Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Patched.JX/DNSAPI.dll infected. Can't connect to internet.


  • This topic is locked This topic is locked
5 replies to this topic

#1 IMessedUpBadly

IMessedUpBadly

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 01 December 2015 - 09:53 PM

OK, so I am a complete idiot and forgot to click custom installation for a program, and now I'm running AVG, hearing the little noise it makes when a threat is found, but can't delete any due to Patched.JX infecting DNSAPI.dll and me not being able to connect to the internet. Help.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 02 December 2015 - 12:02 PM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
  • Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.
Shall we begin then?

===

Please run this tool to get some information about your computer.

Farbar Recovery Scan Tool

Please download the correct version of Farbar Recovery Scan Tool and save it to your Desktop.

32-bit version here

64-bit version here

Note 1: Don't know if your Windows is 32-bit or 64-bit? Check it out here. The Automatic detection section should give you information about your OS. If it's not, use the Manual detection section.

Note 2: Temporary disable your antivirus and/or antimalware if they flag FRST as unsafe, as the tool is safe.
  • Right click on FRST/FRST64.exe and choose Run as Administrator.
  • When the tool launches, choose Yes at the disclaimer.
  • Choose Scan.
  • The tool will produces a log named FRST.txt in the same location where the tool is run from.
  • Please copy the log and paste it here.
On its first run FRST will generate an Addition.txt log in the same location as the other log. Please copy and paste that along with the main log in your reply.

Regards,
Alex

#3 IMessedUpBadly

IMessedUpBadly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 02 December 2015 - 03:43 PM

Hi Alex, I just finished scanning with FRST. Here is the log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Loly (administrator) on VAIO (02-12-2015 15:37:28)
Running from C:\Users\Jean\Desktop
Loaded Profiles: Loly (Available Profiles: Loly)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
() C:\Program Files\AmazingTab\amztab.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
() C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\knsj3D24.tmpfs
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Media Group) C:\Program Files (x86)\Client Media Profile\updateservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
() C:\Program Files (x86)\dataup\dataup.exe
() C:\Users\Jean\AppData\Roaming\TieydxOtai\Shooth.exe
() C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\hnsk734F.tmp
() C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\jnsf59CA.tmp
(Media Group) C:\Program Files (x86)\Client Media Profile\runservice.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Jean\AppData\Local\Temp\20151202\ct.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Facebook Inc.) C:\Users\Jean\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(TODO: <Company name>) C:\Program Files (x86)\Note-up\Note-up.exe
() C:\Users\Jean\AppData\Roaming\DailyWiki\DailyWiki.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Media Group) C:\Program Files (x86)\Client Media Profile\prfmc.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] (zik.mu)
HKLM\...\Run: [Sound+] => C:\Program Files\Sound+\Sound+.exe [4143616 2015-10-23] (Sound+)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254976 2015-07-23] (Razer Inc.)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components  Inc)
HKLM-x32\...\Run: [cpx] => "C:\Program Files (x86)\cpx\cpx.exe" -starup
HKLM-x32\...\Run: [msrtn32] => "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [DailyWiki] => C:\Users\Jean\AppData\Roaming\DailyWiki\DailyWiki.exe [48673472 2015-10-13] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\Run: [Facebook Update] => C:\Users\Jean\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-27] (Facebook Inc.)
HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk [2015-02-07]
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\WINDOWS\system32\Xivdukzijp.dll No File 
Winsock: Catalog9 02 C:\WINDOWS\system32\Xivdukzijp.dll No File 
Winsock: Catalog9 03 C:\WINDOWS\system32\Xivdukzijp.dll No File 
Winsock: Catalog9 04 C:\WINDOWS\system32\Xivdukzijp.dll No File 
Winsock: Catalog9 05 C:\WINDOWS\system32\Cumuli.dll No File 
Winsock: Catalog9 06 C:\WINDOWS\system32\Cumuli.dll No File 
Winsock: Catalog9 07 C:\WINDOWS\system32\Cumuli.dll No File 
Winsock: Catalog9 08 C:\WINDOWS\system32\Cumuli.dll No File 
Winsock: Catalog9 21 C:\WINDOWS\system32\Cumuli.dll No File 
Winsock: Catalog9 22 C:\WINDOWS\system32\Xivdukzijp.dll No File 
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Xivdukzijp64.dll No File 
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Xivdukzijp64.dll No File 
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Xivdukzijp64.dll No File 
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Xivdukzijp64.dll No File 
Winsock: Catalog9-x64 05 C:\WINDOWS\system32\Cumuli64.dll No File 
Winsock: Catalog9-x64 06 C:\WINDOWS\system32\Cumuli64.dll No File 
Winsock: Catalog9-x64 07 C:\WINDOWS\system32\Cumuli64.dll No File 
Winsock: Catalog9-x64 08 C:\WINDOWS\system32\Cumuli64.dll No File 
Winsock: Catalog9-x64 21 C:\WINDOWS\system32\Cumuli64.dll No File 
Winsock: Catalog9-x64 22 C:\WINDOWS\system32\Xivdukzijp64.dll No File 
Tcpip\..\Interfaces\{0f372adb-22cd-43b2-a648-1c3ac7d93b8a}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3faf3aa5-c5fa-4a4d-b944-b964934f9783}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3faf3aa5-c5fa-4a4d-b944-b964934f9783}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6bb4f047-2706-11e5-9bbe-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{79a22225-eeef-4523-8112-6910e9d88162}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{acf02c0f-5683-11e5-9bc2-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{b548794d-37b4-4978-8d44-96fad408eb26}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{eb301612-9606-45c7-9463-154ace7ae013}: [NameServer] 104.197.191.4
 
Internet Explorer:
==================
HKU\S-1-5-21-678270828-616068372-2974516214-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBD4ED231-F965-41B9-A165-120CCB498695&SearchSource=55&CUI=&UM=8&UP=SP0451F806-0243-4115-B1E7-B29101538C7F&D=120115&SSPV=
SearchScopes: HKU\S-1-5-21-678270828-616068372-2974516214-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I9B053A96-2930-4D67-A6CB-4B6CD8A5F8B6&SearchSource=58&CUI=&UM=8&UP=SP15462AFB-BB26-4B44-A14F-2B035D4AC0F8&D=051715&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-678270828-616068372-2974516214-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=I9B053A96-2930-4D67-A6CB-4B6CD8A5F8B6&SearchSource=58&CUI=&UM=8&UP=SP15462AFB-BB26-4B44-A14F-2B035D4AC0F8&D=051715&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-678270828-616068372-2974516214-1000 -> {35D2FC7D-586C-4B0C-B15B-625A5D864509} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056,
SearchScopes: HKU\S-1-5-21-678270828-616068372-2974516214-1000 -> {A34DD334-0A6F-4903-AFF1-F985E2B8D02D} URL = hxxp://www-mysearch.com/s.ashx?prd=opensearch&q={searchTerms}&s=FBMzamotn8173,e6b8c0f6-4c1b-453b-aca8-95363e199612,
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-678270828-616068372-2974516214-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jean\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-678270828-616068372-2974516214-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-26] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{248F4181-27F4-4D6E-86FF-5797F8C03A63}] - C:\Program Files\shopperz021220150220\Firefox\{248F4181-27F4-4D6E-86FF-5797F8C03A63}.xpi => not found
FF HKLM\...\Firefox\Extensions: [{F46FC2AA-46BB-4769-8653-DA1B0140A3FF}] - C:\Program Files\shopperz011220150919\Firefox\{F46FC2AA-46BB-4769-8653-DA1B0140A3FF}.xpi
FF Extension: shopperz011220150919 - C:\Program Files\shopperz011220150919\Firefox\{F46FC2AA-46BB-4769-8653-DA1B0140A3FF}.xpi [2015-12-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{1A1A8EF9-8888-4C53-802B-2C303506FFDB}] - C:\Program Files\groover021220150234\Firefox\{1A1A8EF9-8888-4C53-802B-2C303506FFDB}.xpi
FF Extension: groover021220150234 - C:\Program Files\groover021220150234\Firefox\{1A1A8EF9-8888-4C53-802B-2C303506FFDB}.xpi [2015-12-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{248F4181-27F4-4D6E-86FF-5797F8C03A63}] - C:\Program Files\shopperz021220150220\Firefox\{248F4181-27F4-4D6E-86FF-5797F8C03A63}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{F46FC2AA-46BB-4769-8653-DA1B0140A3FF}] - C:\Program Files\shopperz011220150919\Firefox\{F46FC2AA-46BB-4769-8653-DA1B0140A3FF}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{1A1A8EF9-8888-4C53-802B-2C303506FFDB}] - C:\Program Files\groover021220150234\Firefox\{1A1A8EF9-8888-4C53-802B-2C303506FFDB}.xpi
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBD4ED231-F965-41B9-A165-120CCB498695&SearchSource=55&CUI=&UM=8&UP=SP0451F806-0243-4115-B1E7-B29101538C7F&D=120115&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBD4ED231-F965-41B9-A165-120CCB498695&SearchSource=55&CUI=&UM=8&UP=SP0451F806-0243-4115-B1E7-B29101538C7F&D=120115&SSPV="
CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBD4ED231-F965-41B9-A165-120CCB498695&SearchSource=58&CUI=&UM=8&UP=SP0451F806-0243-4115-B1E7-B29101538C7F&D=120115&q={searchTerms}&SSPV=
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> hxxps://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MBD4ED231-F965-41B9-A165-120CCB498695&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SP0451F806-0243-4115-B1E7-B29101538C7F&SAT=CNTS&D=120115
CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}&SSPV=
CHR Profile: C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Google Search) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AgarioMods Evergreen Script) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2015-09-18]
CHR Extension: (Google Wallet) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Extutil) - C:\Users\Jean\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-12-01]
CHR Extension: (Plugin Mart) - C:\Users\Jean\AppData\Local\Plugin Mart\Component [2015-12-01]
CHR Extension: (Managera) - C:\Users\Jean\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-12-01]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AmazingTab Update; C:\Program Files\AmazingTab\amztab.exe [665088 2015-11-22] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2875576 2015-11-13] (Microsoft Corporation)
R2 cmp update service; C:\Program Files (x86)\Client Media Profile\updateservice.exe [307712 2015-11-18] (Media Group) [File not signed]
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
R2 gezukixo; C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\hnsk734F.tmp [570368 2015-12-01] () [File not signed]
R2 Goups; C:\Users\Jean\AppData\Roaming\TieydxOtai\Shooth.exe [134496 2015-12-01] ()
S2 lymuvono; C:\Users\Jean\AppData\Local\58896D30-1449000092-11E1-B318-30F9EDB00B92\snsdD3CF.tmp [331776 2015-12-01] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 roquhoxy; C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\jnsf59CA.tmp [397312 2015-12-01] () [File not signed]
R2 run cmp service; C:\Program Files (x86)\Client Media Profile\runservice.exe [183808 2015-11-18] (Media Group) [File not signed]
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-07-23] (Razer Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Jean\AppData\Local\Temp\20151202\ct.exe [851968 2015-09-12] (Google Inc.) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671512 2014-12-22] (Wacom Technology, Corp.)
S3 Xivdukzijp; C:\Program Files\shopperz011220150919\Xivdukzijp.exe [2030432 2015-12-01] ()
R2 bikyqody; C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\knsj3D24.tmpfs [X]
S2 Bylrimj; "C:\Users\Jean\AppData\Roaming\SonpeFic\Sebashi.exe" -cms [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows ® Codename Longhorn DDK provider)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2015-09-27] (hxxp://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 SnakeEyes; C:\Windows\system32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 ccnovflt; \??\C:\WINDOWS\system32\drivers\ccnovflt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 15:37 - 2015-12-02 15:37 - 00023469 _____ C:\Users\Jean\Desktop\FRST.txt
2015-12-02 15:37 - 2015-12-02 15:34 - 02350080 _____ (Farbar) C:\Users\Jean\Desktop\FRST64.exe
2015-12-02 15:35 - 2015-12-02 15:35 - 00000000 ____D C:\FRST
2015-12-02 15:32 - 2015-12-02 15:32 - 00016148 _____ C:\WINDOWS\system32\VAIO_Loly_HistoryPrediction.bin
2015-12-02 14:59 - 2015-12-02 15:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-01 22:02 - 2015-12-02 15:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-01 22:02 - 2015-12-01 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-01 22:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-01 22:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-01 22:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-01 21:55 - 2015-12-01 21:58 - 00002958 _____ C:\Users\Jean\Desktop\Rkill.txt
2015-12-01 21:38 - 2015-12-01 21:40 - 00810396 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_21.38.18_log.txt
2015-12-01 21:36 - 2015-12-01 21:36 - 00000000 ____D C:\WINDOWS\system32\tot
2015-12-01 21:34 - 2015-12-01 21:34 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-12-01 21:32 - 2015-12-01 21:34 - 00267252 _____ C:\TDSSKiller.3.1.0.7_01.12.2015_21.32.59_log.txt
2015-12-01 21:28 - 2015-12-01 21:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-01 20:35 - 2015-12-01 20:35 - 00000000 ____D C:\WINDOWS\system32\utyn
2015-12-01 20:23 - 2015-12-01 20:23 - 00003260 _____ C:\WINDOWS\System32\Tasks\UNELEVATE_24645
2015-12-01 20:22 - 2015-12-01 20:22 - 00003390 _____ C:\WINDOWS\System32\Tasks\Oduko
2015-12-01 20:21 - 2015-12-01 20:23 - 00000000 ____D C:\Program Files\groover021220150234
2015-12-01 20:20 - 2015-12-01 20:23 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010163
2015-12-01 20:20 - 2015-12-01 20:22 - 00000000 ____D C:\Users\Jean\AppData\Local\gmsd_us_005010163
2015-12-01 20:20 - 2015-12-01 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
2015-12-01 20:20 - 2015-12-01 20:20 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-12-01 20:17 - 2015-12-01 20:23 - 00000000 ____D C:\Users\Jean\AppData\Local\58896D30-1449001078-11E1-B318-30F9EDB00B92
2015-12-01 20:16 - 2015-12-01 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-12-01 20:15 - 2015-12-01 20:15 - 00000000 ___HD C:\$AVG
2015-12-01 20:13 - 2015-12-02 14:47 - 00000000 ____D C:\Users\Jean\AppData\Local\DailyWiki
2015-12-01 20:13 - 2015-12-01 21:36 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-12-01 20:13 - 2015-12-01 20:23 - 00000000 ____D C:\ProgramData\ShopperPro
2015-12-01 20:13 - 2015-12-01 20:15 - 00000000 ____D C:\Users\Jean\AppData\Local\BrowserHelper
2015-12-01 20:13 - 2015-12-01 20:13 - 00004602 _____ C:\WINDOWS\System32\Tasks\ShopperPro
2015-12-01 20:13 - 2015-12-01 20:13 - 00004382 _____ C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_393538313030312d344a414155342a2a236c6c5a
2015-12-01 20:13 - 2015-12-01 20:13 - 00004002 _____ C:\WINDOWS\System32\Tasks\YTDownloaderUpd
2015-12-01 20:13 - 2015-12-01 20:13 - 00003674 _____ C:\WINDOWS\System32\Tasks\YTDownloader
2015-12-01 20:13 - 2015-12-01 20:13 - 00003666 _____ C:\WINDOWS\System32\Tasks\ShopperProJSUpd
2015-12-01 20:13 - 2015-12-01 20:13 - 00003578 _____ C:\WINDOWS\System32\Tasks\SPDriver
2015-12-01 20:13 - 2015-12-01 20:13 - 00003288 _____ C:\WINDOWS\System32\Tasks\runTask
2015-12-01 20:13 - 2015-12-01 20:13 - 00003198 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-12-01 20:13 - 2015-12-01 20:13 - 00000296 _____ C:\task.vbs
2015-12-01 20:13 - 2015-12-01 20:13 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-12-01 20:13 - 2015-12-01 20:13 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-12-01 20:12 - 2015-12-01 22:31 - 00000000 ____D C:\Users\Jean\AppData\Local\bvxvhxvh
2015-12-01 20:12 - 2015-12-01 22:31 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2015-12-01 20:12 - 2015-12-01 22:31 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-12-01 20:12 - 2015-12-01 20:12 - 00004792 _____ C:\WINDOWS\SysWOW64\Xivdukzijp.ini
2015-12-01 20:12 - 2015-12-01 20:12 - 00003488 _____ C:\WINDOWS\System32\Tasks\bvxvhxvh
2015-12-01 20:12 - 2015-12-01 20:12 - 00002512 _____ C:\WINDOWS\SysWOW64\XivdukzijpOff.ini
2015-12-01 20:12 - 2015-12-01 20:12 - 00002512 _____ C:\WINDOWS\system32\XivdukzijpOff.ini
2015-12-01 20:12 - 2015-12-01 20:12 - 00001208 _____ C:\Users\Jean\Desktop\Simple Media Player.lnk
2015-12-01 20:12 - 2015-12-01 20:12 - 00000000 ____D C:\Users\Jean\AppData\Roaming\TieydxOtai
2015-12-01 20:12 - 2015-12-01 20:12 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-01 20:12 - 2015-12-01 20:12 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyWiki
2015-12-01 20:12 - 2015-12-01 20:12 - 00000000 ____D C:\Users\Jean\AppData\Roaming\DailyWiki
2015-12-01 20:12 - 2015-12-01 20:12 - 00000000 ____D C:\Program Files (x86)\Simple Media Player
2015-12-01 20:11 - 2015-12-01 22:31 - 00000000 ____D C:\Program Files\shopperz011220150919
2015-12-01 20:11 - 2015-12-01 22:31 - 00000000 ____D C:\Program Files (x86)\spaceeplus_v144.10166
2015-12-01 20:11 - 2015-12-01 20:12 - 00000000 ____D C:\Users\Jean\AppData\Local\SearchProtect
2015-12-01 20:11 - 2015-12-01 20:12 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-12-01 20:11 - 2015-12-01 20:11 - 00003456 _____ C:\WINDOWS\System32\Tasks\Inst_Rep
2015-12-01 20:11 - 2015-12-01 20:11 - 00003390 _____ C:\WINDOWS\System32\Tasks\Poakg
2015-12-01 20:11 - 2015-12-01 20:11 - 00000829 _____ C:\Users\Jean\Desktop\Sound+.lnk
2015-12-01 20:11 - 2015-12-01 20:11 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0
2015-12-01 20:11 - 2015-12-01 20:11 - 00000000 ____D C:\Users\Jean\AppData\LocalLow\SmartWeb
2015-12-01 20:10 - 2015-12-01 22:30 - 00000000 ____D C:\ProgramData\FlashBeat
2015-12-01 20:10 - 2015-12-01 21:56 - 00000000 ____D C:\Users\Jean\AppData\Local\SmartWeb
2015-12-01 20:10 - 2015-12-01 20:15 - 00000350 ____H C:\WINDOWS\Tasks\VTIPJSEWTGQPLLHR.job
2015-12-01 20:10 - 2015-12-01 20:11 - 00000338 _____ C:\WINDOWS\Tasks\ALDEO1.job
2015-12-01 20:10 - 2015-12-01 20:10 - 00003424 _____ C:\WINDOWS\System32\Tasks\VTIPJSEWTGQPLLHR
2015-12-01 20:10 - 2015-12-01 20:10 - 00002900 _____ C:\WINDOWS\System32\Tasks\ALDEO1
2015-12-01 20:10 - 2015-12-01 20:10 - 00000000 ____D C:\ProgramData\Service1291
2015-12-01 20:10 - 2015-12-01 20:10 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-01 20:09 - 2015-12-01 20:09 - 00003220 _____ C:\WINDOWS\System32\Tasks\Plugin Mart
2015-12-01 20:09 - 2015-12-01 20:09 - 00003218 _____ C:\WINDOWS\System32\Tasks\Plugin Mart2
2015-12-01 20:09 - 2015-12-01 20:09 - 00000000 ____D C:\Users\Jean\AppData\Local\Plugin Mart
2015-12-01 20:03 - 2015-12-01 20:03 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-01 20:03 - 2015-12-01 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-01 20:01 - 2015-12-01 21:56 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
2015-12-01 20:01 - 2015-12-01 21:42 - 00000000 ____D C:\Users\Jean\AppData\Local\58896D30-1449000092-11E1-B318-30F9EDB00B92
2015-12-01 20:01 - 2015-12-01 20:31 - 00000000 ____D C:\Users\Jean\AppData\Local\SearchModule
2015-12-01 20:01 - 2015-12-01 20:06 - 00000280 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2015-12-01 20:01 - 2015-12-01 20:05 - 00004760 _____ C:\WINDOWS\SysWOW64\Cumuli.ini
2015-12-01 20:01 - 2015-12-01 20:05 - 00002472 _____ C:\WINDOWS\SysWOW64\CumuliOff.ini
2015-12-01 20:01 - 2015-12-01 20:05 - 00002472 _____ C:\WINDOWS\system32\CumuliOff.ini
2015-12-01 20:01 - 2015-12-01 20:01 - 00004316 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update
2015-12-01 20:01 - 2015-12-01 20:01 - 00004290 _____ C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core
2015-12-01 20:01 - 2015-12-01 20:01 - 00003484 _____ C:\WINDOWS\System32\Tasks\IBUpd
2015-12-01 20:01 - 2015-12-01 20:01 - 00002902 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2015-12-01 20:01 - 2015-12-01 20:01 - 00002608 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2015-12-01 20:01 - 2015-12-01 20:01 - 00002012 _____ C:\Users\Jean\Desktop\Hotmail.lnk
2015-12-01 20:01 - 2015-12-01 20:01 - 00000904 _____ C:\Users\Jean\Desktop\3D BubbleSound.lnk
2015-12-01 20:01 - 2015-12-01 20:01 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
2015-12-01 20:01 - 2015-12-01 20:01 - 00000000 ____D C:\Users\Jean\AppData\Local\BrowserAir
2015-12-01 20:01 - 2015-12-01 20:01 - 00000000 ____D C:\Program Files\BubbleSound
2015-12-01 20:00 - 2015-12-01 22:31 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2015-12-01 20:00 - 2015-12-01 20:12 - 00000000 ____D C:\Users\Jean\AppData\Local\Tempfolder
2015-12-01 20:00 - 2015-12-01 20:06 - 00000000 ____D C:\Users\Jean\AppData\Roaming\System Healer
2015-12-01 20:00 - 2015-12-01 20:05 - 00000280 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2015-12-01 20:00 - 2015-12-01 20:01 - 00000000 ____D C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92
2015-12-01 20:00 - 2015-12-01 20:00 - 00185856 _____ C:\WINDOWS\rsrcs.dll
2015-12-01 20:00 - 2015-12-01 20:00 - 00003398 _____ C:\WINDOWS\System32\Tasks\Dhtanu
2015-12-01 20:00 - 2015-12-01 20:00 - 00003384 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2015-12-01 20:00 - 2015-12-01 20:00 - 00003314 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2015-12-01 20:00 - 2015-12-01 20:00 - 00001888 _____ C:\Users\Jean\Desktop\Note-Up.lnk
2015-12-01 20:00 - 2015-12-01 20:00 - 00001124 _____ C:\Users\Public\Desktop\Launch System Healer.lnk
2015-12-01 20:00 - 2015-12-01 20:00 - 00000000 ____D C:\Users\Jean\AppData\LocalLow\Company
2015-12-01 20:00 - 2015-12-01 20:00 - 00000000 ____D C:\Users\Jean\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-01 20:00 - 2015-12-01 20:00 - 00000000 ____D C:\uninst
2015-12-01 20:00 - 2015-12-01 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2015-12-01 19:55 - 2015-12-01 19:56 - 00000000 ____D C:\Program Files (x86)\Client Media Profile
2015-12-01 19:54 - 2015-12-01 22:31 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010163
2015-12-01 19:54 - 2015-12-01 20:40 - 00000000 ____D C:\Users\Jean\AppData\Local\ospd_us_014010163
2015-12-01 19:53 - 2015-12-01 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-01 19:53 - 2015-12-01 19:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-01 19:52 - 2015-12-01 20:36 - 00000338 _____ C:\WINDOWS\Tasks\RCMCAIDBF1.job
2015-12-01 19:52 - 2015-12-01 20:18 - 00000000 ____D C:\Program Files (x86)\KMSpico
2015-12-01 19:52 - 2015-12-01 20:06 - 00000350 ____H C:\WINDOWS\Tasks\UHBIBVRQUQKHNNUM.job
2015-12-01 19:52 - 2015-12-01 19:52 - 00003424 _____ C:\WINDOWS\System32\Tasks\UHBIBVRQUQKHNNUM
2015-12-01 19:52 - 2015-12-01 19:52 - 00002908 _____ C:\WINDOWS\System32\Tasks\RCMCAIDBF1
2015-12-01 19:52 - 2015-12-01 19:52 - 00000000 ____D C:\ProgramData\Service0561
2015-12-01 19:51 - 2015-12-01 19:52 - 00000000 ____D C:\ProgramData\KeyStream
2015-12-01 19:51 - 2015-12-01 19:51 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
2015-12-01 19:50 - 2015-12-01 20:20 - 00000000 ____D C:\Users\Jean\AppData\Roaming\ssn
2015-12-01 19:48 - 2015-12-01 19:48 - 00000978 _____ C:\Users\Jean\Desktop\S5mark.lnk
2015-12-01 19:48 - 2015-12-01 19:48 - 00000000 ____D C:\Users\Jean\AppData\Roaming\c
2015-12-01 19:48 - 2015-12-01 19:48 - 00000000 ____D C:\ProgramData\1449017318
2015-12-01 19:48 - 2015-12-01 19:48 - 00000000 ____D C:\Program Files (x86)\S5
2015-12-01 19:48 - 2015-12-01 19:48 - 00000000 ____D C:\Program Files (x86)\regtool
2015-12-01 19:48 - 2015-12-01 19:48 - 00000000 ____D C:\Program Files (x86)\dataup
2015-12-01 19:31 - 2015-12-01 19:31 - 00000110 ____H C:\Users\Jean\Downloads\.~lock.Task_3_Paired_Passage_Theme_MODEL.docx#
2015-11-28 11:28 - 2015-11-28 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-11-26 23:56 - 2015-11-26 23:59 - 00000000 ____D C:\Users\Jean\AppData\Local\Quickscope_Simulator
2015-11-26 21:35 - 2015-11-26 21:35 - 00007606 _____ C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
2015-11-26 12:33 - 2015-11-26 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2015-11-26 12:20 - 2015-11-26 12:20 - 00000000 ____D C:\Program Files\Strogino CS Portal
2015-11-23 19:56 - 2015-11-23 19:56 - 00000000 ____D C:\Users\Jean\Documents\BlackOps2 GSC Modifier
2015-11-23 19:56 - 2015-11-23 19:56 - 00000000 ____D C:\Users\Jean\AppData\Local\BlackOps2 GSC Modifier
2015-11-23 19:56 - 2015-11-23 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jwm614  Productions
2015-11-23 19:56 - 2015-11-23 19:56 - 00000000 ____D C:\Program Files (x86)\Jwm614  Productions
2015-11-23 19:55 - 2015-11-23 19:56 - 00000000 ____D C:\Users\Jean\AppData\Local\Downloaded Installations
2015-11-23 19:39 - 2015-11-23 19:39 - 00000000 ____D C:\Users\Jean\Documents\Black Ops 2 - GSC Studio
2015-11-23 19:39 - 2015-11-23 19:39 - 00000000 ____D C:\Users\Jean\AppData\Local\iMCS_Productions
2015-11-23 19:39 - 2015-11-23 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Ops 2 - GSC Studio
2015-11-23 19:39 - 2015-11-23 19:39 - 00000000 ____D C:\Program Files (x86)\iMCS Productions
2015-11-23 14:45 - 2015-11-23 14:45 - 00003218 _____ C:\WINDOWS\System32\Tasks\{F5601A1F-621B-4B5E-BAF2-0B6DB8601C72}
2015-11-22 18:29 - 2015-11-22 18:29 - 00000000 ____D C:\$WINDOWS.~BT
2015-11-22 17:49 - 2015-11-28 12:27 - 00000000 ____D C:\Program Files\KMSpico
2015-11-22 17:49 - 2015-11-22 17:49 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-11-22 17:33 - 2015-12-01 20:11 - 00000008 _____ C:\END
2015-11-22 17:33 - 2015-12-01 20:11 - 00000000 ____D C:\Program Files\Sound+
2015-11-22 17:33 - 2015-12-01 20:11 - 00000000 ____D C:\Program Files (x86)\spaceeplus
2015-11-22 17:33 - 2015-11-22 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2015-11-22 17:33 - 2015-11-22 17:34 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2015-11-22 17:33 - 2015-11-22 17:33 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Itibiti
2015-11-22 17:33 - 2015-11-22 17:33 - 00000000 ____D C:\Program Files (x86)\spaceeplus_v151.9455
2015-11-22 17:32 - 2015-11-22 17:32 - 00000000 ____D C:\Program Files (x86)\JZIP
2015-11-22 17:31 - 2015-12-01 20:01 - 00000000 ____D C:\Program Files (x86)\Note-up
2015-11-22 17:31 - 2015-12-01 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
2015-11-22 17:31 - 2015-11-24 16:13 - 00000000 ____D C:\Users\Jean\AppData\Local\58896D30-1448213512-11E1-B318-30F9EDB00B92
2015-11-22 17:31 - 2015-11-22 17:34 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010154
2015-11-22 17:31 - 2015-11-22 17:31 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Note-UP
2015-11-22 17:31 - 2015-11-22 17:31 - 00000000 ____D C:\Users\Jean\AppData\Local\ospd_us_014010154
2015-11-22 17:31 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-11-22 17:30 - 2015-12-01 20:00 - 00000000 ____D C:\Users\Jean\AppData\Roaming\NUIns
2015-11-22 17:30 - 2015-11-22 17:34 - 00000000 ____D C:\Program Files (x86)\58896D30-1448231455-11E1-B318-30F9EDB00B92
2015-11-22 17:30 - 2015-11-22 17:31 - 00000000 ____D C:\Users\Jean\AppData\Local\DeskBar
2015-11-22 17:28 - 2015-11-22 17:28 - 00002560 _____ C:\Users\Jean\AppData\Local\uninstall.exe
2015-11-22 17:27 - 2015-12-01 20:59 - 00000000 ____D C:\Program Files\AmazingTab
2015-11-22 17:27 - 2015-11-22 17:27 - 00000187 _____ C:\Users\Jean\AppData\Local\dontouch.exe.config
2015-11-22 17:19 - 2015-11-22 17:19 - 00000000 ___HD C:\$Windows.~WS
2015-11-22 17:18 - 2015-12-01 20:36 - 00000324 _____ C:\WINDOWS\Tasks\ZQKUWKHQGD.job
2015-11-22 17:18 - 2015-11-22 17:18 - 00002652 _____ C:\WINDOWS\System32\Tasks\ZQKUWKHQGD
2015-11-22 17:16 - 2015-12-01 19:48 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
2015-11-21 10:40 - 2015-11-21 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
2015-11-21 10:39 - 2015-11-21 10:40 - 00043187 _____ C:\WINDOWS\unins000.dat
2015-11-21 10:39 - 2015-11-21 10:39 - 01193175 _____ C:\WINDOWS\unins000.exe
2015-11-21 10:39 - 2015-11-21 10:39 - 00000000 ____D C:\Program Files (x86)\Corsair
2015-11-21 10:39 - 2012-09-05 13:31 - 00025600 _____ ( ) C:\WINDOWS\system32\Drivers\SnakeEyes.sys
2015-11-18 16:39 - 2015-12-01 16:14 - 00576091 _____ C:\WINDOWS\Packet.KTL
2015-11-18 16:39 - 2015-12-01 16:14 - 00288105 _____ C:\WINDOWS\SentOSPackets.KTL
2015-11-18 16:39 - 2015-12-01 16:14 - 00288088 _____ C:\WINDOWS\Control.KTL
2015-11-18 16:39 - 2015-12-01 16:14 - 00000577 _____ C:\WINDOWS\NGIControl.KTL
2015-11-14 20:55 - 2015-11-14 20:58 - 00001136 _____ C:\Users\Jean\Desktop\nativelog.txt
2015-11-14 18:44 - 2015-11-14 18:44 - 00000000 ____D C:\Program Files\TAP-Windows
2015-11-14 18:43 - 2015-11-14 18:43 - 00000020 _____ C:\Users\Jean\Desktop\vpn nuk.txt
2015-11-13 14:52 - 2015-11-13 14:52 - 00625848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2015-11-13 14:52 - 2015-11-13 14:52 - 00381128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2015-11-13 14:52 - 2015-11-13 14:52 - 00323792 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2015-11-13 14:52 - 2015-11-13 14:52 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2015-11-13 12:59 - 2015-11-13 12:59 - 00430264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2015-11-13 12:59 - 2015-11-13 12:59 - 00257736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2015-11-13 12:59 - 2015-11-13 12:59 - 00234192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2015-11-13 12:59 - 2015-11-13 12:59 - 00075960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2015-11-10 15:07 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 15:07 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 15:07 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 15:07 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 15:07 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 15:07 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 15:07 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 15:07 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 15:07 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 15:07 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 15:07 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 15:07 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 15:07 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 15:07 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 15:07 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 15:07 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 15:07 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 15:07 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 15:07 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 15:07 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 15:07 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 15:07 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 15:07 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 15:07 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 15:07 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 15:07 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 15:07 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 15:07 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 15:07 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 15:07 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 15:07 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 15:07 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 15:07 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 15:07 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 15:07 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 15:07 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 15:07 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 15:07 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 15:07 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 15:07 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 15:07 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 15:07 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 15:07 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-10 15:06 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 15:06 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 15:06 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 15:06 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 15:06 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 15:06 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 15:06 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 15:06 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 15:06 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 15:06 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-06 15:50 - 2015-11-06 15:50 - 00184240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgdiska.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-11-06 15:49 - 2015-11-06 15:49 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2015-11-04 14:18 - 2015-11-04 14:18 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-11-04 14:18 - 2015-11-04 14:18 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-02 15:35 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-02 15:00 - 2015-03-05 11:14 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-02 14:49 - 2015-05-20 08:48 - 00000000 ____D C:\ProgramData\MFAData
2015-12-01 21:37 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-01 21:36 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-01 21:36 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-01 20:38 - 2014-09-20 20:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-01 20:34 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-01 20:28 - 2015-10-28 13:46 - 00000000 ____D C:\Users\Jean\AppData\Local\Avg
2015-12-01 20:22 - 2015-01-30 14:58 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-01 20:15 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-01 20:14 - 2015-10-28 13:47 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-01 20:10 - 2015-10-28 13:46 - 00000000 ____D C:\Users\Jean\AppData\Local\AvgSetupLog
2015-12-01 20:10 - 2015-09-22 15:11 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DEF5822A-18F2-46B9-BBD1-9B0411AB729B}
2015-12-01 20:07 - 2015-01-30 14:58 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 20:06 - 2015-09-08 18:54 - 00000000 ____D C:\Users\Jean
2015-12-01 20:05 - 2015-07-10 07:20 - 00372568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-01 20:00 - 2015-01-30 14:58 - 00002444 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-01 19:57 - 2015-07-10 06:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-01 19:53 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-01 15:25 - 2014-09-27 23:20 - 00000934 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-678270828-616068372-2974516214-1000UA.job
2015-11-29 14:15 - 2015-09-27 11:33 - 00000000 ____D C:\Users\Jean\Desktop\diskex
2015-11-28 12:40 - 2015-05-17 11:40 - 00000432 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2015-11-28 11:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-26 21:25 - 2014-09-27 23:20 - 00000912 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-678270828-616068372-2974516214-1000Core.job
2015-11-26 17:27 - 2014-11-26 16:29 - 00000000 ____D C:\Users\Jean\AppData\Roaming\BitTorrent
2015-11-26 11:50 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-25 19:06 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-22 18:29 - 2015-09-08 22:45 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-22 17:20 - 2015-09-08 19:13 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-18 17:03 - 2015-01-17 11:30 - 00000000 ____D C:\Users\Jean\AppData\Local\osu!
2015-11-18 07:20 - 2015-10-28 13:49 - 00000916 _____ C:\Users\Public\Desktop\AVG.lnk
2015-11-18 07:20 - 2015-10-28 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-11-17 14:58 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-16 14:45 - 2015-05-23 22:18 - 00000000 ____D C:\Users\Jean\AppData\Roaming\iFunbox_UserCache
2015-11-16 14:45 - 2015-05-23 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2015-11-16 14:45 - 2015-05-23 22:18 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2015-11-15 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 19:53 - 2012-10-14 17:00 - 00000000 ____D C:\Users\Jean\Documents\WebCam Media
2015-11-14 18:48 - 2014-09-26 15:12 - 00000000 ____D C:\Users\Jean\AppData\Local\VirtualStore
2015-11-10 18:16 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 18:14 - 2014-09-30 18:49 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 18:08 - 2014-09-30 18:49 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-08 14:48 - 2015-09-08 20:07 - 00000000 ___RD C:\Users\Jean\OneDrive
2015-11-03 13:20 - 2015-10-08 17:33 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-10-08 17:33 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 15:34 - 2015-03-02 11:15 - 00000000 ____D C:\Users\Jean\AppData\Roaming\.minecraft
2015-11-02 15:29 - 2015-03-02 11:15 - 00000000 ____D C:\Program Files (x86)\Minecraft
 
==================== Files in the root of some directories =======
 
2015-11-22 17:27 - 2015-11-22 17:27 - 0000187 _____ () C:\Users\Jean\AppData\Local\dontouch.exe.config
2015-11-26 21:35 - 2015-11-26 21:35 - 0007606 _____ () C:\Users\Jean\AppData\Local\Resmon.ResmonCfg
2015-11-22 17:28 - 2015-11-22 17:28 - 0002560 _____ () C:\Users\Jean\AppData\Local\uninstall.exe
2015-01-21 20:38 - 2015-01-21 20:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-08 18:49 - 2015-09-08 18:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Jean\AppData\Local\Temp\amisetup1599__15940.exe
C:\Users\Jean\AppData\Local\Temp\amzngtab.exe
C:\Users\Jean\AppData\Local\Temp\avguirn_08634187273.exe
C:\Users\Jean\AppData\Local\Temp\BrowserAirInst.exe.exe
C:\Users\Jean\AppData\Local\Temp\installer_x64.exe
C:\Users\Jean\AppData\Local\Temp\installer_x86.exe
C:\Users\Jean\AppData\Local\Temp\s5mark_setup_1110_ys.exe
C:\Users\Jean\AppData\Local\Temp\setbr.exe.exe
C:\Users\Jean\AppData\Local\Temp\SpOrder.dll
C:\Users\Jean\AppData\Local\Temp\Uninstall.exe
C:\Users\Jean\AppData\Local\Temp\weedgex.db.exe
C:\Users\Jean\AppData\Local\Temp\{9F81EE5B-22DF-4142-9A0F-04BADDD96A34}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 06:00] - [2015-07-10 06:00] - 0680256 ____A (Microsoft Corporation) C1B48042A0C408E88EBD3702D1E60067
 
C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 06:00] - [2015-07-10 06:00] - 0534064 ____A (Microsoft Corporation) 815B2D26959DF0163637AF361F610DA7
 
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-21 21:31
 
==================== End of FRST.txt ============================
 
And here's the Additional log.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Loly (2015-12-02 15:38:00)
Running from C:\Users\Jean\Desktop
Windows 10 Home (X64) (2015-09-09 00:20:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-678270828-616068372-2974516214-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-678270828-616068372-2974516214-503 - Limited - Disabled)
Guest (S-1-5-21-678270828-616068372-2974516214-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-678270828-616068372-2974516214-1002 - Limited - Enabled)
Loly (S-1-5-21-678270828-616068372-2974516214-1000 - Administrator - Enabled) => C:\Users\Jean
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Altap Salamander 3.05 (x64) (HKLM\...\Altap Salamander 3.05 (x64)) (Version: 3.05 - ALTAP)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)
AVG (Version: 16.12.7294 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.12.7294 - AVG Technologies)
AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Black Ops 2 - GSC Studio (HKLM-x32\...\{909C0DF9-6BBE-42BD-8FB2-0ADEBA3459B6}_is1) (Version: 15.10.19.0 - iMCS Productions)
BlackOps2 GSC Modifier (HKLM-x32\...\{2A0DFB1C-16AD-4BA0-B45E-82D13EA9E72B}) (Version: 1.6.0.0 - Jwm614  Productions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ATTENTION
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Client Media Profile (HKLM-x32\...\client media manager) (Version: 11.1.31.92 - Media Group)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{961D5D7E-3DEC-4E3B-9065-EA8074923B18}) (Version: 3.31.7643.1 - Sony Computer Entertainment Inc.)
Corsair M65 Gaming Mouse Driver V1.0 (HKLM-x32\...\{62CC0366-207F-4BC3-97B1-4D4615B5BF0B}_is1) (Version: 1.00.00.11 - )
Counter-Strike Global Offensive version 1.35.1.1 (HKLM\...\{BD051FE3-1575-4CD6-81ED-E905FA94720B}_is1) (Version: 1.35.1.1 - Strogino CS Portal)
DailyWiki - DailyWiki for Desktop (HKLM-x32\...\DailyWiki) (Version: 5.4.0cm - DailyWiki)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KeyStream (HKLM-x32\...\KeyStream) (Version:  - )
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microphone Save (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Microphone Save) <==== ATTENTION
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1041 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Note-up (HKLM-x32\...\Note-up) (Version:  - Note-up)
Note-UP (HKLM-x32\...\NUIns) (Version:  - QUAHOG LIMITED)
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1041 - Microsoft Corporation) Hidden
OneSoftPerDay 025.014010163 (HKLM-x32\...\ospd_us_014010163_is1) (Version:  - ONESOFTPERDAY) <==== ATTENTION
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
osu! (HKLM-x32\...\{f6b36ba7-bda3-4f3a-ae29-9a12ca6351a6}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
Plugin Mart (HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\{5F37D5AF-1CD3-2412-E5CA-DE8C24597618}) (Version: 1.2.4 - Pool Image corp)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
s5mark (HKLM-x32\...\s5mark) (Version: 2.0.2 - s5mark)
save serp now (HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\ssn) (Version: 1.11 - save serp now Corp)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.90.9 - Client Connect LTD) <==== ATTENTION
SearchModule (HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\{D2E9FE6A-7003-42A0-96F6-5569DFC2A3A8}_is1) (Version: 2.7.6.1776 - Goobzo LTD)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - ) <==== ATTENTION
shopperz (HKLM-x32\...\{9A718390-2F02-40B6-8614-3F1FCE7F7799}) (Version: 2.0.0.480 - shopperz) <==== ATTENTION
Simple Media Player 1.0 (HKLM-x32\...\Simple Media Player) (Version: 1.0 - Simple Media Player)
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version:  - Rebellion)
Sound+ (HKLM-x32\...\zz.10166.sp) (Version: 1.0.0 - CSDI) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SwiftSearch 1.10.0.25 (HKLM-x32\...\SwiftSearch_1.10.0.25) (Version: 1.10.0.25 - SwiftSearch) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.1.0.0 - SystemHealer)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{23FEE7A5-50D7-4285-9BAC-F4F9A2872FEE}) (Version: 6.1.5.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Unity Web Player (HKU\S-1-5-21-678270828-616068372-2974516214-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11w3 - Wacom Technology Corp.)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-678270828-616068372-2974516214-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jean\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-678270828-616068372-2974516214-1000_Classes\CLSID\{C78B614B-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)
 
==================== Restore Points =========================
 
26-11-2015 12:33:46 Installed DirectX
28-11-2015 12:25:25 Removed AVG
01-12-2015 20:00:28 Installed AVG 2016
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {065342A2-2DBE-49F4-A4A2-064765630E5A} - System32\Tasks\Plugin Mart => Rundll32.exe "C:\Users\Jean\AppData\Local\Plugin Mart\{8B8D4809-28E4-C5DD-FF24-FFA594FBD372}\PluginMart.dll",#1
Task: {099B9ED9-FC51-4A98-974C-51CAC2D0D778} - System32\Tasks\RCMCAIDBF1 => C:\ProgramData\KeyStream\KeyStream.exe [2015-11-29] (KeyStream) <==== ATTENTION
Task: {0C438388-50DE-4518-94A0-A96A2D92CAF4} - System32\Tasks\Poakg => C:\Program Files\shopperz011220150919\Ehynp.bat [2015-12-01] () <==== ATTENTION
Task: {0DAFFB2C-9D93-4EA6-9323-38188F6BC516} - System32\Tasks\Inst_Rep => C:\Users\Jean\AppData\Local\Installer\Install_18756\YTDownloader.exe <==== ATTENTION
Task: {0E937084-088F-4EFE-86DA-1E067A4CB91C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1A6E27CA-E0FA-4850-A9A6-DE23FADD01E7} - System32\Tasks\Oduko => C:\PROGRA~1\GROOVE~1\Cyhdo.bat
Task: {1C7BA851-0ADB-4FAC-BBE6-314FDA4622CD} - System32\Tasks\bvxvhxvh => C:\Users\Jean\AppData\Local\bvxvhxvh\bvxvhxvh.exe [2015-11-15] () <==== ATTENTION
Task: {1D601B39-6DED-4EC5-B41C-D5DD089FC60C} - System32\Tasks\VTIPJSEWTGQPLLHR => C:\ProgramData\Service1291\Service1291.exe [2015-12-01] () <==== ATTENTION
Task: {1E7FE0FC-2CC1-469E-AE80-C1DD309C43FA} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe
Task: {2FC5E08E-C7EB-4E3E-A76F-E70BFDA7917F} - System32\Tasks\runTask => C:\Users\Jean\AppData\Local\Temp/Updater.exe
Task: {3245179A-44F9-4B6D-A0C8-3D3916659353} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {337F8BBC-D724-4FF9-BC21-13F2F2C96769} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {37BD9AB2-C6CA-4545-A196-5C37516554D9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3A3A359A-BA46-4E0F-B2CE-FC65D4D1927C} - System32\Tasks\{E79D5EA8-4668-4D49-AABE-C61EF71BC7EC} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {3C283A55-D513-4E8E-9BE4-1D3E6BB42403} - System32\Tasks\Plugin Mart2 => Rundll32.exe "C:\Users\Jean\AppData\Local\Plugin Mart\{8B8D4809-28E4-C5DD-FF24-FFA594FBD372}\byilcvbn.dll",#1
Task: {4011F616-E73F-4DB6-9D22-DAF129957068} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe
Task: {41B7A548-DDF3-4C6C-AEDD-BBAA482A06EC} - System32\Tasks\UHBIBVRQUQKHNNUM => C:\ProgramData\Service0561\Service0561.exe [2015-12-01] () <==== ATTENTION
Task: {5D99DDAF-1C42-4C90-BD33-8C4B45E6B92D} - System32\Tasks\{F5601A1F-621B-4B5E-BAF2-0B6DB8601C72} => pcalua.exe -a C:\Users\Jean\AppData\Local\uninstall.exe
Task: {60A9778F-6226-4636-B2AB-D61C989AC985} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {660D67B3-DD2E-4EBB-BBB8-9EE47984DD48} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {6866B1FD-EC3E-48A4-A217-492BDAF3A48E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {75FAE161-8886-4D5F-93E7-8EFB01EA3ACB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {878071C0-8E87-4ED7-9C42-F2E92CBCDC3D} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe <==== ATTENTION
Task: {8CFC006C-651E-4BAB-B409-DE3F63FACB73} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {91E54F94-AB46-4645-A1D0-CD92CDF6F933} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)
Task: {94AD232B-0FD6-461B-A423-C1B754D1176F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-678270828-616068372-2974516214-1000Core => C:\Users\Jean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-27] (Facebook Inc.)
Task: {98342688-FAF6-41C5-9132-D5C5B206E0C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9CBE7984-DE02-4DF6-927A-C95488EC5AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {9F195FC7-2F49-4A89-B735-4C042A598E2E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A41B9056-941C-44B6-8E5C-F2C41E29D83B} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {A6D2405E-BCFF-4BDE-8F06-EB8E706DDD92} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{e2613d64-41f5-e755-e261-13d6441ff591}\spongebob_squarepants_creature_from_the_krusty_krab_usa.exe <==== ATTENTION
Task: {A7E9D5DB-B520-495C-AB1C-EE8E5E3FF1FD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A9DCFDD3-6F3F-4C6D-914E-49D458F01768} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
Task: {AAB7451E-DA9D-43B1-B2C2-B5B51299C6BB} - System32\Tasks\SPBIW_UpdateTask_Time_393538313030312d344a414155342a2a236c6c5a => C:\WINDOWS\system32\wscript.exe [2015-07-10] (Microsoft Corporation)
Task: {AE0E5CAB-1225-499E-B3C7-B1EE042FDDB4} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {B3BF1109-A270-4508-A897-A8EDCF03A369} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {B4B7E22A-F2A7-4FF9-8DFC-6D4B6739BC67} - System32\Tasks\ALDEO1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-11-29] () <==== ATTENTION
Task: {B502372E-880B-415C-9100-353AB4B869FE} - System32\Tasks\IBUpd => C:\Users\Jean\AppData\Local\BrowserAir\Application\updater.exe
Task: {BEC42E0D-6933-4243-9262-53555E19C839} - System32\Tasks\ZQKUWKHQGD => Rundll32.exe "C:\WINDOWS\SysWOW64\catsrvpsm.dll",RMRCPPIOKK
Task: {C0D8221D-31CD-4710-A26C-DE823F872FA6} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe
Task: {C32BB639-5D65-469D-81D3-37ADAE64ED6F} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe
Task: {C4B8C02B-7284-428D-8D00-542F8626B704} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C4F35701-FB17-44F7-A440-0F30D70CA8F9} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {CDC0E6BA-08FC-484D-B08A-62A69C753872} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {DBE4B7D9-3F30-4A0D-AD12-7FF461A6F823} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-678270828-616068372-2974516214-1000UA => C:\Users\Jean\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-27] (Facebook Inc.)
Task: {E498FF14-151E-442B-AA79-0B4260B6C537} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E6985787-A921-46F8-A3CC-03B2AD6E3E2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EC3683A9-38AE-4917-A4BC-30862A5CC573} - System32\Tasks\updateTask => c:\task.vbs [2015-12-01] ()
Task: {EF819280-C994-49DB-912E-9732BA809B3D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FA608161-E561-4BC7-8625-B0CAF3E9A91E} - System32\Tasks\Dhtanu => C:\PROGRA~1\SHOPPE~1\Covabaio.bat
Task: {FBCB5BDC-4DBB-4E04-BC5F-12A658113911} - System32\Tasks\UNELEVATE_24645 => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ALDEO1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{e2613d64-41f5-e755-e261-13d6441ff591}\spongebob_squarepants_creature_from_the_krusty_krab_usa.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-678270828-616068372-2974516214-1000Core.job => C:\Users\Jean\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-678270828-616068372-2974516214-1000UA.job => C:\Users\Jean\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RCMCAIDBF1.job => C:\ProgramData\KeyStream\KeyStream.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\UHBIBVRQUQKHNNUM.job => C:\ProgramData\Service0561\Service0561.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VTIPJSEWTGQPLLHR.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ZQKUWKHQGD.job => C:\WINDOWS\system32\rundll32.exe0 C:\WINDOWS\SysWOW64\catsrvpsm.dll
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056, <==== ATTENTION
ShortcutWithArgument: C:\Users\Jean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056, <==== ATTENTION
ShortcutWithArgument: C:\Users\Jean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056," <==== ATTENTION
ShortcutWithArgument: C:\Users\Jean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Saerch.lnk -> C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056, <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056, <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FC2ztutbl11,8b670fdf-3017-4c6c-a90d-746ba7d74056, <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-08 22:30 - 2015-09-08 22:30 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-11-22 03:08 - 2015-11-22 03:08 - 00665088 _____ () C:\Program Files\AmazingTab\amztab.exe
2015-12-01 18:12 - 2015-12-01 18:12 - 00463872 _____ () C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\knsj3D24.tmpfs
2015-12-01 19:53 - 2015-11-13 10:46 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-08-06 12:18 - 2015-08-06 12:18 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2015-09-08 22:30 - 2015-09-08 22:30 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-01 19:25 - 2015-12-01 19:25 - 00134496 _____ () C:\Users\Jean\AppData\Roaming\TieydxOtai\Shooth.exe
2015-12-01 20:01 - 2015-12-01 20:01 - 00570368 _____ () C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\hnsk734F.tmp
2015-12-01 20:01 - 2015-12-01 20:01 - 00397312 _____ () C:\Program Files (x86)\58896D30-1449018009-11E1-B318-30F9EDB00B92\jnsf59CA.tmp
2015-10-01 13:19 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 13:19 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-01-17 11:30 - 2014-12-22 15:42 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-10-01 13:18 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 13:19 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 13:18 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 13:18 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 13:19 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-13 13:38 - 2015-10-13 13:38 - 48673472 _____ () C:\Users\Jean\AppData\Roaming\DailyWiki\DailyWiki.exe
2015-07-10 06:00 - 2015-07-10 06:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-28 13:47 - 2015-10-28 13:46 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-11-21 10:39 - 2012-05-14 12:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M65 Mouse\hidGetKey.dll
2015-03-05 11:17 - 2015-10-05 11:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-05 11:17 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-05 11:17 - 2015-11-09 21:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-05 11:17 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-05 11:17 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-05 11:17 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-05 11:17 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-05 11:17 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-05 11:17 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-05 11:17 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-05 11:17 - 2015-11-09 21:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-03-05 11:17 - 2015-10-08 17:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-19 03:25 - 2015-08-19 03:25 - 50411008 _____ () C:\Program Files (x86)\Client Media Profile\libcef.dll
2015-01-14 05:55 - 2015-01-14 05:55 - 00386560 _____ () C:\Program Files (x86)\Client Media Profile\log4cplusU.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52982989.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52982989.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Xivdukzijp => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-678270828-616068372-2974516214-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img8.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E285382D-6DAB-4D4D-B99E-F100C8010183}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E9D15CF3-4F3E-4179-AD44-FD9AFCB17571}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E31FD25-4208-42D1-851E-E53D82DD5357}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6F8546B-D30A-4C67-B93B-D1F6A5BDB36B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD176144-5963-4622-94CF-45083A935052}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{123460CD-C88E-468B-9C73-9D2241C820E6}C:\users\jean\desktop\mw3\iw5mp.exe] => (Allow) C:\users\jean\desktop\mw3\iw5mp.exe
FirewallRules: [TCP Query User{7AF1D45C-CFF5-4988-BD8A-584BD5D4D6E5}C:\users\jean\desktop\mw3\iw5mp.exe] => (Allow) C:\users\jean\desktop\mw3\iw5mp.exe
FirewallRules: [{ECCD60F8-0532-4471-9271-A89B9CAA8EF2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{9178FC80-7DB4-475E-A1A3-9379447186B0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{A88F715C-4BFD-4A88-BDDB-39E3F919FAAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
FirewallRules: [{E8C1E715-88D6-4371-9B18-17EE78B47EB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe
FirewallRules: [{9C6C2AA7-DB82-44EC-9A6F-AAF80C7B8024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{613E9D87-034A-45B0-BCAA-51F0C3269E90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{1AE80464-8F9E-4252-97AE-D50F58475FCE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{70A5D02B-2D40-4F19-81A1-9D4657B7A726}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9384E06E-04A2-4BCA-A99C-0E95EF62FA86}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B60CAC5D-FD16-428C-AB8E-64ECD03E755C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{84806E85-BD91-4150-98A6-6516BF76AF96}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{15967EDD-D751-4835-A483-EACF77C52028}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E02ED36F-B16F-44D3-A890-33C42803B422}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{77B294ED-E5BC-4601-A507-E88B271B3282}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E7E2C0DE-927A-429A-A4F7-46C1209B37E6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{3A951E11-E47E-4D33-98B1-F9E0E70CDDCC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A0196A3C-6C24-4FB5-8335-BC6C09A2CC1D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E70162F5-6B22-46B1-94E7-DD4F10C40FA5}] => (Allow) C:\Users\Jean\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{04D3631F-D152-41DB-B42B-79B16E35C57B}] => (Allow) C:\Users\Jean\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{9AC0D7B3-5E6B-44A6-B490-6C270E620226}] => (Allow) C:\Users\Jean\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{03E0B7ED-1F58-4507-9D55-612B9F46AB2B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{193D0DEC-9650-4603-98B2-6ACE7253AC1D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{56C71091-D57E-41D4-8696-E2A63281B26A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{55180185-018A-44E7-BCA6-2C53F1E22003}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5A3274DA-4F15-45FC-9754-9693F14B60C0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5AD2607C-CB3E-411D-948E-722E35F6850D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{AA33C7F9-C437-4655-A49D-64C747C3B48C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5C45F1D1-EC0D-474E-9BA8-7AA9FC16ED2E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{692D206C-AAEF-4855-BF94-6E86CD81E55C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{B2468165-2F91-4431-AAE7-D80614571A79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A48F8C30-134D-4891-806A-D3902F5A8430}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{F02AADF9-5944-4571-9DB7-821404585B85}] => (Allow) 㩃啜敳獲䩜慥屮灁䑰瑡屡潒浡湩屧汃敩瑮䴠摥慩倠潲楦敬捜楬湥⁴敭楤⁡慭慮敧⹲硥e
FirewallRules: [{B9CD2838-52B3-4A98-9D4C-8661200245DD}] => (Allow) 㩃啜敳獲䩜慥屮灁䑰瑡屡潒浡湩屧汃敩瑮䴠摥慩倠潲楦敬畜摰瑡獥牥楶散攮數
FirewallRules: [{CD3A139D-2F08-4DA3-B1C8-E453405DBB6D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{11F392DB-23AC-44F9-894C-65E7F8C2C345}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [TCP Query User{2442D29D-6465-4024-8AA8-135DE76F4E1E}C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe] => (Allow) C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{456852AE-0489-461B-9A17-8B2ED631E4E2}C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe] => (Allow) C:\program files\strogino cs portal\counter-strike global offensive\csgo.exe
FirewallRules: [{4BF76EE0-F3A5-4CEC-9942-273E91E51D89}] => (Allow) 㩃啜敳獲䩜慥屮灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e
FirewallRules: [{8A46B0B4-FCD7-46C6-90C1-5227ABC41A07}] => (Allow) 㩃啜敳獲䩜慥屮灁䑰瑡屡潒浡湩屧獳屮灵獤湳攮數
FirewallRules: [{82E7EE01-87AB-46A6-A514-C70869B64D50}] => (Allow) 㩃啜敳獲䩜慥屮灁䑰瑡屡潒浡湩屧汃敩瑮䴠摥慩倠潲楦敬捜楬湥⁴敭楤⁡慭慮敧⹲硥e
FirewallRules: [{E5195986-29D4-42FE-898E-D871745D764C}] => (Allow) 㩃啜敳獲䩜慥屮灁䑰瑡屡潒浡湩屧汃敩瑮䴠摥慩倠潲楦敬畜摰瑡獥牥楶散攮數
FirewallRules: [{CD115F39-460F-4FD9-9D8D-6524208DC68A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{24B56C18-993F-4DC6-A8A0-00197DA0B6CF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5B6EA4B8-96ED-45B2-B0F8-62D4125C7BF2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{ECDD0289-2593-4E24-9346-BBAA9DADEF06}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{AF05E1EB-B833-4D31-9FE0-D8280FF73D71}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9209477D-FD6F-41C6-8B89-A7B30F99EDF5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4508D8C9-A297-4D9C-9D3C-678E205D6394}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A9B60745-08AD-48D8-BD25-2DC500AB9034}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2015 03:39:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:39:06Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:38:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:38:36Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:38:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:38:06Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:37:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:37:36Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:37:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:37:06Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:36:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:36:36Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:36:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:36:06Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:35:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:35:36Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:35:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:35:06Z. Error Code: 0x80040154.
 
Error: (12/02/2015 03:34:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-08T20:34:36Z. Error Code: 0x80040154.
 
 
System errors:
=============
Error: (12/02/2015 03:37:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147952506
 
Error: (12/02/2015 03:37:50 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (12/02/2015 03:37:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (12/02/2015 03:37:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error: 
%%4294967295
 
Error: (12/02/2015 03:35:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147952506
 
Error: (12/02/2015 03:35:48 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (12/02/2015 03:35:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (12/02/2015 03:33:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error: 
%%2147952506
 
Error: (12/02/2015 03:33:46 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.
 
Error: (12/02/2015 03:33:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
 
 
CodeIntegrity:
===================================
  Date: 2015-12-01 20:23:46.946
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:36.032
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:32.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:32.796
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:32.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:32.756
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:32.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:28.965
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:28.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-01 20:23:28.918
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\Xivdukzijp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8092.36 MB
Available physical RAM: 5691.48 MB
Total Virtual: 9372.36 MB
Available Virtual: 7141.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:679.3 GB) (Free:537.29 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:930.51 GB) (Free:930.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E5991043)
Partition 1: (Not Active) - (Size=18.5 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=503 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 887623C6)
Partition 1: (Not Active) - (Size=1 GB) - (Type=83)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:12 AM

Posted 04 December 2015 - 12:21 PM

Hello IMessedUpBadly,

Your computer has a lot of adware - but do not worry, we will take care of that.

:step1: Looking through your logs I must warn you of the following.

Pirated software

Bleeping Computer does not allow the use of pirated software.

The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.
 
When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
If you want to read on then the full post is here.

I will help you clean your machine, but please remember that if you refuse to remove the pirated software then this is a one-time deal. After that I will refuse further assistance.

===

:step2: Uninstalling Programs

Click the Start orb on the taskbar, and then click the Control Panel button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting Remove:

BubbleSound
DailyWiki - DailyWiki for Desktop
FlashBeat
Microphone Save
Note-up
Note-UP
OneSoftPerDay
s5mark
save serp now
Search Protec
SearchModule
Setup
Shopper-Pro
shopperz
SmartWeb
Sound+
System Healer
SwiftSearch
YTDownloader


Additional instructions can be found here if needed.

If you run into any issues, please let me know.

===

:step3: Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST/FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Please let me know if you are able to connect to the internet or not after running the fix with FRST.

To recap, in your next reply I will need the following:
  • Confirmation that you have acknowledged the pirated software warning;
  • Confirmation that you have removed the aforementioned programs;
  • Contents of Fixlog.txt;
  • Are you able to access the internet?
Regards,
Alex

#5 IMessedUpBadly

IMessedUpBadly
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 04 December 2015 - 09:29 PM

I don't need any further assistance, I reinstalled Windows and everything is normal. I acknowledge I had pirated programs and have deleted them. You can close the thread now, thanks for the help :)

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 05 December 2015 - 09:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users