Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to internet after running Malwarebytes


  • This topic is locked This topic is locked
5 replies to this topic

#1 dira

dira

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 24 November 2015 - 11:16 PM

Hi,

 

I ran Malwarebytes and it found malware which it removed. Now I can't connect to the internet or open programs as thers a little pop up on the bottom right of the screen that says "copy of windows is not genuine".

 

Help!

 

Thanks

 

PS. I cannot open malwarebytes to get any logs



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:01 AM

Posted 26 November 2015 - 11:09 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

Edited by deeprybka, 26 November 2015 - 11:09 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 26 November 2015 - 01:20 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-11-2015 02
Ran by user (2015-11-26 13:12:48)
Running from F:\
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2013-12-03 03:13:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-804185622-3987988116-3249742142-500 - Administrator - Disabled)
Guest (S-1-5-21-804185622-3987988116-3249742142-501 - Limited - Disabled)
QBPOSDBSrvUser (S-1-5-21-804185622-3987988116-3249742142-1001 - Limited - Enabled) => C:\Users\QBPOSDBSrvUser
user (S-1-5-21-804185622-3987988116-3249742142-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-804185622-3987988116-3249742142-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Ace Stream Media 3.1.0 (HKU\S-1-5-21-804185622-3987988116-3249742142-1000\...\AceStream) (Version: 3.1.0 - Ace Stream Media) <==== ATTENTION
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software)
BbeXtreme (Version: 11.0.0 - Bluebeam Software) Hidden
Bluebeam Revu 11 (HKLM\...\InstallShield_{2725054A-6EA0-4F8D-9C66-3AF9F81493EF}) (Version: 11.0.0 - Bluebeam Software)
Bluebeam Revu 11 (Version: 11.0.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 10.2.0.2141 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.2.0.2141 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PlanSwift Professional 9.0 (HKLM\...\PlanSwift 9_is1) (Version:  - Tech Unlimited, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 5.6 - Power Software Ltd)
QuickBooks (Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Point of Sale 2013 (HKLM\...\{2F6FE8E0-A61C-4C2D-A601-F5731D8F7EF0}) (Version: 22.7.712 - Intuit Inc.)
QuickBooks Premier: Contractor Edition 2010 (HKLM\...\{0700E22B-A426-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}\InprocServer32 -> C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{810CADD9-2658-4820-BA95-30199625191E}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-804185622-3987988116-3249742142-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> c:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points =========================

16-07-2015 02:00:28 Windows Update
21-07-2015 02:00:23 Windows Update
26-07-2015 14:05:58 Windows Update
04-08-2015 19:56:19 Windows Update
05-08-2015 02:00:25 Windows Update
11-08-2015 21:14:00 Windows Update
12-08-2015 02:01:00 Windows Update
15-08-2015 22:45:53 Windows Update
19-08-2015 19:36:57 Windows Update
20-08-2015 02:00:26 Windows Update
23-08-2015 20:40:53 Windows Update
27-08-2015 14:49:36 Windows Update
30-08-2015 15:47:32 Windows Update
05-09-2015 21:47:42 Windows Update
13-09-2015 14:01:48 Windows Update
13-09-2015 17:14:39 Windows Update
17-09-2015 19:35:18 Windows Update
25-09-2015 11:38:56 Windows Update
01-10-2015 20:28:12 Windows Update
06-10-2015 19:23:13 Windows Update
08-10-2015 02:00:21 Windows Update
11-10-2015 12:49:03 Windows Update
15-10-2015 19:31:48 Windows Update
16-10-2015 02:00:27 Windows Update
21-10-2015 19:12:59 Windows Update
22-10-2015 02:00:22 Windows Update
27-10-2015 19:17:13 Windows Update
01-11-2015 13:36:35 Windows Update
07-11-2015 22:52:15 Windows Update
11-11-2015 03:00:45 Windows Update
13-11-2015 03:00:46 Windows Update
17-11-2015 20:22:44 avast! antivirus system restore point
17-11-2015 20:25:08 avast! antivirus system restore point
17-11-2015 20:33:57 Windows Update
22-11-2015 13:36:19 Windows Update
23-11-2015 12:29:05 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
23-11-2015 12:43:27 avast! antivirus system restore point
23-11-2015 12:45:48 avast! antivirus system restore point
23-11-2015 13:28:52 avast! antivirus system restore point
23-11-2015 13:30:06 avast! antivirus system restore point
23-11-2015 13:34:28 avast! antivirus system restore point
23-11-2015 13:35:55 avast! antivirus system restore point
23-11-2015 13:46:16 avast! antivirus system restore point
23-11-2015 13:47:25 avast! antivirus system restore point
23-11-2015 13:56:02 avast! antivirus system restore point
23-11-2015 13:57:26 avast! antivirus system restore point
23-11-2015 14:43:24 avast! antivirus system restore point
24-11-2015 22:47:26 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2014-05-23 12:57 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1            d3oxij66pru1i3.cloudfront.net

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AEBB03E-FC4F-4C69-AB91-86963B6743D1} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {1C22451D-52FC-436C-8BC9-6722503FE563} - \Inst_Rep -> No File <==== ATTENTION
Task: {1DBDFFB6-4ADC-41D6-9288-0FFE115C736D} - \amiupdaterExd -> No File <==== ATTENTION
Task: {23524392-2BFE-4424-AEAA-86DA0EEBF253} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2EB89A4B-E91D-4A53-BCAF-0FD5A95F15CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {30E454B8-1916-4BEE-A213-856998BF6E3A} - System32\Tasks\Component Ball => Rundll32.exe "C:\Users\user\AppData\Local\Component Ball\zBin\ComponentBall.dll",#3 <==== ATTENTION
Task: {4B130515-104A-4062-90C2-FA5F13B27ECB} - System32\Tasks\JZIP => C:\Program Files\JZIP\JZIP\JZIP.exe
Task: {5832D21E-3524-488A-B5A7-9B1AC87F19EC} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {587773B8-7F75-4FD8-BAC3-5FEEC6F2EDF8} - System32\Tasks\RHFLWGOTVUIAVXFI => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {61A69AB7-ED64-496C-970A-27506837CC1B} - \amiupdaterExi -> No File <==== ATTENTION
Task: {6F27AAFA-B6C3-4371-BFEB-179A8C07D340} - \systemmgr -> No File <==== ATTENTION
Task: {70FAEF18-8AE8-4002-AAA8-E2F6E7567D30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {74A9494D-6ABC-49CF-A849-11C59FF82A28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {9426057C-DEA1-4CDC-A69A-24BD14F59CE4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {AA45B8D9-6C78-41AA-9EFC-A7191945E60A} - System32\Tasks\Ialgolea => C:\ProgramData\Ialgolea\1.0.6.1\breernid.exe
Task: {ADEFA401-0798-4C62-B5BA-DEDEF90A9F17} - \bvxvhxvh -> No File <==== ATTENTION
Task: {B5CF770E-737A-4018-82BD-94E39DAA457D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B7C154EC-3947-45F4-A606-AC023891D3E1} - \CGINCVL1 -> No File <==== ATTENTION
Task: {B9B9E780-E0BD-4649-8DDB-1FC1EE6C2FE0} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {C7EC3F6B-6EB6-4F6B-B1F9-0417AAC51F29} - System32\Tasks\Viskod => C:\PROGRA~1\SHOPPE~1\Emooom.bat
Task: {F5084077-DA43-477A-B69F-CC31EDD66EFF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RHFLWGOTVUIAVXFI.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-24 05:34 - 2015-11-10 15:47 - 00027000 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
2015-09-24 05:35 - 2015-11-10 15:47 - 00302080 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 08:09 - 2011-06-12 08:09 - 00038400 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\_socket.pyd
2011-06-12 08:09 - 2011-06-12 08:09 - 00720896 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00287232 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd
2015-04-16 07:27 - 2015-04-16 07:27 - 00018944 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd
2015-04-16 07:27 - 2015-04-16 07:27 - 02386432 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd
2015-09-24 05:31 - 2015-11-10 15:47 - 02947584 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd
2014-01-23 06:37 - 2014-01-23 06:37 - 00036352 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd
2013-12-21 08:20 - 2013-12-21 08:20 - 00053248 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\_blist.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00106496 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd
2013-12-21 08:20 - 2013-12-21 08:20 - 00040448 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00011776 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\select.pyd
2015-09-07 10:23 - 2015-11-10 15:47 - 00227944 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd
2015-04-16 07:29 - 2015-04-16 07:29 - 00112142 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll
2011-01-18 16:56 - 2011-01-18 16:56 - 00334336 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00152576 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd
2011-02-13 10:02 - 2011-02-13 10:02 - 00031232 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd
2015-09-24 05:52 - 2015-11-10 15:47 - 04064256 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd
2012-02-07 11:37 - 2012-02-07 11:37 - 00098816 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\win32api.pyd
2012-02-07 11:35 - 2012-02-07 11:35 - 00110080 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll
2012-02-07 11:38 - 2012-02-07 11:38 - 00358912 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll
2012-02-07 11:36 - 2012-02-07 11:36 - 00111616 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\win32file.pyd
2012-02-07 11:36 - 2012-02-07 11:36 - 00024064 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd
2010-10-10 17:23 - 2010-10-10 17:23 - 00723968 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\apsw.pyd
2013-01-29 11:20 - 2013-01-29 11:20 - 00082944 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd
2011-07-15 14:37 - 2011-07-15 14:37 - 00981504 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00746496 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00670720 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00966144 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00674816 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd
2012-02-07 11:37 - 2012-02-07 11:37 - 00167424 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd
2012-02-07 11:36 - 2012-02-07 11:36 - 00035840 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\win32process.pyd
2015-11-14 23:47 - 2015-11-10 15:47 - 02977792 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\lxml.etree.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00688128 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd
2015-04-16 07:29 - 2015-04-16 07:29 - 00061952 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd
2013-01-29 11:20 - 2013-01-29 11:20 - 00066048 _____ () C:\Users\user\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd
2014-10-01 11:37 - 2015-11-10 10:31 - 00027000 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\ace_update.exe
2011-06-12 08:09 - 2011-06-12 08:09 - 00038400 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\_socket.pyd
2011-06-12 08:09 - 2011-06-12 08:09 - 00720896 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd
2011-07-15 14:37 - 2011-07-15 14:37 - 00981504 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00746496 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00670720 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00966144 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd
2011-07-15 14:38 - 2011-07-15 14:38 - 00674816 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00287232 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd
2011-01-18 16:56 - 2011-01-18 16:56 - 00334336 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00011776 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\select.pyd
2011-06-12 08:06 - 2011-06-12 08:06 - 00152576 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd
2012-02-07 11:37 - 2012-02-07 11:37 - 00098816 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\win32api.pyd
2012-02-07 11:35 - 2012-02-07 11:35 - 00110080 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll
2012-02-07 11:38 - 2012-02-07 11:38 - 00358912 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll
2012-02-07 11:36 - 2012-02-07 11:36 - 00111616 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\win32file.pyd
2012-02-07 11:36 - 2012-02-07 11:36 - 00024064 _____ () C:\Users\user\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-804185622-3987988116-3249742142-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BbInstallUser => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe
MSCONFIG\startupreg: BbPrintMonitor => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{744A1790-0044-4984-BC48-316F3D1573C1}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D496F449-82D7-465C-A22D-7A080CF080C3}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA311BF6-36AA-44B0-8F34-86AB751B166C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8E0B5DB6-DD6E-4626-B528-1AF2ED37D13E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{ECF7F22C-732B-4D84-9EFA-F0129A20491E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{48E025B3-EC26-4043-BA17-2004A6193FF6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{6C26F36A-F760-4284-8A85-1BD645B9B38C}] => (Allow) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe
FirewallRules: [{28A7D11B-B7FF-4DC5-ABF3-0A555CF7C781}] => (Allow) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgrN10.exe
FirewallRules: [{EEF5B1A4-C435-4779-9A84-63E29D6E6FBE}] => (Allow) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgrN10.exe
FirewallRules: [{D33AB5BC-4A8E-4BE3-8909-D21E14F0E0C7}] => (Allow) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgr10.exe
FirewallRules: [{A4ED49A8-F890-428C-A6E6-2510F1DDD5C6}] => (Allow) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgr10.exe
FirewallRules: [{414B0A38-7D3C-4208-B8B3-F9AB64303424}] => (Allow) C:\Program Files\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
FirewallRules: [{7295CDF2-C67D-49B3-B69E-F7596EF20A3A}] => (Allow) C:\Program Files\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
FirewallRules: [{79CF4E22-811E-49D3-8D78-A6E59C80EF64}] => (Allow) C:\Program Files\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
FirewallRules: [{C3A0733A-685B-4623-B07B-0B565059A211}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{63F5CE7F-C29B-427B-8FE8-BF88EB300901}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{959DFDB5-30E0-4C42-B6BA-0E078764E861}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3695B09E-E755-489A-BBAE-65A688900940}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{48455E06-3AA7-44BF-B1C3-0F40BE21DD84}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{29C2EFCE-75CC-44BA-A957-A0FB9902B765}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{20A88D79-5969-4328-B8B2-034ECB09DF8A}] => (Allow) C:\Program Files\Veetle\Player\VeetleNet.exe
FirewallRules: [{F29C77F5-1D3C-4ACC-9A5C-3034D5E84BBB}] => (Allow) LPort=7939
FirewallRules: [{8283AFA6-64B0-4D3F-AC43-198E38138133}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
FirewallRules: [{FF05831B-1C2F-47AE-8985-4CE8663D1AC6}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
FirewallRules: [{CDAA9F2B-C216-4510-AA07-F18ECF0E6E13}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12FB196A-E782-484E-A93A-FD348BAAFD1C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63F9FC21-5725-4DD5-A3F9-C122656BC187}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A7A35A0F-3DBC-4F0B-954E-02583AA20D09}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{44AF50BB-43B8-4879-BC88-410E18653A43}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{40C5F2CF-98FA-4F16-BC89-82204738409B}] => (Allow) LPort=7939
FirewallRules: [{18A1D7CB-A297-4FE4-ADE0-7088E8D7384C}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
FirewallRules: [{99562BD3-46AD-42A3-94E5-B4D218EBE808}] => (Allow) C:\Program Files\PlanSwift9\PlanSwift.exe
FirewallRules: [TCP Query User{E5BB47F4-2DB4-49F5-857E-9D78E98A492F}C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [UDP Query User{1E33B944-6740-4507-B734-CA97683B2865}C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\user\appdata\roaming\acestream\engine\ace_engine.exe
FirewallRules: [{B4F7EFDF-5E41-4AC9-8062-D9FE15195A2E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AF6F1C99-0928-4D9D-BE72-7FBFA989A015}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{55DB5E46-B738-47D8-8974-49EBABF79925}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{49BA154D-ACB4-4B1E-A239-CF47E3125E79}] => (Allow) C:\Windows\system32\rundll32.exe

==================== Faulty Device Manager Devices =============

Name: LSI 1394 OHCI Compliant Host Controller
Description: LSI 1394 OHCI Compliant Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: LSI
Service: 1394ohci
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2015 01:09:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2015 01:09:46 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (11/25/2015 00:28:37 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/25/2015 11:50:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdVPN.exe, version: 1.1.0.0, time stamp: 0x56372b44
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0x88c
Faulting application start time: 0xAdVPN.exe0
Faulting application path: AdVPN.exe1
Faulting module path: AdVPN.exe2
Report Id: AdVPN.exe3

Error: (11/25/2015 11:50:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AdVPN.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at AdVpnClient.App.Main()

Error: (11/25/2015 11:47:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdVPN.exe, version: 1.1.0.0, time stamp: 0x56372b44
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18847, time stamp: 0x554d7b00
Exception code: 0xe0434352
Fault offset: 0x0000812f
Faulting process id: 0xdb4
Faulting application start time: 0xAdVPN.exe0
Faulting application path: AdVPN.exe1
Faulting module path: AdVPN.exe2
Report Id: AdVPN.exe3

Error: (11/25/2015 11:47:38 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AdVPN.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at AdVpnClient.App.Main()

Error: (11/25/2015 11:37:19 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (11/25/2015 10:52:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2015 10:51:59 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (11/26/2015 01:13:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%193

Error: (11/26/2015 01:13:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%193

Error: (11/26/2015 01:13:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error:
%%193


CodeIntegrity:
===================================
  Date: 2015-11-23 12:40:24.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 26%
Total physical RAM: 3070.04 MB
Available physical RAM: 2252.8 MB
Total Virtual: 6138.4 MB
Available Virtual: 5222.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:293.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Untitled Project) (CDROM) (Total:1.47 GB) (Free:0 GB) UDF
Drive f: () (Fixed) (Total:29.8 GB) (Free:22.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E912E912)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 6C62BBA4)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-11-2015 02
Ran by user (administrator) on USER-PC (26-11-2015 13:11:45)
Running from F:\
Loaded Profiles: user & QBPOSDBSrvUser (Available Profiles: user & QBPOSDBSrvUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intuit, Inc.) C:\Program Files\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBDBMgr10.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Users\user\AppData\Roaming\ACEStream\updater\ace_update.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-20] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\...\Run: [AceStream] => C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe [27000 2015-11-10] ()
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\...\Run: [Rwefihjgvy] => rundll32 "C:\Users\user\AppData\Roaming\C_200002.dll",Dtvq
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-20] (Avast Software s.r.o.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JZIP.lnk [2015-11-23]
ShortcutTarget: JZIP.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
CHR HKU\S-1-5-21-804185622-3987988116-3249742142-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1            d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3778F0AF-DDFB-4219-B18F-DEFFA8DEA0FB}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3778F0AF-DDFB-4219-B18F-DEFFA8DEA0FB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-804185622-3987988116-3249742142-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-804185622-3987988116-3249742142-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-20] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll [2013-08-15] (Intuit Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3zqasmzk.default-1429581820035
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @BluebeamPDF/PDF viewer -> C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Revu\Mozilla\npBluebeamMozillaPlugin.dll [2013-03-14] (Bluebeam Software, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2012-01-13] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2012-01-13] (Veetle Inc)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-804185622-3987988116-3249742142-1000: @acestream.net/acestreamplugin,version=3.1.0 -> C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll [2015-08-06] (Innovative Digital Technologies)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3zqasmzk.default-1429581820035\user.js [2015-11-23]
FF Extension: No Name - C:\Program Files\shopperz231120150833\Firefox\{AF2E0948-428D-4368-809E-D4D89EED4A53}.xpi [not found]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-24] [not signed]
FF HKU\S-1-5-21-804185622-3987988116-3249742142-1000\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\user\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-21]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-21]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-23]
CHR HKU\S-1-5-21-804185622-3987988116-3249742142-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-20] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-20] (Avast Software)
R2 Intuit Entitlement Service v8; C:\Program Files\Common Files\Intuit\Entitlement Client\v8\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [24680 2011-12-23] (Intuit, Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 QBCFMonitorService; c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBPOSDBServiceV11; C:\Program Files\Intuit\QuickBooks Point of Sale 11.0\DatabaseServer\QBPOSDBService.exe [3141192 2013-08-15] (Intuit Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-20] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113608 2013-04-15] (Power Software Ltd)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2015-11-23] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-20] (Avast Software)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-26 13:10 - 2015-11-26 13:11 - 00000000 ____D C:\FRST
2015-11-25 11:53 - 2015-11-25 11:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi (2).dll
2015-11-25 11:38 - 2015-11-25 11:38 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2015-11-25 11:29 - 2015-11-25 11:29 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-25 11:26 - 2015-11-25 11:30 - 00001908 _____ C:\Windows\diagwrn.xml
2015-11-25 11:26 - 2015-11-25 11:30 - 00001908 _____ C:\Windows\diagerr.xml
2015-11-25 11:20 - 2015-11-25 11:33 - 00000400 __RSH C:\ProgramData\ntuser.pol
2015-11-25 10:03 - 2015-11-25 10:06 - 00041726 _____ C:\Windows\ntbtlog.txt
2015-11-24 21:49 - 2015-11-24 21:49 - 00000000 ____D C:\ProgramData\Emsisoft
2015-11-24 21:39 - 2015-11-24 22:55 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-11-24 19:49 - 2015-11-24 19:49 - 00000000 ____D C:\ProgramData\GroupPolicy
2015-11-24 19:39 - 2015-11-24 22:55 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer
2015-11-24 19:39 - 2015-11-24 19:39 - 00000000 ____D C:\ProgramData\UVK
2015-11-24 19:13 - 2015-11-24 22:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-24 17:18 - 2015-11-24 17:18 - 00000000 __SHD C:\Windows\ftpcache
2015-11-24 17:17 - 2015-11-24 22:55 - 00000000 ____D C:\OST Trial Installer
2015-11-23 18:31 - 2015-11-23 18:31 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-11-23 15:23 - 2015-11-24 22:05 - 00000000 ____D C:\Users\user\AppData\Roaming\FEP
2015-11-23 15:12 - 2015-11-23 15:12 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-23 15:08 - 2015-11-24 22:55 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-11-23 15:08 - 2015-11-23 16:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-23 15:00 - 2015-11-23 15:00 - 00000000 ____D C:\Users\user\AppData\Roaming\AVAST Software
2015-11-23 12:47 - 2015-11-23 12:47 - 00004664 _____ C:\Windows\system32\Suxdhe.ini
2015-11-23 12:47 - 2015-11-23 12:47 - 00002376 _____ C:\Windows\system32\SuxdheOff.ini
2015-11-23 12:45 - 2015-11-23 12:46 - 00000000 ____D C:\Users\user\AppData\Local\Tempfolder
2015-11-23 12:45 - 2015-11-23 12:45 - 00000000 ____D C:\Windows\system32\sot
2015-11-23 12:39 - 2015-11-23 13:24 - 00000000 ____D C:\Users\user\AppData\LocalLow\Company
2015-11-23 12:39 - 2015-11-23 12:39 - 00000000 ____D C:\uninst
2015-11-23 12:38 - 2015-11-26 13:09 - 00000340 ____H C:\Windows\Tasks\RHFLWGOTVUIAVXFI.job
2015-11-23 12:38 - 2015-11-23 12:38 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-11-23 12:31 - 2015-11-23 12:48 - 00000000 _____ C:\Windows\system32\outputfilePath
2015-11-23 12:29 - 2015-11-24 23:23 - 00000000 ____D C:\Program Files\AdVPN
2015-11-23 12:29 - 2015-11-23 12:29 - 00026624 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-11-23 12:28 - 2015-11-23 12:28 - 00002560 _____ C:\Users\user\AppData\Local\uninstall.exe
2015-11-23 12:28 - 2014-05-23 12:57 - 00000867 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-11-23 12:26 - 2015-11-23 13:26 - 00000000 ____D C:\Users\user\AppData\Roaming\proical
2015-11-23 12:25 - 2015-11-23 12:25 - 00517120 __RSH C:\Users\user\AppData\Roaming\C_200002.dll
2015-11-12 19:25 - 2015-11-03 12:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 20:59 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 20:59 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 20:59 - 2015-10-30 17:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 20:59 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 20:59 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 20:59 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 20:59 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 20:59 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 20:59 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 20:59 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 20:59 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 20:59 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 20:59 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 20:59 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 20:59 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 20:59 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 20:59 - 2015-10-30 17:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 20:59 - 2015-10-30 17:31 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 20:59 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 20:59 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 20:59 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 20:59 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 20:59 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 20:59 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 20:59 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 20:59 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 20:59 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 20:59 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 20:59 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 20:59 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 20:59 - 2015-10-30 17:09 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 20:59 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 20:59 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 20:59 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 20:59 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 20:59 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 20:59 - 2015-10-29 12:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 20:59 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 20:59 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-10 20:59 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 20:59 - 2015-10-19 19:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 20:59 - 2015-10-19 19:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 20:59 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 20:59 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 20:59 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 20:59 - 2015-10-19 19:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 20:59 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 20:59 - 2015-10-19 19:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 20:59 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 20:59 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 20:59 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 20:59 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 20:59 - 2015-10-19 18:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 20:59 - 2015-10-19 18:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 20:59 - 2015-10-19 18:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 20:59 - 2015-10-13 11:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 20:59 - 2015-10-13 11:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 20:59 - 2015-10-12 23:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 20:58 - 2015-10-20 12:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 20:58 - 2015-10-20 12:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 20:58 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 20:58 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 20:58 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 20:58 - 2015-10-20 12:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 20:58 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 20:58 - 2015-10-20 12:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 20:58 - 2015-10-20 12:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 20:58 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 20:58 - 2015-10-20 12:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 20:58 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 20:58 - 2015-10-01 12:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 20:58 - 2015-09-23 08:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 20:58 - 2015-09-23 08:09 - 00251000 ____N (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 20:58 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives(81).dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-26 13:10 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2015-11-26 13:09 - 2013-12-04 22:24 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2015-11-26 13:09 - 2013-12-02 22:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-26 13:09 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-25 12:30 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-25 12:30 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-25 12:21 - 2013-12-02 22:36 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-25 12:04 - 2013-12-12 20:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-25 11:23 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-25 11:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2015-11-25 11:20 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-25 10:50 - 2010-11-20 16:29 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-11-25 10:50 - 2010-11-20 16:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2015-11-25 10:50 - 2010-11-20 16:29 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2015-11-24 23:23 - 2015-10-18 15:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-24 23:23 - 2015-04-21 19:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-24 23:23 - 2015-04-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-24 23:23 - 2014-11-27 20:49 - 00000000 ____D C:\Users\user\Downloads\DRPU bulk SMS
2015-11-24 23:23 - 2014-06-23 16:12 - 00000000 ____D C:\Users\user\Downloads\Adobe Photoshop CC 2014 (32 bit) (Crack) [ChingLiu]
2015-11-24 23:23 - 2014-06-23 15:45 - 00000000 ____D C:\Users\user\Downloads\Adobe Photoshop CC 2014 (64 bit) (Crack) [ChingLiu]
2015-11-24 23:23 - 2013-12-24 23:02 - 00000000 ____D C:\Users\user\Downloads\QB2013_Patcher
2015-11-24 23:23 - 2013-12-24 22:30 - 00000000 ____D C:\Users\QBPOSDBSrvUser
2015-11-24 23:23 - 2013-12-08 22:36 - 00000000 ____D C:\Users\user\Downloads\QuickBooks Premier  2010
2015-11-24 23:23 - 2013-12-04 22:53 - 00000000 ____D C:\Users\user\Downloads\Bluebeam PDF Revu eXtreme 11.0 Patch And Custom-MPT
2015-11-24 23:23 - 2013-12-03 19:05 - 00000000 ____D C:\Users\user\Downloads\Office 2013 Pro Plus Retail 32bit Halloweenpsycho
2015-11-24 23:23 - 2013-12-03 18:36 - 00000000 ____D C:\Users\user\Downloads\WinRAR 5.01 Final [x86x64]+Key-FFF
2015-11-24 23:23 - 2013-12-02 23:13 - 00000000 ____D C:\Users\user\Downloads\Office.2010.Toolkit.and.EZ-Activator.2.2.3
2015-11-24 23:23 - 2013-12-02 23:11 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-11-24 23:23 - 2013-12-02 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-24 23:23 - 2013-12-02 22:35 - 00000000 ____D C:\Program Files\Google
2015-11-24 23:23 - 2013-12-02 22:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-24 23:23 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-24 23:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2015-11-24 23:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-24 22:56 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-11-24 22:52 - 2013-12-02 22:32 - 00000000 ____D C:\ProgramData\AVAST Software
2015-11-24 22:51 - 2013-12-02 22:34 - 00000000 ____D C:\Program Files\AVAST Software
2015-11-24 20:09 - 2014-05-23 13:00 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieUserList
2015-11-24 20:09 - 2014-05-23 13:00 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieSiteList
2015-11-23 16:06 - 2014-04-10 22:44 - 00000000 ____D C:\ProgramData\SNT
2015-11-23 13:38 - 2014-04-10 22:46 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 13:29 - 2015-04-20 22:12 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-23 13:29 - 2015-04-20 21:12 - 00001957 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-11-23 13:29 - 2014-11-27 21:26 - 00001707 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-23 13:29 - 2014-11-27 21:24 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-23 13:29 - 2014-06-30 19:48 - 00000919 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-23 13:29 - 2014-06-23 16:30 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2015-11-23 13:29 - 2014-04-10 22:46 - 00001014 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-23 13:29 - 2014-01-11 18:45 - 00000978 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-23 13:29 - 2013-12-24 22:30 - 00002265 _____ C:\Users\Public\Desktop\Accept Credit Cards in Point of Sale.lnk
2015-11-23 13:29 - 2013-12-24 22:30 - 00002121 _____ C:\Users\Public\Desktop\QuickBooks Point of Sale 2013.lnk
2015-11-23 13:29 - 2013-12-08 22:57 - 00002133 _____ C:\Users\Public\Desktop\QuickBooks Premier - Contractor Edition 2010.lnk
2015-11-23 13:29 - 2013-12-04 23:05 - 00001060 _____ C:\Users\Public\Desktop\Bluebeam Revu.lnk
2015-11-23 13:29 - 2013-12-03 18:46 - 00000959 _____ C:\Users\Public\Desktop\PowerISO.lnk
2015-11-23 13:29 - 2013-12-03 18:38 - 00000969 _____ C:\Users\Public\Desktop\WinRAR.lnk
2015-11-23 13:29 - 2013-12-03 01:02 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-23 13:29 - 2013-12-03 01:02 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-23 13:29 - 2013-12-02 23:01 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-23 13:29 - 2013-12-02 23:01 - 00001983 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-11-23 13:29 - 2013-12-02 22:37 - 00002083 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-23 13:29 - 2013-12-02 22:27 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-23 13:29 - 2013-12-02 22:27 - 00001099 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-23 13:29 - 2013-12-02 22:14 - 00001389 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-23 13:29 - 2009-07-13 23:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-23 13:29 - 2009-07-13 23:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-11-23 13:29 - 2009-07-13 23:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-11-23 13:29 - 2009-07-13 23:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-11-23 13:28 - 2015-10-18 14:10 - 00001892 _____ C:\Users\user\Desktop\Ace Stream Media Center.lnk
2015-11-23 13:28 - 2015-10-18 14:10 - 00001876 _____ C:\Users\user\Desktop\Ace Player.lnk
2015-11-23 13:28 - 2015-05-14 11:26 - 00000954 _____ C:\Users\user\Desktop\PlanSwift 9.lnk
2015-11-23 13:28 - 2014-02-06 23:02 - 00001077 _____ C:\Users\user\Desktop\Bullzip PDF Printer.lnk
2015-11-23 13:28 - 2013-12-03 18:38 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-11-23 13:28 - 2013-12-02 23:12 - 00000812 _____ C:\Users\user\Desktop\µTorrent.lnk
2015-11-23 13:28 - 2013-12-02 23:12 - 00000792 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-23 13:28 - 2009-07-13 23:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-11-23 13:28 - 2009-07-13 23:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-11-23 13:26 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Performance
2015-11-23 12:59 - 2014-04-10 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-23 12:59 - 2014-04-10 22:46 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-23 12:26 - 2014-05-23 13:00 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
2015-11-23 12:26 - 2014-05-23 13:00 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
2015-11-23 12:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-22 14:13 - 2015-04-28 18:47 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-11-22 13:59 - 2015-10-18 14:11 - 00000000 ____D C:\Users\user\AppData\Roaming\.ACEStream
2015-11-22 13:52 - 2015-10-18 14:27 - 00000000 ___HD C:\_acestream_cache_
2015-11-14 22:42 - 2015-10-18 14:09 - 00000000 ____D C:\Users\user\AppData\Roaming\ACEStream
2015-11-14 22:39 - 2009-07-13 23:33 - 00455560 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 03:34 - 2010-11-20 19:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 03:19 - 2013-12-02 23:18 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 03:10 - 2013-12-02 23:18 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 03:06 - 2013-12-03 19:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 20:14 - 2013-12-02 22:51 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-10 20:14 - 2013-12-02 22:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-11-23 12:25 - 2015-11-23 12:25 - 0517120 __RSH () C:\Users\user\AppData\Roaming\C_200002.dll
2014-06-29 19:27 - 2014-06-29 19:27 - 0000112 _____ () C:\Users\user\AppData\Roaming\JP2K CS6 Prefs
2015-11-23 12:28 - 2015-11-23 12:28 - 0002560 _____ () C:\Users\user\AppData\Local\uninstall.exe
2013-12-04 23:08 - 2013-12-24 22:31 - 0000540 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-07-20 10:27 - 2013-07-20 10:27 - 0002504 _____ () C:\ProgramData\regid.1983-04.com.intuit,IFS,POS_E1171703-BD05-428F-99A1-7FE2FC879DE2.swidtag

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\JZIP.exe
C:\Users\user\AppData\Local\Temp\SpOrder.dll
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\UninstallModule.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2013-12-02 23:12] - [2013-12-02 23:12] - 0270336 ____A () 815563163CCAF6390633A90966013E35

C:\Windows\system32\dnsapi.dll => no Company Name <===== ATTENTION

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-23 11:56

==================== End of FRST.txt ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:01 AM

Posted 26 November 2015 - 04:14 PM

Hi there,

 

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.

 

Step 2

frst.pngfrstsearch.png

  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:

dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 dira

dira
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 26 November 2015 - 08:11 PM

Hi, I eneded up reinstalling windows again to get rid of the issue. I appriciate your help.

Thanks



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:01 AM

Posted 27 November 2015 - 01:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users