D8DB693BC1C18F25A32D2EDEAF2D

C:\windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 18:07

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 12 November 2015 - 04:30 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
You've posted the contents of FRST.txt twice but the Addition.txt is missing. Can you please also post up the contents of Addition.txt? (If you don't find the log anymore repeat the FRST scan and make sure that the option "Addition.txt" is checked.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 cartong

cartong
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 13 November 2015 - 10:13 AM

Hello! Thank you for your help, Jürgen ! Here is the Addition.txt file.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by April (2015-11-11 13:36:57)
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-06 02:19:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1833043278-1489670560-2515665415-500 - Administrator - Disabled)
April (S-1-5-21-1833043278-1489670560-2515665415-1000 - Administrator - Enabled) => C:\Users\April
Guest (S-1-5-21-1833043278-1489670560-2515665415-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1833043278-1489670560-2515665415-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.120 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J435W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.6607 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Five Nights at Freddy's 3 (HKLM-x32\...\Steam App 354140) (Version:  - Scott Cawthon)
Five Nights at Freddy's 4 (HKLM-x32\...\Steam App 388090) (Version:  - Scott Cawthon)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Studio version 6.5.5.915 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.5.915 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.6.1 - iolo technologies, LLC)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.259 - McAfee, Inc.)
Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.129.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.129.12060 - Sony)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Firefox 41.0.2 (x86 en-US) (HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 13-1112-2033 - Peter L Jones)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
The Sims Makin' Magic (HKLM-x32\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.10.57.1020 - Electronic Arts Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Restore Points =========================

25-10-2015 12:17:10 Windows Update
31-10-2015 21:53:42 Windows Update
06-11-2015 01:30:27 Removed WixPCOptimizer.
06-11-2015 01:53:26 Removed WixPCOptimizer.
06-11-2015 01:55:31 Removed Apple Application Support (32-bit)
11-11-2015 13:00:26 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-11-11 12:42 - 00001225 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046006C8-68DB-4ACF-BD34-F60945E1F6CD} - System32\Tasks\Sinne => C:\PROGRA~1\SHOPPE~1\Pisori.bat
Task: {0D01810C-CCFF-44F5-830C-83FA57716882} - System32\Tasks\{94044516-A912-462F-A449-28BEB0EDFC3D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}\Sims3EP11Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {0DF457CC-CB22-4501-BE8A-A4D615F42CD4} - System32\Tasks\{A2AC1278-5B2E-4217-99A0-FEDE94E36C26} => pcalua.exe -a C:\Users\April\Downloads\vcredist_x64(1).exe -d C:\Users\April\Downloads
Task: {0EA41BBA-FD23-4101-B98F-B2A452D6EF2E} - System32\Tasks\{AF379756-F271-4D3E-9228-8144F3131D2E} => pcalua.exe -a "C:\Program Files (x86)\CyberLink\Shared files\richvideoinstall.exe" -d "C:\Program Files (x86)\CyberLink\Shared files"
Task: {12FDAB3B-C14B-4927-BAC0-9A7CD4FCD987} - System32\Tasks\{AC5A2BF9-0D78-49BF-B420-122E67DAE75C} => pcalua.exe -a C:\Users\April\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\April\Downloads
Task: {1A072A63-4CAD-4F9C-9D60-EF33FE194437} - System32\Tasks\{878E9EC5-40E4-46E3-A77D-4F25223EF7EE} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D0087539-3C57-44E0-BEE7-D779D546CBE1}\Sims3SP09Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {1B469C26-5874-42C7-A72B-0205CC2B82CB} - System32\Tasks\{9F10CEBC-2DC3-4B6D-A381-6532F3FF6C59} => pcalua.exe -a C:\Users\April\Downloads\sims\MM_antinde.exe -d C:\Users\April\Downloads\sims
Task: {22EB8936-D428-410A-AC00-E9DC8417C894} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {2D99C2FB-EEFE-4469-AFB6-471C7515F566} - System32\Tasks\Inst_Rep => C:\Users\April\AppData\Local\Installer\Install_18526\brakietut_tutbl_setup.exe [2015-11-06] () <==== ATTENTION
Task: {37D0A6C6-29CE-4F23-9155-362C50933B8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {3B04354E-0DED-423D-B09B-E60AAAC2FD0B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {47F156F1-560D-4FF0-A421-E6DB51ACA1C8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {53664F19-733B-498A-AA23-BD184D10FF76} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {54FAE052-9496-41CF-9C48-94E5AC64C8F3} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-08-15] (iolo technologies, LLC)
Task: {5819E956-17F9-455E-AD44-C311F886C8BB} - System32\Tasks\{839C790F-DA57-4D47-99A6-2DF4839BFECE} => pcalua.exe -a F:\Sims3Setup.exe -d F:\
Task: {581CD399-2220-4E16-9AB1-64E1C4A2FD81} - System32\Tasks\{7EF0BC18-E39C-4226-865A-7D7F47AB4A7D} => pcalua.exe -a "D:\Remote Programs\Virtual Families\GPlrLanc.exe" -d C:\Users\April\Desktop -c -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&amp;AppId=636250&amp;RunIndex=1&amp;PrvId=143&amp;AcID=&amp;OpenShInIE=0&amp;PrvDir=Default
Task: {5972BFA9-D687-4520-A53C-AB66D5B2BEE0} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5CFDA382-B9F6-4E93-B1B8-49C33639C546} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {5D2A6CB7-67D6-46BE-9550-D7FA1FBBAA76} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-12-06] (Samsung Electronics CO., LTD.)
Task: {6122B6B6-08DD-475C-925F-F461CCF26E8D} - System32\Tasks\{A177994F-C613-478A-A500-6ED65E832F51} => pcalua.exe -a "E:\April Stuff\April Files\dvdvideosoft\sims\MM_antinde.exe" -d "E:\April Stuff\April Files\dvdvideosoft\sims"
Task: {68F78B61-0238-494E-BCFF-11FB5C5DA831} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {6AF9BA9C-7EC2-4026-9595-5082C9509C16} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {71184400-F57A-486A-B820-A86EABE32B1B} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-06-16] ()
Task: {7E39800B-9E07-4FFA-984A-970B98BE5E6F} - System32\Tasks\{AC84A31D-20DF-4C07-A3A7-BD0E4C97EB7F} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {906E2A0C-F3C7-45D0-AB62-173BA48475D4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22] (Adobe Systems Incorporated)
Task: {953A899D-94E0-4C32-ADEB-52B70AE75601} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {990A146B-E3D6-414B-95A5-D5F2460CEEF7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1833043278-1489670560-2515665415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {9EDE8F16-F3CB-4C25-BC91-AC006D9FAF6B} - System32\Tasks\SBW_UpdateTask_Time_3734313431353130332d3250575723326c6c552a2a45 => Wscript.exe //B "C:\ProgramData\SpeedBit\sbhe.js" sbu.exe /invoke /f:check_services /l:0
Task: {A2B092BB-2D22-41A6-82D0-C1645946648C} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-09] ()
Task: {A3D8790B-DA73-47C0-B49D-93A13B8752D7} - System32\Tasks\SMW_UpdateTask_Time_3734313431353130332d3250575723326c6c552a2a45 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {A5E760A5-D648-4D63-80B9-F4FD44DC4635} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {A7FD2034-B2F7-400C-97A7-05F92024FD53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {B939D23D-4C4C-4F77-9768-A71CA0EAFB78} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {BF07D5E8-DA2D-4DFB-87BC-44E2C8FC802B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {C335F7EF-C6E8-4546-9157-E024B7F2F0D1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1833043278-1489670560-2515665415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {CEA839D3-8EE5-4486-87E2-4C6D5133CDC6} - System32\Tasks\{E74A5DA7-34E7-48BE-A006-16779C700BFB} => pcalua.exe -a C:\Users\April\Downloads\mp210swin64101ea24.exe -d C:\Users\April\Downloads
Task: {D1F56A6F-4738-44C6-9DCA-DE36CE4E00EB} - System32\Tasks\{3DD93C43-23D0-4CE3-A72B-76C7A3383109} => pcalua.exe -a "C:\Program Files (x86)\CyberLink\Shared files\richvideouninstall.exe" -d "C:\Program Files (x86)\CyberLink\Shared files"
Task: {D2BCEFA0-C2BD-4BB8-B69F-04C3D043DBF6} - System32\Tasks\{8E576B6A-BFC3-430F-B31B-479CB654BDA4} => pcalua.exe -a "D:\program files\Sim FIle Maid\SimFileMaid.exe" -d "D:\program files\Sim FIle Maid"
Task: {D3D2E16E-E4E2-46BC-BC34-6E759B6D291E} - System32\Tasks\PandaUSBVaccine => D:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {D8574109-43FC-40DF-A320-F60D9514F625} - System32\Tasks\HUWWDXJLNSAYNRAF => C:\ProgramData\Service0561\Service0561.exe [2015-11-06] () <==== ATTENTION
Task: {DDB64F58-8E11-4098-832F-E4C4F0C32A20} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-31] (Microsoft Corporation)
Task: {E33D6A8B-5D1A-45BC-9CBD-145CC444A793} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {E6FE7CA9-FE78-4453-B545-7AF8F09A8CBD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-06-07] (CyberLink)
Task: {EBE2330B-E412-4775-811F-A3BC9E523535} - System32\Tasks\{0C232D80-C305-4CF5-B440-28DA4027258A} => pcalua.exe -a "C:\Program Files (x86)\Nuance\PaperPort\ScannerWizardU.exe" -c /A [PaperPort 12.1] /L [eng]
Task: {EDDE8C3A-B8E4-4D85-BECF-C5F04B2D12E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {EFBDC3F6-F467-4D8F-AA49-61FA3EBDE2A5} - System32\Tasks\{AD90C3E1-26B4-47C2-83EC-0313AC70B607} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUUUnInstallHelper.exe" -d "C:\Program Files (x86)\AVG\AVG PC TuneUp"
Task: {FEC7CFD9-2391-44C3-BE1B-D5DEBAD5D87A} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HUWWDXJLNSAYNRAF.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 20:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-10 12:52 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-17 02:25 - 2015-06-17 02:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-02-06 01:02 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2015-06-16 23:06 - 2015-06-16 23:06 - 00608320 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-03-18 13:51 - 2005-04-21 21:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2011-03-13 22:21 - 2011-03-13 22:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-13 01:01 - 2011-10-13 01:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-06-17 02:24 - 2015-06-17 02:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-06-17 02:24 - 2015-06-17 02:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-06-17 02:24 - 2015-06-17 02:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2014-02-06 01:02 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-02-06 01:03 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-03-18 13:49 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-06-16 22:47 - 2015-06-16 22:47 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2009-11-01 22:20 - 2009-11-01 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-01 22:23 - 2009-11-01 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-02-06 00:35 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\April\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17208B75-D5DF-4D75-A418-67E1E2AA4104}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6BCCA8A-83AD-40EA-BC5F-13F78DE109E3}] => (Allow) LPort=2869
FirewallRules: [{E14B7321-A550-41B4-9C62-61F29A061A56}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{745F950B-AB7C-4280-9881-A152B7B7C832}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{273D24DD-B303-4395-BF8D-283E577B52F8}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E0C19B2-25AC-4CEC-9C67-D2C4781DDC06}] => (Allow) F:\April Stuff\Left 4 Dead\Steam.exe
FirewallRules: [{FEC43685-958C-4F1D-83C1-4159265DFB10}] => (Allow) F:\April Stuff\Left 4 Dead\Steam.exe
FirewallRules: [TCP Query User{D59BA41B-B9B8-493C-AF9D-B44ADF208D83}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{162512AE-C766-4067-9829-FB229973F084}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{EE336C14-58CA-47B4-AF5A-D6281AC17B92}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F983F06-034A-4C73-B26A-78D021715CDF}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E7FFB3F-D6F0-475E-A30A-357954D72321}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4EC792F2-E385-4FE0-A2E9-FDDD811439C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46BB68EB-50B0-48C7-8178-DDFFA62A74BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1A19C178-C5B5-4FF7-8ED9-830A6DD8F2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3ECB99E-0521-46BA-8622-2864128B5C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{E471EC3E-DDBC-460D-A25C-03F9994E7663}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{3FEEE308-7857-435B-A815-EC5CCA3CEAB7}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{66FEE290-1106-4379-A697-4D327EF71EBF}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{F94FDE2E-FABC-4A4E-B279-A60073736F5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{00513C33-845A-4F72-A8EE-3FDC5BFC36F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [TCP Query User{6BB770E8-56C9-4635-8CEB-EB4CE9B79B7B}D:\program files\firefox\firefox.exe] => (Allow) D:\program files\firefox\firefox.exe
FirewallRules: [UDP Query User{82F64B0B-0D6A-4D1E-93AE-3DBCCAE7E811}D:\program files\firefox\firefox.exe] => (Allow) D:\program files\firefox\firefox.exe
FirewallRules: [{621A0215-DFF3-4ECB-B3B3-6D87A32AE593}] => (Allow) C:\Users\April\Downloads\3DMGAME-The.Sims.4.Outdoor.Retreat.Multi.17.Cracked-RELOADED\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{3C5495AF-C84B-47D5-B45F-132E144CCC7F}] => (Allow) C:\Users\April\Downloads\3DMGAME-The.Sims.4.Outdoor.Retreat.Multi.17.Cracked-RELOADED\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{575EDA31-F5BD-4EC4-8367-4242F71AFBF1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A9CC7DD4-07B8-4EA0-A60B-7B4C51666986}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2C3D177A-44E7-47EB-8CAD-377B06D47831}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B11978FC-1AB4-4FF7-9C04-523ABA38AF5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3E9C3969-05D0-43A8-8764-58E47CB6898B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5833D04D-B6E0-4906-9E34-0E127E91A126}] => (Allow) D:\program files\Firefox\firefox.exe
FirewallRules: [{96440FEE-A939-4299-908B-800305FB0097}] => (Allow) D:\program files\Firefox\firefox.exe
FirewallRules: [{79B105B3-541C-4CE3-AFE1-68C555E811F7}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{730E068B-A654-4993-A4F2-7A1F809230BC}] => (Allow) D:\program files\Games\Steam\Steam.exe
FirewallRules: [{2E5001E4-197A-4A30-8E66-C779D015BB58}] => (Allow) D:\program files\Games\Steam\Steam.exe
FirewallRules: [{EA147284-FD35-41B4-B774-EFD8EF6C3FCC}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{3A3B2811-087C-4C8D-B145-485BAABFC7A0}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{FB112B1C-FB1C-41E6-9C13-0A7EC719F339}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [{866FCBB1-AC86-495A-A788-BA2B576ED8D3}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [{1DC9B0BF-DFA7-4143-AFAE-BCB061E6336D}] => (Allow) D:\program files\Games\Sims 4\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{9B2307B6-E622-4201-8C2F-E0D6D998A6B2}] => (Allow) D:\program files\Games\Sims 4\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{0375D559-B225-4F56-B5CF-0E5C77D5B198}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEAC4F54-7CCE-497D-8740-15A42F5C869A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A624A070-5415-4CBF-A35C-B39342ACCF01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{129A494D-4328-471C-BFEB-F972AE848D9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15E9A838-A440-40D3-B994-B6459AE67584}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{91A4E38F-11BD-4F89-B530-ED5B4486C21D}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{519427E8-837B-45B4-9944-06A16BCF6AB8}] => (Allow) D:\program files\Games\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{AFF38691-53DE-4F9B-9714-5D9904203CE6}] => (Allow) D:\program files\Games\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{F3690847-9471-4DEC-91C1-7AF7EA4CCE52}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7F53689F-928C-4C33-B971-300A312CA5B5}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{5CB4AF72-8CA5-4FC9-9424-2A7E114547D9}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe

==================== Faulty Device Manager Devices =============

Name: swsedrvr_vt_1_10_0_25
Description: swsedrvr_vt_1_10_0_25
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: swsedrvr_vt_1_10_0_25
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Atheros AR3012 Bluetooth 3.0
Description: Atheros AR3012 Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2015 01:19:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15553

Error: (11/11/2015 01:19:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15553

Error: (11/11/2015 01:19:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/11/2015 01:17:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.1.5.1, time stamp: 0x5450a30c
Faulting module name: CommonAgent.exe, version: 1.1.5.1, time stamp: 0x5450a30c
Exception code: 0x40000015
Fault offset: 0x0000000000186ae5
Faulting process id: 0x1004
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3

Error: (11/11/2015 01:17:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 01:17:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Windv.exe, version: 1.0.0.0, time stamp: 0x562741cd
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18939, time stamp: 0x55afd8e7
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xebc
Faulting application start time: 0xWindv.exe0
Faulting application path: Windv.exe1
Faulting module path: Windv.exe2
Report Id: Windv.exe3

Error: (11/11/2015 01:16:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Windv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at demoforupdaterwindow.App.Main()

Error: (11/11/2015 12:41:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (11/11/2015 12:41:00 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {E72941E3-D08E-402C-8794-0E54D5D39A77}

Error: (11/11/2015 12:41:00 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {E72941E3-D08E-402C-8794-0E54D5D39A77}


System errors:
=============
Error: (11/11/2015 01:36:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (11/11/2015 01:34:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (11/11/2015 01:33:53 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (11/11/2015 01:33:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/11/2015 01:33:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/11/2015 01:33:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/11/2015 01:33:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/11/2015 01:29:09 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

Error: (11/11/2015 01:26:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (11/11/2015 01:25:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.


CodeIntegrity:
===================================
  Date: 2015-11-06 01:41:50.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-06 01:41:50.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-06 01:41:50.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-06 01:41:49.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 23:09:43.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 23:09:27.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 12:03:41.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-20 12:03:41.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-20 12:03:14.186
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-20 12:03:14.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 64%
Total physical RAM: 3563.86 MB
Available physical RAM: 1274.77 MB
Total Virtual: 7125.93 MB
Available Virtual: 4825.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:69.9 GB) NTFS
Drive d: () (Fixed) (Total:267.1 GB) (Free:86.52 GB) NTFS
Drive e: (LEXAR) (Removable) (Total:7.45 GB) (Free:7.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2EBB719C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19.6 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 13 November 2015 - 12:49 PM

Hi,

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: Setup

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.

Step 3

rufus-128.png + FRST.gif Search with FRST from the Recovery Environment

frst.pngfrstsearch.png

Win 7:

  • To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) is saved to the flashdrive.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 cartong

cartong
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 13 November 2015 - 07:58 PM

I could not find the Setup program. So I could not uninstall it. How can I find the program?

 

There is a program called Search Module by Goobzo. I tried to uninstall it but says, " The uninstall process has been interrupted, possibly by a conflicting process or lack of internet connection. Please try again."

 

How should I proceed?



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 13 November 2015 - 11:31 PM

Please go ahead with step 2. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 cartong

cartong
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 15 November 2015 - 02:44 PM

Here is the adwcleaner log file:

# AdwCleaner v5.021 - Logfile created 15/11/2015 at 11:24:43
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : April - APRIL-PC
# Running from : C:\Users\April\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[!] Service Not Deleted : cherimoya

***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [711 bytes] ##########

 

Here is the FRST log:

Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by SYSTEM (2015-11-15 12:23:46)
Running from h:\
Boot Mode: Recovery

================== Search Files: "dnsapi.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2011-11-16 03:43][2011-03-02 21:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2011-11-16 03:43][2011-03-02 21:38] 0270336 ____N (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-20 19:24][2010-11-20 19:24] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2011-11-16 03:43][2011-03-02 22:12] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2011-11-16 03:43][2011-03-02 22:24] 0357888 ____N (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 19:24][2010-11-20 19:24] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01

C:\Windows\SysWOW64\dnsapi.dll
[2015-11-15 10:04][2011-03-02 21:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD

C:\Windows\System32\dnsapi.dll
[2011-11-16 03:43][2011-03-02 22:12] 0357888 ____A (Microsoft Corporation) DCC0888655823103F19EF8FFD330080D

X:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 01:27][2010-11-20 05:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01

X:\Windows\System32\dnsapi.dll
[2010-11-20 01:27][2010-11-20 05:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01

====== End of Search ======



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 15 November 2015 - 03:28 PM

Who has replaced the files?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 18 November 2015 - 04:03 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 cartong

cartong
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 18 November 2015 - 10:58 PM

Yes I need more time.

The internet is able to be accessed now.



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 19 November 2015 - 04:24 AM

Who has replaced the files?


Edited by deeprybka, 19 November 2015 - 04:25 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 cartong

cartong
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 21 November 2015 - 07:11 PM

I don't understand how to find who replaced the files.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 22 November 2015 - 05:27 AM

C:\windows\SysWOW64\dnsapi.dll IS MISSING

 

C:\Windows\SysWOW64\dnsapi.dll
[2015-11-15 10:04][2011-03-02 21:12] 0270336 ____A (Microsoft Corporation) 1F79F611109C2B97260B68FD6B4FC7DD

 
 
Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 cartong

cartong
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 25 November 2015 - 08:39 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-11-2015 02
Ran by April (administrator) on APRIL-PC (25-11-2015 18:26:50)
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Spotify Ltd) C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Panda Security) D:\program files\Panda USB Vaccine\USBVaccine.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Mozilla Corporation) D:\program files\Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Razer Inc.) D:\program files\Razer Game Booster\RzKLService.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [791200 2011-07-15] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-07-15] (Atheros Commnucations)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234456 2013-06-07] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286272 2015-06-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-16] ()
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4538680 2015-08-15] (iolo technologies, LLC)
HKLM-x32\...\Run: [QuickTime Task] => D:\program files\Quicktime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [Spotify Web Helper] => C:\Users\April\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-25] (Spotify Ltd)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638256 2015-11-15] (Electronic Arts)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Run: [Windv] => C:\ProgramData\DataFile\Downloads\Windv.exe [288256 2015-10-21] ()
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\MountPoints2: {17f628ad-b758-11e3-82ca-e8039a169fff} - "G:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-02]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-02]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
BootExecute: 瘘ැਯኁɫ㱨ጦ䐰্ﭡɪ㱨ጦ

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D11BE09D-1EBD-4033-83A0-0256BB21F28F}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{D1AA60B3-05CD-4442-91D4-4886F5C8793F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130917467114681543&GUID=305B0C50-61AD-E934-BDCA-3C01FF0B1CEA
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPED69ACE3-12BA-42BD-A241-02958173208D&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000 -> {CF80EB17-9B30-4A4E-8220-42EBA8492F1C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-06] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-08-05] (DVDVideoSoft Ltd.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-06] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-07-15] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-31] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-11-13] (DVDVideoSoft Ltd.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-10] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-17] (McAfee, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-06] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\w7epqclo.default-1437767772970
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-06-28] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-06-28] (RealTimes)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\program files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-07-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [{FAE09A30-4998-4889-8597-B406AAF6D3DC}] - C:\Program Files\shopperz061120150809\Firefox\{FAE09A30-4998-4889-8597-B406AAF6D3DC}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{FAE09A30-4998-4889-8597-B406AAF6D3DC}] - C:\Program Files\shopperz061120150809\Firefox\{FAE09A30-4998-4889-8597-B406AAF6D3DC}.xpi => not found
FF HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
StartMenuInternet: FIREFOX.EXE - D:\program files\Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-29]
CHR HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-07-15] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-07-15] (Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [382312 2015-11-13] (Digital Wave Ltd.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2015-07-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-15] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-06-28] (RealNetworks, Inc.)
R2 RzKLService; D:\program files\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-09-15] (EldoS Corporation)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 SBUpdd; \??\C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 18:25 - 2015-11-25 18:26 - 00026611 _____ C:\Users\April\Desktop\FRST.txt
2015-11-25 18:24 - 2015-11-25 18:24 - 00000000 ____D C:\Users\April\Desktop\FRST-OlderVersion
2015-11-25 18:23 - 2015-11-25 18:24 - 02348544 _____ (Farbar) C:\Users\April\Desktop\FRST64.exe
2015-11-25 18:21 - 2015-11-25 18:21 - 00003196 _____ C:\windows\System32\Tasks\ReclaimerResumeInstallLogin_April
2015-11-25 18:20 - 2015-11-25 18:20 - 00003228 _____ C:\windows\System32\Tasks\ReclaimerResumeInstall_April
2015-11-16 22:14 - 2015-11-16 22:14 - 00001037 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-11-15 12:18 - 2015-11-15 12:18 - 05286088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-11-15 11:04 - 2011-03-02 22:12 - 00270336 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2015-11-15 10:53 - 2015-11-15 12:18 - 00000000 ____D C:\AdwCleaner
2015-11-13 18:01 - 2015-11-03 10:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 13:34 - 2015-11-25 18:26 - 00000000 ____D C:\FRST
2015-11-11 13:07 - 2015-11-03 15:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-11 13:07 - 2015-11-03 14:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-11 13:07 - 2015-10-30 16:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-11 13:07 - 2015-10-30 16:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-11 13:07 - 2015-10-30 16:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-11 13:07 - 2015-10-30 16:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-11 13:07 - 2015-10-30 15:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-11 13:07 - 2015-10-30 15:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 13:07 - 2015-10-30 15:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 13:07 - 2015-10-30 15:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 13:07 - 2015-10-30 15:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-11 13:07 - 2015-10-30 15:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-11 13:07 - 2015-10-30 15:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-11 13:07 - 2015-10-30 15:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-11 13:07 - 2015-10-30 15:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 13:07 - 2015-10-30 15:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 13:07 - 2015-10-30 15:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 13:07 - 2015-10-30 15:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-11 13:07 - 2015-10-30 15:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-11 13:07 - 2015-10-30 15:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-11 13:07 - 2015-10-30 15:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 13:07 - 2015-10-30 15:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-11 13:07 - 2015-10-30 15:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 13:07 - 2015-10-30 14:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 13:07 - 2015-10-30 14:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-11 13:07 - 2015-10-20 11:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-11 13:07 - 2015-10-20 11:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 13:07 - 2015-10-20 11:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-11 13:07 - 2015-10-20 11:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 13:07 - 2015-10-20 11:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-11 13:07 - 2015-10-20 10:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 13:07 - 2015-10-20 10:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 13:07 - 2015-10-20 10:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 13:07 - 2015-10-20 10:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-11 13:07 - 2015-10-20 10:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 13:06 - 2015-10-30 16:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 13:06 - 2015-10-30 16:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-11 13:06 - 2015-10-30 16:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 13:06 - 2015-10-30 16:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-11 13:06 - 2015-10-30 16:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-11 13:06 - 2015-10-30 16:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 13:06 - 2015-10-30 16:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-11 13:06 - 2015-10-30 16:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-11 13:06 - 2015-10-30 16:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-11 13:06 - 2015-10-30 16:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-11 13:06 - 2015-10-30 16:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 13:06 - 2015-10-30 16:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 13:06 - 2015-10-30 16:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-11 13:06 - 2015-10-30 16:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-11 13:06 - 2015-10-30 16:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-11 13:06 - 2015-10-30 15:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-11 13:06 - 2015-10-30 15:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-11 13:06 - 2015-10-30 15:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-11 13:06 - 2015-10-30 15:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-11 13:06 - 2015-10-30 15:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-11 13:06 - 2015-10-30 15:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-11 13:06 - 2015-10-30 15:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-11 13:06 - 2015-10-30 15:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 13:06 - 2015-10-30 15:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-11 13:06 - 2015-10-30 15:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-11 13:06 - 2015-10-30 15:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-11 13:06 - 2015-10-30 15:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 13:06 - 2015-10-30 15:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-11 13:06 - 2015-10-30 15:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-11 13:06 - 2015-10-30 15:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-11 13:06 - 2015-10-30 15:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 13:06 - 2015-10-30 15:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-11 13:06 - 2015-10-30 15:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 13:06 - 2015-10-30 15:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 13:06 - 2015-10-30 15:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-11 13:06 - 2015-10-30 15:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 13:06 - 2015-10-30 15:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-11 13:06 - 2015-10-30 14:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 13:06 - 2015-10-30 14:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 13:06 - 2015-10-19 18:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 13:06 - 2015-10-19 18:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 13:06 - 2015-10-19 18:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-11 13:06 - 2015-10-19 18:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-11 13:06 - 2015-10-19 18:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-11 13:06 - 2015-10-19 18:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-11 13:06 - 2015-10-19 18:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-11 13:06 - 2015-10-19 18:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-11 13:06 - 2015-10-19 18:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-11 13:06 - 2015-10-19 18:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-11 13:06 - 2015-10-19 18:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-11 13:06 - 2015-10-19 18:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-11 13:06 - 2015-10-19 18:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-11 13:06 - 2015-10-19 18:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-11 13:06 - 2015-10-19 18:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-11 13:06 - 2015-10-19 17:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-11 13:06 - 2015-10-19 17:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-11 13:06 - 2015-10-19 17:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-11 13:06 - 2015-10-19 17:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-11 13:06 - 2015-10-19 17:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-11 13:06 - 2015-10-19 17:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-11 13:06 - 2015-10-19 17:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-11 13:06 - 2015-10-19 17:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-11 13:06 - 2015-10-19 17:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-11 13:06 - 2015-10-19 17:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-11 13:06 - 2015-10-19 17:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-11 13:06 - 2015-10-19 17:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-11 13:06 - 2015-10-19 17:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 16:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 13:06 - 2015-10-19 16:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-11 13:06 - 2015-10-19 16:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 13:06 - 2015-10-19 16:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-11 13:06 - 2015-10-19 16:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-11 13:06 - 2015-10-19 16:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 16:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 16:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 13:06 - 2015-10-19 16:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 13:06 - 2015-09-23 06:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 13:06 - 2015-09-23 06:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 13:06 - 2015-09-23 06:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 13:04 - 2015-10-29 10:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 13:04 - 2015-10-29 10:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 13:04 - 2015-10-29 10:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 13:04 - 2015-10-29 10:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 13:04 - 2015-10-29 10:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 13:04 - 2015-10-29 10:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 13:04 - 2015-10-29 10:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 13:04 - 2015-10-13 09:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 13:04 - 2015-10-13 09:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 13:04 - 2015-10-12 21:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-11 13:04 - 2015-10-01 11:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-11 13:04 - 2015-10-01 11:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-11 13:04 - 2015-10-01 10:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-11 12:51 - 2015-11-11 13:34 - 00001684 _____ C:\Users\April\Desktop\Rkill.txt
2015-11-11 12:42 - 2015-11-11 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-11-11 12:42 - 2015-11-11 12:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-06 01:39 - 2015-11-06 01:46 - 00004736 _____ C:\windows\SysWOW64\Udigrin.ini
2015-11-06 01:39 - 2015-11-06 01:46 - 00002456 _____ C:\windows\SysWOW64\UdigrinOff.ini
2015-11-06 01:39 - 2015-11-06 01:46 - 00002456 _____ C:\windows\system32\UdigrinOff.ini
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\windows\system32\sag
2015-11-06 01:38 - 2015-11-06 01:38 - 00000000 ____D C:\Users\April\AppData\Local\Tempfolder
2015-11-06 01:38 - 2015-11-05 23:11 - 00375120 _____ C:\windows\system32\Udigrin64.dll
2015-11-06 01:38 - 2015-11-05 23:11 - 00289104 _____ C:\windows\SysWOW64\Udigrin.dll
2015-11-06 01:37 - 2015-11-06 01:37 - 00003338 _____ C:\windows\System32\Tasks\Sinne
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\Users\April\AppData\LocalLow\Company
2015-11-06 01:37 - 2015-11-06 01:37 - 00000000 ____D C:\uninst
2015-11-06 01:27 - 2015-11-06 01:55 - 00000000 ____D C:\ProgramData\DataFile
2015-11-06 01:27 - 2015-11-06 01:27 - 00000000 ____D C:\Program Files (x86)\execnowait
2015-11-06 01:25 - 2015-11-06 01:25 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2015-11-06 01:23 - 2015-11-06 01:23 - 00000000 ____D C:\Users\April\Downloads\NRaasPacker
2015-11-06 01:20 - 2015-11-06 01:20 - 00089284 _____ C:\Users\April\Downloads\liugnocvzgnomon.zip
2015-11-06 01:07 - 2015-11-06 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2015-11-06 00:55 - 2015-11-16 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora sims - Sex parts patch
2015-11-06 00:55 - 2015-11-06 00:55 - 00003216 _____ C:\windows\System32\Tasks\{A177994F-C613-478A-A500-6ED65E832F51}
2015-11-05 18:46 - 2015-11-05 18:46 - 00186880 _____ (TODO: <Company name>) C:\windows\system32\rsrcs.dll
2015-10-26 20:00 - 2015-10-26 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-26 19:56 - 2015-10-26 19:56 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-26 19:56 - 2015-10-26 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-26 19:55 - 2015-10-26 19:56 - 00000000 ____D C:\Program Files\iTunes
2015-10-26 19:55 - 2015-10-26 19:55 - 00000000 ____D C:\Program Files\iPod
2015-10-26 19:55 - 2015-10-26 19:55 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-25 18:26 - 2014-02-05 19:31 - 00000000 ____D C:\Users\April\AppData\Local\CrashDumps
2015-11-25 18:26 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-25 18:26 - 2009-07-13 20:20 - 00000000 ___HD C:\windows\inf
2015-11-25 18:23 - 2014-02-05 22:22 - 00000000 ____D C:\ProgramData\Origin
2015-11-25 18:21 - 2014-02-07 12:49 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-25 18:18 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-17 20:57 - 2009-07-13 21:45 - 00028848 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-17 20:57 - 2009-07-13 21:45 - 00028848 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-17 20:55 - 2009-07-13 22:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-11-17 20:52 - 2014-02-05 19:19 - 00000000 ____D C:\Users\April
2015-11-17 20:41 - 2009-07-13 20:20 - 00000000 ____D C:\windows\security
2015-11-16 23:39 - 2014-03-29 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 22:13 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-16 21:13 - 2014-03-29 08:15 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-16 21:06 - 2015-08-11 20:04 - 00001362 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2015-11-16 21:06 - 2015-08-11 20:04 - 00001205 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-11-16 21:06 - 2015-08-11 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-11-16 21:06 - 2015-08-11 20:03 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-11-16 21:06 - 2014-03-01 14:03 - 00000000 ____D C:\Users\April\AppData\Roaming\DVDVideoSoft
2015-11-16 20:03 - 2014-07-27 17:01 - 00000000 ____D C:\Users\April\Documents\Electronic Arts
2015-11-15 12:36 - 2014-02-05 22:21 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-15 12:19 - 2014-02-07 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-15 12:19 - 2014-02-07 12:49 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-15 12:19 - 2014-02-07 12:49 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-15 11:53 - 2015-06-28 10:39 - 00003362 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1833043278-1489670560-2515665415-1000
2015-11-15 11:53 - 2015-06-28 10:39 - 00003228 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1833043278-1489670560-2515665415-1000
2015-11-15 11:49 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-11-15 11:27 - 2009-07-13 21:45 - 00421616 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-11 14:01 - 2014-02-06 01:48 - 00000000 ____D C:\windows\system32\MRT
2015-11-11 13:54 - 2014-02-06 01:48 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-11 13:42 - 2011-11-16 20:41 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 13:05 - 2014-02-06 02:28 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-11 12:58 - 2014-03-29 08:15 - 00000000 ____D C:\Program Files (x86)\mbam
2015-11-11 12:42 - 2015-07-29 10:23 - 00001934 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-11-06 02:14 - 2014-04-09 14:29 - 00000000 ____D C:\windows\Minidump
2015-11-06 02:14 - 2014-03-21 14:42 - 00000000 ____D C:\Users\April\Documents\Youcam
2015-11-06 01:59 - 2014-05-30 15:22 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 01:50 - 2014-11-29 15:16 - 00000000 ___RD C:\Users\April\iCloudDrive
2015-11-06 01:47 - 2014-04-24 13:14 - 00000000 ____D C:\Users\April\AppData\Local\Spotify
2015-11-06 01:35 - 2014-02-05 19:24 - 00001417 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-06 01:07 - 2011-11-16 04:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-05 23:12 - 2014-06-15 14:12 - 00000000 ____D C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 21:47 - 2015-04-17 22:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-05 21:45 - 2015-04-17 22:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-05 21:26 - 2015-04-10 13:25 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-05 20:31 - 2014-04-24 13:13 - 00000000 ____D C:\Users\April\AppData\Roaming\Spotify
2015-11-05 20:28 - 2015-04-10 12:52 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-26 20:00 - 2014-02-05 22:36 - 00000000 ____D C:\Users\April\AppData\Local\Apple Computer
2015-10-26 20:00 - 2014-02-05 19:38 - 00000000 ____D C:\Users\April\AppData\Roaming\Apple Computer
2015-10-26 19:55 - 2014-02-05 22:25 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-03-06 10:52 - 2014-07-18 14:12 - 0000571 _____ () C:\Users\April\AppData\Roaming\AutoGK.ini
2015-04-03 21:58 - 2015-04-03 21:58 - 0069441 _____ () C:\Users\April\AppData\Local\1DC8B7A7_stp.CIS
2015-04-03 21:58 - 2015-04-03 21:58 - 0000309 _____ () C:\Users\April\AppData\Local\1DC8B7A7_stp.CIS.part
2015-04-03 22:06 - 2015-04-03 22:06 - 0191544 _____ () C:\Users\April\AppData\Local\38C2540F_stp.CIS
2015-04-03 22:06 - 2015-04-03 22:06 - 0000290 _____ () C:\Users\April\AppData\Local\38C2540F_stp.CIS.part
2015-04-03 22:07 - 2015-04-03 22:07 - 0702170 _____ () C:\Users\April\AppData\Local\42819D84_stp.CIS
2015-04-03 22:07 - 2015-04-03 22:07 - 0000303 _____ () C:\Users\April\AppData\Local\42819D84_stp.CIS.part
2015-04-03 21:58 - 2015-04-03 21:58 - 0385602 _____ () C:\Users\April\AppData\Local\5D515C96_stp.CIS
2015-04-03 21:58 - 2015-04-03 21:58 - 0000220 _____ () C:\Users\April\AppData\Local\5D515C96_stp.CIS.part
2014-03-01 15:23 - 2014-03-01 15:23 - 0007638 _____ () C:\Users\April\AppData\Local\Resmon.ResmonCfg
2015-07-24 11:57 - 2015-07-24 11:57 - 0000696 _____ () C:\ProgramData\SMRResults501.dat
2011-11-16 05:39 - 2011-11-16 05:39 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-11-16 05:31 - 2011-11-16 05:32 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-11-16 05:36 - 2011-11-16 05:37 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-11-16 05:32 - 2011-11-16 05:36 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-11-16 05:37 - 2011-11-16 05:39 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

Files to move or delete:
====================
C:\ProgramData\SMRResults501.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 18:07

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by April (2015-11-25 18:29:52)
Running from C:\Users\April\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-02-06 02:19:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1833043278-1489670560-2515665415-500 - Administrator - Disabled)
April (S-1-5-21-1833043278-1489670560-2515665415-1000 - Administrator - Enabled) => C:\Users\April
Guest (S-1-5-21-1833043278-1489670560-2515665415-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1833043278-1489670560-2515665415-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.120 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-J435W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.6607 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Five Nights at Freddy's 3 (HKLM-x32\...\Steam App 354140) (Version:  - Scott Cawthon)
Five Nights at Freddy's 4 (HKLM-x32\...\Steam App 388090) (Version:  - Scott Cawthon)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Studio version 6.5.5.915 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.5.915 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.61.805 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.61.805 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.0.6.1113 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.6.1 - iolo technologies, LLC)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.259 - McAfee, Inc.)
Media Go (HKLM-x32\...\{F66C4A41-C3A8-4523-AB6C-BAA1DB38305C}) (Version: 2.7.357 - Sony)
Media Go Network Downloader (HKLM-x32\...\{5562F05F-908C-4F15-9B3C-98D5FD32DCAB}) (Version: 1.5.19.0 - Sony)
Media Go Video Playback Engine 2.4.129.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.129.12060 - Sony)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Firefox 42.0 (x86 en-US) (HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 13-1112-2033 - Peter L Jones)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims Makin' Magic (HKLM-x32\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1833043278-1489670560-2515665415-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Restore Points =========================

31-10-2015 21:53:42 Windows Update
06-11-2015 01:30:27 Removed WixPCOptimizer.
06-11-2015 01:53:26 Removed WixPCOptimizer.
06-11-2015 01:55:31 Removed Apple Application Support (32-bit)
11-11-2015 13:00:26 Windows Update
11-11-2015 13:41:46 Windows Update
13-11-2015 18:05:03 Removed System Requirements Lab CYRI
15-11-2015 10:56:25 Windows Update
16-11-2015 22:09:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-11-16 23:41 - 00001245 ____A C:\windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046006C8-68DB-4ACF-BD34-F60945E1F6CD} - System32\Tasks\Sinne => C:\PROGRA~1\SHOPPE~1\Pisori.bat
Task: {0D01810C-CCFF-44F5-830C-83FA57716882} - System32\Tasks\{94044516-A912-462F-A449-28BEB0EDFC3D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}\Sims3EP11Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {0DF457CC-CB22-4501-BE8A-A4D615F42CD4} - System32\Tasks\{A2AC1278-5B2E-4217-99A0-FEDE94E36C26} => pcalua.exe -a C:\Users\April\Downloads\vcredist_x64(1).exe -d C:\Users\April\Downloads
Task: {0EA41BBA-FD23-4101-B98F-B2A452D6EF2E} - System32\Tasks\{AF379756-F271-4D3E-9228-8144F3131D2E} => pcalua.exe -a "C:\Program Files (x86)\CyberLink\Shared files\richvideoinstall.exe" -d "C:\Program Files (x86)\CyberLink\Shared files"
Task: {12FDAB3B-C14B-4927-BAC0-9A7CD4FCD987} - System32\Tasks\{AC5A2BF9-0D78-49BF-B420-122E67DAE75C} => pcalua.exe -a C:\Users\April\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\April\Downloads
Task: {1A072A63-4CAD-4F9C-9D60-EF33FE194437} - System32\Tasks\{878E9EC5-40E4-46E3-A77D-4F25223EF7EE} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{D0087539-3C57-44E0-BEE7-D779D546CBE1}\Sims3SP09Setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {1B469C26-5874-42C7-A72B-0205CC2B82CB} - System32\Tasks\{9F10CEBC-2DC3-4B6D-A381-6532F3FF6C59} => pcalua.exe -a C:\Users\April\Downloads\sims\MM_antinde.exe -d C:\Users\April\Downloads\sims
Task: {1BB8CE29-D5BB-42A4-8507-7CCC89561C62} - System32\Tasks\ReclaimerResumeInstallLogin_April => C:\Users\April\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\rnupgagent.exe [2015-11-25] (RealNetworks, Inc.)
Task: {22EB8936-D428-410A-AC00-E9DC8417C894} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {37D0A6C6-29CE-4F23-9155-362C50933B8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {3B04354E-0DED-423D-B09B-E60AAAC2FD0B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {47F156F1-560D-4FF0-A421-E6DB51ACA1C8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {53664F19-733B-498A-AA23-BD184D10FF76} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {54FAE052-9496-41CF-9C48-94E5AC64C8F3} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2015-08-15] (iolo technologies, LLC)
Task: {5819E956-17F9-455E-AD44-C311F886C8BB} - System32\Tasks\{839C790F-DA57-4D47-99A6-2DF4839BFECE} => pcalua.exe -a F:\Sims3Setup.exe -d F:\
Task: {581CD399-2220-4E16-9AB1-64E1C4A2FD81} - System32\Tasks\{7EF0BC18-E39C-4226-865A-7D7F47AB4A7D} => pcalua.exe -a "D:\Remote Programs\Virtual Families\GPlrLanc.exe" -d C:\Users\April\Desktop -c -LOpCode 1 -shortcut hxxp://www.freeridegames.com/main/shortcut.jsp?theme=Home&amp;AppId=636250&amp;RunIndex=1&amp;PrvId=143&amp;AcID=&amp;OpenShInIE=0&amp;PrvDir=Default
Task: {5972BFA9-D687-4520-A53C-AB66D5B2BEE0} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5CFDA382-B9F6-4E93-B1B8-49C33639C546} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-31] (Microsoft Corporation)
Task: {5D2A6CB7-67D6-46BE-9550-D7FA1FBBAA76} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-12-06] (Samsung Electronics CO., LTD.)
Task: {6122B6B6-08DD-475C-925F-F461CCF26E8D} - System32\Tasks\{A177994F-C613-478A-A500-6ED65E832F51} => pcalua.exe -a "E:\April Stuff\April Files\dvdvideosoft\sims\MM_antinde.exe" -d "E:\April Stuff\April Files\dvdvideosoft\sims"
Task: {68F78B61-0238-494E-BCFF-11FB5C5DA831} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {6ADFB832-05A4-4073-BAFC-201EBD7A4A08} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1833043278-1489670560-2515665415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {6AF9BA9C-7EC2-4026-9595-5082C9509C16} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {71184400-F57A-486A-B820-A86EABE32B1B} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-06-16] ()
Task: {7E39800B-9E07-4FFA-984A-970B98BE5E6F} - System32\Tasks\{AC84A31D-20DF-4C07-A3A7-BD0E4C97EB7F} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {8B7A4F06-5850-4C64-AB18-0E6C41440459} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1833043278-1489670560-2515665415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {906E2A0C-F3C7-45D0-AB62-173BA48475D4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-15] (Adobe Systems Incorporated)
Task: {953A899D-94E0-4C32-ADEB-52B70AE75601} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {A2B092BB-2D22-41A6-82D0-C1645946648C} - System32\Tasks\DivX online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-09] ()
Task: {A5E760A5-D648-4D63-80B9-F4FD44DC4635} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {A7FD2034-B2F7-400C-97A7-05F92024FD53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {B939D23D-4C4C-4F77-9768-A71CA0EAFB78} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-10-21] (Apple Inc.)
Task: {BCD9E57C-ED1E-40AF-977C-93C7F374A289} - System32\Tasks\ReclaimerResumeInstall_April => C:\Users\April\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\rnupgagent.exe [2015-11-25] (RealNetworks, Inc.)
Task: {BF07D5E8-DA2D-4DFB-87BC-44E2C8FC802B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {CEA839D3-8EE5-4486-87E2-4C6D5133CDC6} - System32\Tasks\{E74A5DA7-34E7-48BE-A006-16779C700BFB} => pcalua.exe -a C:\Users\April\Downloads\mp210swin64101ea24.exe -d C:\Users\April\Downloads
Task: {D1F56A6F-4738-44C6-9DCA-DE36CE4E00EB} - System32\Tasks\{3DD93C43-23D0-4CE3-A72B-76C7A3383109} => pcalua.exe -a "C:\Program Files (x86)\CyberLink\Shared files\richvideouninstall.exe" -d "C:\Program Files (x86)\CyberLink\Shared files"
Task: {D2BCEFA0-C2BD-4BB8-B69F-04C3D043DBF6} - System32\Tasks\{8E576B6A-BFC3-430F-B31B-479CB654BDA4} => pcalua.exe -a "D:\program files\Sim FIle Maid\SimFileMaid.exe" -d "D:\program files\Sim FIle Maid"
Task: {D3D2E16E-E4E2-46BC-BC34-6E759B6D291E} - System32\Tasks\PandaUSBVaccine => D:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {DDB64F58-8E11-4098-832F-E4C4F0C32A20} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-31] (Microsoft Corporation)
Task: {E33D6A8B-5D1A-45BC-9CBD-145CC444A793} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {E6FE7CA9-FE78-4453-B545-7AF8F09A8CBD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-06-07] (CyberLink)
Task: {EBE2330B-E412-4775-811F-A3BC9E523535} - System32\Tasks\{0C232D80-C305-4CF5-B440-28DA4027258A} => pcalua.exe -a "C:\Program Files (x86)\Nuance\PaperPort\ScannerWizardU.exe" -c /A [PaperPort 12.1] /L [eng]
Task: {EDDE8C3A-B8E4-4D85-BECF-C5F04B2D12E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {EFBDC3F6-F467-4D8F-AA49-61FA3EBDE2A5} - System32\Tasks\{AD90C3E1-26B4-47C2-83EC-0313AC70B607} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUUUnInstallHelper.exe" -d "C:\Program Files (x86)\AVG\AVG PC TuneUp"
Task: {FEC7CFD9-2391-44C3-BE1B-D5DEBAD5D87A} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 20:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-10 12:52 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-16 23:06 - 2015-06-16 23:06 - 00608320 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-06-17 02:25 - 2015-06-17 02:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-02-06 01:02 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2014-03-18 13:51 - 2005-04-21 21:36 - 00143360 ____R () C:\windows\system32\BrSNMP64.dll
2014-02-06 01:03 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-08-11 20:03 - 2015-11-13 15:15 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-08-11 20:03 - 2015-11-13 15:15 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-08-11 20:03 - 2015-11-13 15:15 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-08-11 20:03 - 2015-11-13 15:15 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-08-11 20:03 - 2015-11-13 15:15 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-08-11 20:03 - 2015-11-13 15:15 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-02-06 01:02 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2014-03-18 13:49 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-06-16 22:47 - 2015-06-16 22:47 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-06-16 23:07 - 2015-06-16 23:07 - 00066112 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2015-06-17 02:24 - 2015-06-17 02:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-06-17 02:24 - 2015-06-17 02:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-06-17 02:24 - 2015-06-17 02:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2014-02-06 00:35 - 2011-09-08 19:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-01 22:20 - 2009-11-01 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-01 22:23 - 2009-11-01 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-04-10 13:50 - 2015-04-10 13:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1833043278-1489670560-2515665415-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\April\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{17208B75-D5DF-4D75-A418-67E1E2AA4104}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6BCCA8A-83AD-40EA-BC5F-13F78DE109E3}] => (Allow) LPort=2869
FirewallRules: [{E14B7321-A550-41B4-9C62-61F29A061A56}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{745F950B-AB7C-4280-9881-A152B7B7C832}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{273D24DD-B303-4395-BF8D-283E577B52F8}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E0C19B2-25AC-4CEC-9C67-D2C4781DDC06}] => (Allow) F:\April Stuff\Left 4 Dead\Steam.exe
FirewallRules: [{FEC43685-958C-4F1D-83C1-4159265DFB10}] => (Allow) F:\April Stuff\Left 4 Dead\Steam.exe
FirewallRules: [TCP Query User{D59BA41B-B9B8-493C-AF9D-B44ADF208D83}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{162512AE-C766-4067-9829-FB229973F084}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Block) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{EE336C14-58CA-47B4-AF5A-D6281AC17B92}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F983F06-034A-4C73-B26A-78D021715CDF}C:\users\april\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\april\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9E7FFB3F-D6F0-475E-A30A-357954D72321}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4EC792F2-E385-4FE0-A2E9-FDDD811439C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{46BB68EB-50B0-48C7-8178-DDFFA62A74BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1A19C178-C5B5-4FF7-8ED9-830A6DD8F2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3ECB99E-0521-46BA-8622-2864128B5C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{E471EC3E-DDBC-460D-A25C-03F9994E7663}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{3FEEE308-7857-435B-A815-EC5CCA3CEAB7}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{66FEE290-1106-4379-A697-4D327EF71EBF}] => (Allow) C:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{F94FDE2E-FABC-4A4E-B279-A60073736F5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{00513C33-845A-4F72-A8EE-3FDC5BFC36F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [TCP Query User{6BB770E8-56C9-4635-8CEB-EB4CE9B79B7B}D:\program files\firefox\firefox.exe] => (Allow) D:\program files\firefox\firefox.exe
FirewallRules: [UDP Query User{82F64B0B-0D6A-4D1E-93AE-3DBCCAE7E811}D:\program files\firefox\firefox.exe] => (Allow) D:\program files\firefox\firefox.exe
FirewallRules: [{621A0215-DFF3-4ECB-B3B3-6D87A32AE593}] => (Allow) C:\Users\April\Downloads\3DMGAME-The.Sims.4.Outdoor.Retreat.Multi.17.Cracked-RELOADED\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{3C5495AF-C84B-47D5-B45F-132E144CCC7F}] => (Allow) C:\Users\April\Downloads\3DMGAME-The.Sims.4.Outdoor.Retreat.Multi.17.Cracked-RELOADED\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{575EDA31-F5BD-4EC4-8367-4242F71AFBF1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A9CC7DD4-07B8-4EA0-A60B-7B4C51666986}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2C3D177A-44E7-47EB-8CAD-377B06D47831}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B11978FC-1AB4-4FF7-9C04-523ABA38AF5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{3E9C3969-05D0-43A8-8764-58E47CB6898B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5833D04D-B6E0-4906-9E34-0E127E91A126}] => (Allow) D:\program files\Firefox\firefox.exe
FirewallRules: [{96440FEE-A939-4299-908B-800305FB0097}] => (Allow) D:\program files\Firefox\firefox.exe
FirewallRules: [{79B105B3-541C-4CE3-AFE1-68C555E811F7}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{730E068B-A654-4993-A4F2-7A1F809230BC}] => (Allow) D:\program files\Games\Steam\Steam.exe
FirewallRules: [{2E5001E4-197A-4A30-8E66-C779D015BB58}] => (Allow) D:\program files\Games\Steam\Steam.exe
FirewallRules: [{EA147284-FD35-41B4-B774-EFD8EF6C3FCC}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{3A3B2811-087C-4C8D-B145-485BAABFC7A0}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe
FirewallRules: [{FB112B1C-FB1C-41E6-9C13-0A7EC719F339}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [{866FCBB1-AC86-495A-A788-BA2B576ED8D3}] => (Allow) C:\Program Files (x86)\iolo\System Shield\SysShield.exe
FirewallRules: [{0375D559-B225-4F56-B5CF-0E5C77D5B198}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEAC4F54-7CCE-497D-8740-15A42F5C869A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A624A070-5415-4CBF-A35C-B39342ACCF01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{129A494D-4328-471C-BFEB-F972AE848D9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15E9A838-A440-40D3-B994-B6459AE67584}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{91A4E38F-11BD-4F89-B530-ED5B4486C21D}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{519427E8-837B-45B4-9944-06A16BCF6AB8}] => (Allow) D:\program files\Games\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{AFF38691-53DE-4F9B-9714-5D9904203CE6}] => (Allow) D:\program files\Games\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{F3690847-9471-4DEC-91C1-7AF7EA4CCE52}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7F53689F-928C-4C33-B971-300A312CA5B5}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{5CB4AF72-8CA5-4FC9-9424-2A7E114547D9}] => (Allow) D:\program files\Games\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe
FirewallRules: [{E1892A71-4B33-4567-BD35-07B00F3F62CC}] => (Allow) D:\program files\Games\Sims 4\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{6A6AF342-C707-4C43-982F-1D6A66A629AE}] => (Allow) D:\program files\Games\Sims 4\The Sims 4\Game\Bin\TS4.exe

==================== Faulty Device Manager Devices =============

Name: Atheros AR3012 Bluetooth 3.0
Description: Atheros AR3012 Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2015 06:26:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.11.2015.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c34

Start Time: 01d127e9462cbf21

Termination Time: 0

Application Path: C:\Users\April\Desktop\FRST64.exe

Report Id: a6646215-93dc-11e5-b166-e8039a169fff

Error: (11/25/2015 06:22:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.1.5.1, time stamp: 0x5450a30c
Faulting module name: CommonAgent.exe, version: 1.1.5.1, time stamp: 0x5450a30c
Exception code: 0x40000015
Fault offset: 0x0000000000186ae5
Faulting process id: 0xc1c
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3

Error: (11/25/2015 06:21:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2015 06:20:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Windv.exe, version: 1.0.0.0, time stamp: 0x562741cd
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56258f05
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xf78
Faulting application start time: 0xWindv.exe0
Faulting application path: Windv.exe1
Faulting module path: Windv.exe2
Report Id: Windv.exe3

Error: (11/25/2015 06:20:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Windv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at demoforupdaterwindow.App.Main()

Error: (11/17/2015 08:54:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2015 08:03:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Windv.exe, version: 1.0.0.0, time stamp: 0x562741cd
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19045, time stamp: 0x56258f05
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0xb48
Faulting application start time: 0xWindv.exe0
Faulting application path: Windv.exe1
Faulting module path: Windv.exe2
Report Id: Windv.exe3

Error: (11/16/2015 08:02:59 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Windv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
   at System.Windows.Application.LoadComponent(System.Uri, Boolean)
   at System.Windows.Application.DoStartup()
   at System.Windows.Application.<.ctor>b__1(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at System.Windows.Application.Run()
   at demoforupdaterwindow.App.Main()

Error: (11/16/2015 08:02:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.1.5.1, time stamp: 0x5450a30c
Faulting module name: CommonAgent.exe, version: 1.1.5.1, time stamp: 0x5450a30c
Exception code: 0x40000015
Fault offset: 0x0000000000186ae5
Faulting process id: 0xf50
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report Id: CommonAgent.exe3

Error: (11/16/2015 08:01:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/25/2015 06:31:35 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy51.

Error: (11/25/2015 06:28:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (11/25/2015 06:21:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (11/25/2015 06:19:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528}

Error: (11/17/2015 08:57:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (11/17/2015 08:57:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (11/17/2015 08:55:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/17/2015 08:54:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (11/17/2015 08:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SW Update Service service failed to start due to the following error:
%%1053

Error: (11/17/2015 08:54:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SW Update Service service to connect.


CodeIntegrity:
===================================
  Date: 2015-11-06 01:41:50.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-06 01:41:50.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-06 01:41:50.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-06 01:41:49.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 23:09:43.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 23:09:27.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\PROGRA~2\McAfee\SITEAD~1\x64\saHook.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-20 12:03:41.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-20 12:03:41.768
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-20 12:03:14.186
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-20 12:03:14.092
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 3563.8 MB
Available physical RAM: 1436.42 MB
Total Virtual: 7125.81 MB
Available Virtual: 4407.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:71.59 GB) NTFS
Drive d: () (Fixed) (Total:267.1 GB) (Free:85.32 GB) NTFS
Drive e: (LEXAR) (Removable) (Total:7.45 GB) (Free:7.19 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2EBB719C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=267.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=19.6 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:29 PM

Posted 26 November 2015 - 11:36 AM

Step 1

emsisoft_emergency_kit.pnglogo.png

  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users