Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a HDD filling virus. Please help!


  • This topic is locked This topic is locked
20 replies to this topic

#1 JVGordon

JVGordon

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 16 December 2015 - 05:54 AM

I downloaded a game from a shady looking website (Because I'm stupid like that) a while ago. I finally went to go play it the other day and it kept crashing so I quit. The next day, I found that my 456 gb HDD is completely full of invisible files. I have no Idea how to get rid of whatever this is. Please, someone help me! Thank you in advance. Attached File  fuck.png   2.83KB   0 downloads



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 18 December 2015 - 10:25 AM

Greetings JVGordon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 22 December 2015 - 11:12 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 JVGordon

JVGordon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 22 December 2015 - 11:24 AM

Sorry, my laptop won't even connect to the internet now. Im connected to my wofi but when i go into my browser it says "webpag cannot be displayed" all my other devices connect just fine...

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 22 December 2015 - 12:04 PM

OK, can you download FRST onto a USB device using a clean computer then transfer it over to the infected computer? Run it from the USB device and the reports should be saved there.

Skip the System Summary step for now.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 JVGordon

JVGordon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 December 2015 - 04:24 PM

I finally gained access to a clean computer. doing the steps now.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 24 December 2015 - 04:30 PM

Excellent, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 JVGordon

JVGordon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 December 2015 - 04:53 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by JVGordon (administrator) on MYDAMNLAPTOP (24-12-2015 13:26:55)
Running from C:\Users\Lkjhh_000\Desktop
Loaded Profiles: JVGordon (Available Profiles: JVGordon & Guest)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\LaunchMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2814864 2015-12-16] ()
HKLM-x32\...\Run: [{B6770D34-C35A-4B82-A822-CBEF7F3FE57C}] => C:\Program Files (x86)\Launch Manager\LaunchMgr.exe [2259768 2012-10-31] (Wistron Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3960744 2015-07-28] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\RunOnce: [Uninstall C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\RunOnce: [Uninstall C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\RunOnce: [Uninstall C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\RunOnce: [Uninstall C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\RunOnce: [Uninstall C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\MountPoints2: {3d35656c-8e51-11e5-8300-f82fa8dec2ac} - "E:\VerizonSWUpgradeAssistantLauncher.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-14] (Microsoft Corporation)
Startup: C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1ba09a4a-532b-4f1f-934e-490bfba095c2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6cff325d-b525-4d6f-b698-ed4d75aa4e55}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={6ADBD8F5-9584-40DB-82DA-61882AA3AD30}&mid=4f06c0240f5e47d2a13e2966ee3a2b5f-5feabf86f15cdc7a701bfb6b879b2b895b670e8f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 16:21:31&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> DefaultScope {DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} URL = 
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6ADBD8F5-9584-40DB-82DA-61882AA3AD30}&mid=4f06c0240f5e47d2a13e2966ee3a2b5f-5feabf86f15cdc7a701bfb6b879b2b895b670e8f&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-07 16:21:31&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> {DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-06-03] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2015-12-16] (AVG)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-06-03] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2015-12-16] (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-06-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-06-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-03] (AVG Secure Search)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-628469187-4269208208-1694598833-1001: SkypePlugin -> C:\Users\Lkjhh_000\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-628469187-4269208208-1694598833-1001: SkypePlugin64 -> C:\Users\Lkjhh_000\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
CHR StartupUrls: Default -> "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938","hxxp://www.google.com/","hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120925&user_guid=3376D850497D46C68127A2760D19314C&machine_id=ad2a3962974acac6d9ee7d2f06c42270&browser=CR&os=win&os_version=6.1-x86-SP1","hxxp://www.default-search.net?sid=476&aid=179&itype=n&ver=12349&tm=359&src=hmp"
CHR DefaultSearchURL: Default -> hxxp://www.bleepingcomputer.com/forums/t/599539/i-think-i-have-a-hdd-filling-virus-please-help/
CHR Profile: C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (Skype Calling) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-12-16]
CHR Extension: (YouTube) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
CHR Extension: (Google Search) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Ponyhoof) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2015-12-24]
CHR Extension: (Google Docs Offline) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (Marc Ecko) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-05-31]
CHR Extension: (Gmail) - C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1630672 2015-07-28] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3719592 2015-07-28] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [356888 2015-07-28] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-03] (Electronic Arts)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-07-14] (Razer Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4377000 2015-12-11] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-16] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [119608 2012-10-31] (Wistron Corp.)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] ()
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [296896 2015-07-10] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-09-05] (Broadcom Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-08-04] (Echobit, LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-16] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 13:26 - 2015-12-24 13:28 - 00028854 _____ C:\Users\Lkjhh_000\Desktop\FRST.txt
2015-12-24 13:26 - 2015-12-24 13:26 - 00000000 ____D C:\FRST
2015-12-24 13:25 - 2015-12-24 13:26 - 02370560 _____ (Farbar) C:\Users\Lkjhh_000\Desktop\FRST64.exe
2015-12-24 13:18 - 2015-12-24 13:18 - 00016148 _____ C:\WINDOWS\system32\MYDAMNLAPTOP_JVGordon_HistoryPrediction.bin
2015-12-18 13:54 - 2015-12-18 13:55 - 00557800 _____ C:\WINDOWS\Minidump\121815-51312-01.dmp
2015-12-18 06:32 - 2015-12-18 06:32 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-12-18 06:32 - 2015-12-18 06:32 - 00002198 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2015-12-18 06:32 - 2015-12-11 15:39 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-12-18 06:32 - 2015-12-11 15:33 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-12-18 06:32 - 2015-12-11 15:33 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-12-18 06:31 - 2015-12-18 06:31 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\AVG
2015-12-18 06:20 - 2015-12-18 06:21 - 02924112 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Lkjhh_000\Downloads\AVG_PCTuneUp_1293.exe
2015-12-17 06:41 - 2015-12-17 06:41 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\SkypePlugin
2015-12-17 06:39 - 2015-12-17 06:41 - 14893056 _____ C:\Users\Lkjhh_000\Downloads\SkypeWebPlugin (1).msi
2015-12-16 16:55 - 2015-12-16 16:56 - 02863665 _____ C:\Users\Lkjhh_000\Downloads\Eevee the Magical Fox Companion V3.4-10304-3-4.zip
2015-12-16 15:54 - 2015-12-16 15:54 - 00002331 _____ C:\Users\Lkjhh_000\Downloads\Skill Config 1-2-34307-1-2.7z
2015-12-16 14:30 - 2015-12-16 14:32 - 09281536 _____ C:\Users\Lkjhh_000\Desktop\autosave3.ess
2015-12-16 14:19 - 2015-12-17 10:55 - 00000000 ____D C:\Users\Lkjhh_000\Desktop\000
2015-12-16 06:32 - 2015-12-16 06:44 - 14893056 _____ C:\Users\Lkjhh_000\Downloads\SkypeWebPlugin.msi
2015-12-16 02:38 - 2015-12-16 02:39 - 05639940 _____ (Swearware) C:\Users\Lkjhh_000\Desktop\ComboFix.exe
2015-12-14 15:30 - 2015-12-24 13:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-14 15:29 - 2015-12-14 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-14 15:29 - 2015-12-14 15:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-14 15:29 - 2015-12-14 15:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-14 15:29 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-14 15:29 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-14 15:29 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-14 15:18 - 2015-12-14 15:21 - 22908888 _____ (Malwarebytes ) C:\Users\Lkjhh_000\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\Users\Lkjhh_000\Downloads\WinInstallerPandaUSBAdapterV1.11.exe
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\e1024980d0f76f196cee
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\cec50022eed1c09a1a237427ade30f
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\cbc16301e14aa781236768cc
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\ca538bf9627500b4c9dc64
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\9f93c0f048bb1a04f82b8d509c6df26a
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\7258e4e67d470460ddfaef
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\6066acd5b480659d92
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\57759e427b411c5a332a9155b62c9d80
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\26bf3e1d03c2d0dc4c94f82e3f7da2
2015-12-11 23:42 - 2015-12-11 23:42 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-12-08 04:55 - 2015-12-11 23:45 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\PokeUE
2015-12-08 04:54 - 2015-12-08 04:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokémon Uncensored Edition
2015-12-08 04:49 - 2015-12-08 04:49 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\Savordez
2015-12-03 21:44 - 2015-12-14 18:05 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2015-12-03 21:44 - 2015-12-14 18:04 - 00001252 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2015-12-03 21:44 - 2015-12-03 21:44 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\UnrealEngine
2015-12-03 21:44 - 2015-12-03 21:44 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\EpicGamesLauncher
2015-12-03 21:44 - 2015-12-03 21:44 - 00000000 ____D C:\ProgramData\Epic
2015-12-03 21:44 - 2015-12-03 21:44 - 00000000 ____D C:\Program Files (x86)\Epic Games
2015-12-03 21:33 - 2015-12-03 21:44 - 29253632 _____ C:\Users\Lkjhh_000\Downloads\EpicGamesLauncherInstaller-2.7.2-2784597.msi
2015-12-03 21:16 - 2015-12-03 21:16 - 00000222 _____ C:\Users\Lkjhh_000\Desktop\Portal Stories.url
2015-12-03 16:58 - 2015-12-03 16:58 - 00000000 ____D C:\ProgramData\Avg_Update_1215av
2015-12-03 04:08 - 2015-12-18 06:31 - 00000000 ____D C:\ProgramData\Avg
2015-12-03 03:57 - 2015-12-18 06:31 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\AvgSetupLog
2015-12-02 03:32 - 2015-12-02 03:32 - 00000000 ____D C:\Users\Lkjhh_000\AppData\LocalLow\uTorrent
2015-12-01 01:48 - 2015-12-01 03:30 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 22:23 - 2015-05-04 02:51 - 349898504 _____ (Werner Spahl ) C:\Users\Lkjhh_000\Documents\VTMBup93.exe
2015-11-29 00:55 - 2015-11-29 00:55 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\Fallout
2015-11-28 12:33 - 2015-11-28 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-28 12:20 - 2015-12-14 06:00 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\MMFApplications
2015-11-28 12:18 - 2015-12-14 18:02 - 00001146 _____ C:\Users\Lkjhh_000\Desktop\UNDERTALE.lnk
2015-11-28 12:16 - 2015-12-09 03:26 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\UNDERTALE
2015-11-28 12:15 - 2015-11-28 12:15 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\Steam
2015-11-28 12:13 - 2015-11-28 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout [GOG.com]
2015-11-28 11:57 - 2015-11-28 11:57 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\Fallout2
2015-11-28 11:54 - 2015-11-28 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 2 [GOG.com]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 13:26 - 2015-07-10 03:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-24 13:26 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-24 13:26 - 2015-07-10 01:05 - 00000000 ____D C:\Windows
2015-12-24 13:24 - 2015-08-01 09:41 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-24 13:24 - 2015-07-10 03:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-24 13:24 - 2014-07-31 22:21 - 00000000 ____D C:\ProgramData\MFAData
2015-12-24 13:18 - 2015-08-01 09:22 - 00000000 ____D C:\Users\Lkjhh_000
2015-12-24 13:18 - 2015-08-01 09:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-24 13:18 - 2014-05-31 18:39 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 13:17 - 2015-07-10 04:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-20 10:56 - 2015-07-10 01:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-20 10:27 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-20 10:12 - 2014-05-31 18:39 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 10:03 - 2014-06-08 23:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-19 00:06 - 2014-07-08 14:16 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\Skype
2015-12-18 16:30 - 2015-08-01 09:22 - 00000000 ____D C:\Users\Guest
2015-12-18 13:54 - 2015-08-05 23:25 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-18 06:31 - 2015-06-02 14:25 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\Avg
2015-12-18 06:31 - 2014-09-29 22:31 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-18 06:06 - 2015-07-10 01:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-16 14:33 - 2014-06-06 13:06 - 00001369 _____ C:\Users\Lkjhh_000\Desktop\Skyrim.lnk
2015-12-16 13:17 - 2014-06-02 13:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-16 11:42 - 2014-11-07 16:21 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-12-16 11:41 - 2014-11-07 16:21 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-14 22:42 - 2014-11-07 16:21 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-12-14 18:05 - 2015-08-01 10:17 - 00002419 _____ C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-14 18:05 - 2015-08-01 09:32 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-14 18:05 - 2015-05-04 03:01 - 00001637 _____ C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VTM Bloodlines Unofficial Patch.lnk
2015-12-14 18:05 - 2014-12-21 21:34 - 00000905 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HipHopCube.lnk
2015-12-14 18:05 - 2014-12-21 21:34 - 00000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\greencube.lnk
2015-12-14 18:05 - 2014-12-06 19:10 - 00001140 _____ C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaunchMgr1.lnk
2015-12-14 18:05 - 2014-09-17 18:56 - 00001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-12-14 18:05 - 2014-03-13 09:23 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-14 18:05 - 2014-03-13 09:21 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2015-12-14 18:04 - 2015-08-17 01:59 - 00001297 _____ C:\Users\Public\Desktop\Zumas Revenge.lnk
2015-12-14 18:04 - 2014-12-09 19:20 - 00001540 _____ C:\Users\Public\Desktop\SimCity 2000 Special Ed..lnk
2015-12-14 18:04 - 2014-09-19 13:01 - 00001287 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2015-12-14 18:04 - 2014-09-19 04:00 - 00001209 _____ C:\Users\Public\Desktop\Bejeweled 3.lnk
2015-12-14 18:04 - 2014-09-10 02:27 - 00001358 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-12-14 18:04 - 2014-07-29 07:28 - 00001706 _____ C:\Users\Public\Desktop\The Sims 2.lnk
2015-12-14 18:02 - 2014-06-06 22:14 - 00001721 _____ C:\Users\Lkjhh_000\Desktop\No Escape.lnk
2015-12-14 18:02 - 2014-06-01 17:11 - 00000889 _____ C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-12-14 17:58 - 2015-07-10 03:04 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-12-14 17:54 - 2014-06-13 18:31 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-12-14 17:42 - 2015-07-10 02:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-14 15:04 - 2014-05-31 18:35 - 00000000 __RDO C:\Users\Lkjhh_000\SkyDrive
2015-12-14 15:00 - 2015-07-10 04:20 - 05020872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 14:50 - 2014-06-10 11:28 - 00000000 ____D C:\Games
2015-12-14 08:56 - 2014-05-31 18:30 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\Packages
2015-12-08 19:39 - 2014-09-28 15:31 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-06 23:02 - 2014-07-06 13:46 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\ElevatedDiagnostics
2015-12-06 22:54 - 2015-08-01 10:24 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\MicrosoftEdge
2015-12-05 00:25 - 2014-05-31 18:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-04 23:25 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-04 23:01 - 2015-07-10 03:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-04 23:00 - 2014-06-01 17:10 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\uTorrent
2015-12-03 21:16 - 2014-06-02 13:35 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-03 17:06 - 2014-05-31 18:39 - 00003990 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 17:06 - 2014-05-31 18:39 - 00003758 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 03:41 - 2015-08-10 15:06 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Roaming\New Technology Studio
2015-12-03 03:41 - 2015-08-03 19:28 - 00000000 ____D C:\Program Files\Rockstar Games
2015-12-03 03:41 - 2014-03-13 09:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-03 03:40 - 2015-08-03 21:46 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\Rockstar Games
2015-12-03 03:40 - 2015-08-03 21:43 - 00000000 ____D C:\Users\Lkjhh_000\Documents\Rockstar Games
2015-11-28 12:33 - 2014-07-08 14:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-28 12:33 - 2014-07-08 14:16 - 00000000 ____D C:\ProgramData\Skype
2015-11-28 12:15 - 2015-09-19 09:55 - 00000000 ____D C:\Users\Lkjhh_000\Downloads\Undertale
2015-11-28 01:10 - 2015-08-03 02:42 - 00000000 ____D C:\Users\Lkjhh_000\Downloads\Smosh.The.Movie.2015.WEB-DL.x264-RARBG
2015-11-27 01:25 - 2015-05-31 11:16 - 00000000 ____D C:\Program Files (x86)\Controller Companion
2015-11-27 01:24 - 2015-05-06 01:23 - 00000000 ____D C:\Users\Lkjhh_000\AppData\Local\ControllerCompanion
 
==================== Files in the root of some directories =======
 
2014-06-04 11:52 - 2014-03-04 07:37 - 0000226 _____ () C:\Program Files (x86)\update-southpark.bat
2014-06-04 11:52 - 2013-10-12 19:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2014-06-18 00:57 - 2014-06-18 01:17 - 170728397 _____ () C:\Users\Lkjhh_000\AppData\Local\ACCCx2_6_0_393.zip.aamdownload
2014-06-18 00:57 - 2014-06-18 01:17 - 0002069 _____ () C:\Users\Lkjhh_000\AppData\Local\ACCCx2_6_0_393.zip.aamdownload.aamd
2015-09-14 00:58 - 2015-09-14 00:58 - 0000000 _____ () C:\Users\Lkjhh_000\AppData\Local\{0E8EED5D-2BB4-4473-849F-848822B7F825}
2015-08-01 09:18 - 2015-08-01 09:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-13 09:20 - 2014-03-13 09:21 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-13 09:16 - 2014-03-13 09:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-13 09:18 - 2014-03-13 09:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-13 09:19 - 2014-03-13 09:20 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-13 09:16 - 2014-03-13 09:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Lkjhh_000\AppData\Local\Temp\jtywkfd0.dll
C:\Users\Lkjhh_000\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Lkjhh_000\AppData\Local\Temp\systme2n.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-18 11:05
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by JVGordon (2015-12-24 13:30:21)
Running from C:\Users\Lkjhh_000\Desktop
Windows 10 Home (X64) (2015-08-01 18:08:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-628469187-4269208208-1694598833-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-628469187-4269208208-1694598833-503 - Limited - Disabled)
Guest (S-1-5-21-628469187-4269208208-1694598833-501 - Limited - Disabled) => C:\Users\Guest
JVGordon (S-1-5-21-628469187-4269208208-1694598833-1001 - Administrator - Enabled) => C:\Users\Lkjhh_000
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6122 - AVG Technologies)
AVG 2015 (Version: 15.0.4489 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6122 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.13.1.47453 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.13.3 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.0.638 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bandizip (HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\Bandizip) (Version: 3.11 - Bandisoft.com)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Controller Companion (HKLM-x32\...\Steam App 367670) (Version:  - )
ConverterLite 1.6.11.0 (HKLM-x32\...\ConverterLite) (Version: 1.6.11.0 - ConverterLite)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.143 - Dell Inc.)
Elgato Game Capture HD (HKLM-x32\...\{2E07195E-ACD9-4949-A340-CB4577DF9188}) (Version: 2.10.35.842 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{50CBA62D-4E71-47DE-B37B-0C36DD9121DE}) (Version: 1.1.47.0 - Epic Games, Inc.)
Fallout (HKLM-x32\...\1_is1) (Version: 2.1.0.18 - GOG.com)
Fallout 2 (HKLM-x32\...\2_is1) (Version: 2.1.0.17 - GOG.com)
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
greencube (HKLM-x32\...\greencube) (Version: 1.0 - UNKNOWN)
greencube (x32 Version: 1.0 - UNKNOWN) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hatoful Boyfriend (HKLM-x32\...\Steam App 310080) (Version:  - Mediatonic)
HipHopCube (HKLM-x32\...\HipHopCube) (Version: 1.0 - UNKNOWN)
HipHopCube (x32 Version: 1.0 - UNKNOWN) Hidden
Horizon v2.7.3.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.3.0 - Daring Development Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
InViewer version 0.87.0.2 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 0.87.0.2 - Stefan Wobbe)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jazzpunk (HKLM-x32\...\Steam App 250260) (Version:  - Necrophone Games)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\{B6770D34-C35A-4B82-A822-CBEF7F3FE57C}) (Version: 0.09.000 - )
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lucius (HKLM-x32\...\Steam App 218640) (Version:  - Shiver Games)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marc Eckō's Getting Up: Contents Under Pressure (HKLM-x32\...\Steam App 260190) (Version:  - The Collective)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.93 - MediatekWiFi)
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Modio (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Murder Miners (HKLM-x32\...\Steam App 274900) (Version:  - JForce Games)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version:  - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
Penumbra: Requiem (HKLM-x32\...\Steam App 22140) (Version:  - Frictional Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
POSTAL (HKLM-x32\...\Steam App 232770) (Version:  - Running With Scissors)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.0.29.0 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Ricochet (HKLM-x32\...\Steam App 60) (Version:  - Valve)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skullgirls (HKLM-x32\...\Steam App 245170) (Version:  - Lab Zero Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Skyrim - Legendary Edition (HKLM-x32\...\Skyrim - Legendary Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Spooky's House of Jump Scares (HKLM-x32\...\Steam App 356670) (Version:  - Lag Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Team Fortress Classic (HKLM-x32\...\Steam App 20) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version:  - Troika Games)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Zumas Revenge (HKLM-x32\...\{0B153CAB-792B-4CA2-B2A5-AB0BBAF2FFA9}) (Version: 1.0.5.600 - PopCap Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-628469187-4269208208-1694598833-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Lkjhh_000\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-628469187-4269208208-1694598833-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\Lkjhh_000\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-628469187-4269208208-1694598833-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lkjhh_000\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-628469187-4269208208-1694598833-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Lkjhh_000\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-628469187-4269208208-1694598833-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Lkjhh_000\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)
 
==================== Restore Points =========================
 
20-12-2015 10:28:46 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {053FA1CF-B2E4-48A4-8C7C-5CDB621ABBCB} - System32\Tasks\{735E7F60-3065-4C45-B8C4-F0D43E962BDA} => Chrome.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {1B236282-7C1F-4ECB-A7EA-1A017EE538AF} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {224EBDF9-4EE9-42E3-87B4-F2911F3EC854} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated)
Task: {26248332-A293-4158-AC80-0EDB9C4190AC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-03] (Microsoft Corporation)
Task: {32A3AB40-522F-43C6-8442-43E58A85AAAA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {36A2D0EF-7AC8-4643-BEAA-195F3AF86FDA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {3C3BBDDD-D99D-4735-9A34-8FDE60FE3EBE} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {4558F98B-C10B-45D9-8C69-326BDE92DBFE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-16] (Synaptics Incorporated)
Task: {4B29329C-1654-4EAF-8112-A68C75648FA4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {528604C1-79DC-425A-9602-B648E305BD65} - \StartMenuAutoupdate -> No File <==== ATTENTION
Task: {66C215A3-5DC5-4F80-89DA-A9429C2511AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A342DB9-85A9-4FBC-9546-53D84B6DD549} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {722FB223-8905-4AD2-8F79-C870B671F438} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {853A1375-F270-4FB4-AE79-BD22194EAA0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A0FA04CC-D5B1-492F-B642-4DFE31522C8E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-21] (CyberLink Corp.)
Task: {A4F794F5-AF7D-43A8-9C8B-617688F863EB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A703DEA0-126A-4577-B126-8F9E6D67FC33} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {B7913B56-8DC2-4887-8246-30FC46C18FD3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B7FDDC45-DE22-4997-BD84-204865992709} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {BA8343B1-B24A-4C01-BC41-BFC3BFCAEE0F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {CB5CF3BD-43B7-481D-97E8-1C8DA77572C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D00EBEA3-AEFB-4370-8260-7D5DC758F65A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D093D525-345A-4F08-B858-0FBFDF97F3BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D1983636-7A7F-4E58-B261-57D9B83A94C6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {D58AC091-9560-4217-AAD1-CE67C8D843B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DEFA8C5B-BB19-458C-8BC8-8D7CD4205D06} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {E06CD7D7-754B-4BE7-8C3D-62A0125C14B2} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {E262176D-AA63-4E6D-AAA9-AAB32CEC121B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EE8E8C55-7F30-4E74-9896-207C7FCCFA4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F047EBBD-C62B-43A9-B4E5-2181162C63DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-01 10:03 - 2015-08-01 10:03 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-03-04 04:32 - 2015-12-16 11:41 - 01164688 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-08-20 02:26 - 2015-08-11 01:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-06-03 12:58 - 2012-11-24 16:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-06-03 12:58 - 2012-12-07 06:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-06-03 12:58 - 2012-12-07 06:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-22 10:40 - 2013-08-22 10:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-12-16 11:42 - 2015-12-16 11:41 - 00192912 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
2015-10-02 10:40 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 10:40 - 2015-09-16 22:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-06-03 13:00 - 2014-06-03 13:00 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-02 10:40 - 2015-09-16 21:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-02 10:40 - 2015-09-16 21:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-02 10:40 - 2015-09-16 21:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 10:40 - 2015-09-16 21:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-02 10:40 - 2015-09-16 21:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-02 10:40 - 2015-09-16 21:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 10:40 - 2015-09-16 21:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 10:40 - 2015-09-16 21:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-02 10:40 - 2015-09-16 21:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-01 10:03 - 2015-08-01 10:03 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-08-01 10:03 - 2015-08-01 10:03 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-08-01 10:03 - 2015-08-01 10:03 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-08-01 10:03 - 2015-08-01 10:03 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 03:00 - 2015-07-10 05:14 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2014-11-07 16:21 - 2015-12-16 11:41 - 02814864 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-12-16 11:42 - 2015-12-16 11:41 - 00533904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\log4cplusU.dll
2014-03-13 09:17 - 2013-03-04 19:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 10:41 - 2013-03-05 10:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-03 12:58 - 2014-06-03 12:58 - 00312896 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-03 12:58 - 2014-06-03 12:58 - 00354368 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2015-12-03 04:09 - 2015-12-03 04:06 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-03-16 10:28 - 2015-03-16 10:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-03-13 09:12 - 2013-08-28 02:02 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-16 12:18 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 12:18 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lkjhh_000\Pictures\tumblr_npmws448hS1uo68y1o1_1280.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\...\StartupApproved\Run: => "Pinger"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7D4C9B56-A468-4BC1-A1BA-5B4639316093}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{D3265E26-D078-456E-8874-50BC2ACB477E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spooky's House of Jump Scares\SPOOKY.exe
FirewallRules: [{98155C32-DBDE-433E-9F82-5D1AF336AEA9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lucius\Lucius.exe
FirewallRules: [{9555EBF6-B5AE-4D31-9998-71276F9B22FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lucius\Lucius.exe
FirewallRules: [UDP Query User{25CD3FC8-61EF-4F68-9C7A-36BF94503082}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{B27D9D10-9CE4-4131-A1DC-00DE5A110EB4}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [{EF615B79-AB6B-45B8-A487-A6C405BDA361}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E244B841-5F70-497F-9124-4846A6057F55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{0C7A713A-4CB0-487A-98AF-ADB1279A4BEF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{485CDD44-77D6-4177-BB5D-D88159679622}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{E597F892-208A-4675-980B-6EE4D77638DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{9F621613-7231-412F-94A1-268FE813CB0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{279018D3-C240-4162-BFF3-8EB87331C181}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{E39253BD-4EF7-4C30-A4AA-DDABBFC82979}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{8467778F-9480-4969-8EA8-11E61FF3A933}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{C688EC84-2BE1-4179-B937-1E64B7DC288E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{28EFC7BE-EF34-4000-A830-E5123CFAABFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{2B518ABD-1BD6-47AA-8792-D3ACC68D14B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skullgirls\SkullGirls.exe
FirewallRules: [{228B5836-7920-42DE-BA6A-73A94B2A748E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{B9C8F57E-5AAA-4BBC-B50D-2A359BDAFAEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cry of Fear\CoFLaunchApp.exe
FirewallRules: [{8DD71886-A2C2-4930-AB76-F46901A8B5E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Synergy\hl2.exe
FirewallRules: [{5AB94AA5-EF7D-4E58-8182-D9899FB2ADD9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Synergy\hl2.exe
FirewallRules: [{6F2556A5-55C4-4DFE-B60D-6C8231B874AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{7E01D175-32BC-48FD-B568-018EC11FD23F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C5FD1FCA-3951-49A5-B287-3CDD1126B3D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{98504EFA-313A-4345-AE6B-DBA3FD0DB920}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{D944C814-B2B5-4AAF-87EF-AAF732E7382B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{ABF10FFF-856B-42B2-A957-4104C59C8F74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{E6FF82D8-58F3-4265-921F-85FAFBF3957F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{717BCB38-64D6-473F-9347-2DFF95F8473F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{D5B8919D-6301-4E71-8268-E95E3050AFED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe
FirewallRules: [{51C6CD51-358A-4111-A554-2C880A204CEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Vampire The Masquerade - Bloodlines\vampire.exe
FirewallRules: [{F31C7FB1-2EBF-4B8A-AE3D-8814FCE939AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{7412B8E8-08CF-48DE-804B-DF738ACA2593}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{C442D987-453E-40A2-A66E-9BCFE0444BDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{01A743D4-DB9E-4A69-9A26-65F437CF2D49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{6D2A74E3-4E80-4124-9D15-B3B9076247B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B59B3A6A-0FA9-4455-A2C5-EC7CB92BE7E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{011D64F6-A2F2-48F4-8EA0-6F7639C884D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{50D64939-8390-480C-9103-717291AB0852}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{5AA779A3-2913-41CC-93A1-E0726ABCCC62}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{85846CAE-0393-4609-9B0D-34F581614B5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B446EC9E-FC9D-41C6-BAB4-2D4C446DC6B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{DA11DD12-F9A9-48C8-BC45-3A5819DF5300}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{A8D0FBA4-77C9-4269-8013-B7297162ECB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{037FF39C-F041-454A-807A-C4D756C98F20}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Stanley Parable\stanley.exe
FirewallRules: [{1527E8F9-BF37-4812-AEE1-E91A23B14B05}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{CB606BA1-BCCE-4B04-83D0-9E706BA06DA0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{89512112-4842-4318-B80A-04BAC525962A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jazzpunk\windows\Jazzpunk.exe
FirewallRules: [{7F0BED56-DC44-4C54-9662-C3161441E822}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jazzpunk\windows\Jazzpunk.exe
FirewallRules: [UDP Query User{12473830-BE0B-4C74-A904-1B8DCECB5FD5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3AD9D5CE-5A6E-4D91-AD07-BD9B2890BA65}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7CC8F154-F0DB-4A79-BC54-94DC4561EBEB}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{D9389363-ACB2-413B-96F8-667E661CA45E}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{BCBF8A2C-D94C-4B1A-91EA-1E7A383BFC24}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{FD291DDE-30D0-4131-8B63-FE421531D8A3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{D74C023B-4C22-4CB8-8555-57A83718B341}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{1491CEBE-DF17-4F22-B840-763626B67331}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{16FEF1DE-CEAB-49B5-BDC4-F3DC940B5AC8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3AD8F6D2-4FE5-4FD1-827A-C2A93CB699F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{1660211A-E1EF-44A1-8AA2-40C8ADAEB67C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8CCEF87D-EE40-403C-9DB3-5705CB380DB8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{593150B9-2744-4AA7-947A-A6DF378B91AD}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{2A14FBFE-2170-4D02-B52C-55AF6AE00CAB}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{DBB3B0B7-CAA3-4277-B1F4-4491B0025D13}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{7DD9E3CA-C873-46BF-809A-624E3CCC35AF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{E75273F0-7AC0-4817-8093-2578A442B142}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{565AA476-C0DB-4231-B32D-7A8CF3E532C8}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{0EAAB298-2410-4872-A22E-EE61ECAC6640}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8BD4C9D0-12FF-4044-A17F-3C8B261C21B9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A0E8A625-1051-499C-A7DB-CADBD3126D79}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{22F9A8B5-6A2E-444F-8928-01EB063087FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{89248884-20B8-4278-805F-B634E61CF0D9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{49C760A9-349E-434D-B646-27DC8A478814}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{61F8B6F8-A34D-49C8-809D-9CF336B86C79}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2B92BA64-9FE2-4A11-9363-74F73E8676A5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8A30C029-E7A9-4591-B5B3-BE52043D598A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{52B03031-86D1-4C3D-B89A-9258F993C01B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DE058B75-DD4C-4774-A25C-51E457F6A026}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9B7903FB-C053-41F9-A72A-942ED229C711}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{E2F3131D-95CB-465C-9AC4-AD7DECB331B3}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{901C0E21-3FA7-4F30-A933-55D7AFC57807}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{656187DB-B01B-4C4B-BC03-AD83E89B58D8}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{BE6C4E7D-7DD4-4B7C-8A86-D7977ECAAB35}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{EC77EE00-57BA-48D3-BF53-F3A9C7984E8C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{1216822A-2A27-4DED-80A5-27FB986DE439}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{08BF69E2-ABEC-4691-B001-665B91A22288}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{A4EFAA46-100C-42A8-85A7-E6BC2680DD95}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{07097281-8542-40A7-8C4C-8B9A2B9B64BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{047B1732-49E2-41FB-A964-F14D3C9E1797}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{69C02C1D-66A1-4F7D-BBF9-F4CF0CFC8F65}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7536DD63-803D-4939-9F40-AFE3E08C681C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3C00A6C8-3E19-4176-9C72-C9B00D8E847E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8A37EC1C-5684-44C6-9166-FCBF43684630}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{128737A0-38FE-4228-8659-B5496EC17A7C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{50FFA0BB-172A-4A01-8555-7FF83F0874B1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{AE2B515A-7797-40C0-B1E5-4EAE7CA86DE3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{5EB9C8D5-C387-4B4E-AF41-9CE4E870EFFB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{32F920CB-9426-4872-A61B-BD80C76AC47C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{B66DFC0A-9D7D-4ECD-8413-2ABE5A767973}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{909E1F13-904E-4B3F-8EC9-E83FA93ADF22}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{945EE5BE-B25C-4DDC-A9A6-08FC997A512C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{9737CED0-3DBC-44C2-93F8-1566EFEEDB8A}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{5B81E528-D7D1-4A5E-8A32-79AD145893FF}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{EAA64CD1-5A0C-4276-B115-FBD2FBB4E65D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
FirewallRules: [{9739488A-7BE3-48AD-AB7C-5106DC367591}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{82808710-37BB-447B-AB19-524D2A6ACB83}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{32C0D10D-5BD7-4AB4-9FC8-ECC8F7968B1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{D157CD10-F54C-492E-A71D-A24EDC1EB759}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{4DC36613-6F9A-4003-AF57-7F66F5F9798C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FFB98C53-8CFE-4FC0-9340-4D51AC91E1C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{69744036-7623-4F18-AC26-D2C1468785DD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EA17A388-B012-4F58-A734-64967CC17B3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{22A738B8-0CA5-4528-A088-D841F23DE299}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{5260E352-03CE-42F9-BB43-74BA1091C8D8}] => (Allow) C:\Program Files (x86)\Origin Games\BFH Beta\bfh.exe
FirewallRules: [{A118F349-6A2C-4E81-8034-6787B22B85E6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FBC8BF38-EE83-4A7C-8B39-0A5686668399}] => (Allow) C:\Users\Lkjhh_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D446B0C7-2351-4344-8857-3D4179F4EA65}] => (Allow) C:\Users\Lkjhh_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F9CFB58-CFF6-40EB-BD21-9A4972A7593B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{33A2C428-9792-4B38-AA5F-66C6968E806C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{76A4376C-E5D1-4320-80B9-D7D7F2465078}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{85548377-C242-42CB-9726-06EEDF0D795F}] => (Allow) C:\UDK\Within Deep Sorrows\Binaries\Win64\UDK.exe
FirewallRules: [{74751B43-DE6A-4BC9-B2E1-4DDD5AD76757}] => (Allow) C:\UDK\Within Deep Sorrows\Binaries\Win64\UDK.exe
FirewallRules: [{BFD94CE7-2E33-4C68-9D1E-F4A9BAF20BB2}] => (Allow) C:\UDK\Within Deep Sorrows\Binaries\Win32\UDK.exe
FirewallRules: [{2B7904F1-8786-4DD5-87D3-444B74563546}] => (Allow) C:\UDK\Within Deep Sorrows\Binaries\Win32\UDK.exe
FirewallRules: [{A4544F8C-E9DB-45FB-9B91-317CF57ECBEF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{803E0FC2-C6B2-481B-8257-D63E5C299738}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E743A81D-AECE-4F9A-991C-30274C4ADFA3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{04B06313-39CC-41D6-8E35-B113226B3CAA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{67978AF9-9B2D-49F5-B41C-24A2C9F6E116}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8C89F916-7019-4999-87C9-943A0BAB42CC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{84A7A327-FBCF-4BB0-BEC1-5DB96D4B1871}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CE022475-6334-4FCA-88F9-DF6E81781365}] => (Allow) C:\Users\Lkjhh_000\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{1671F199-E0C4-4137-8CBF-5A2DFD5E2E91}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1C5B8EC7-894B-4F4F-A0C5-55717F3B92EB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F1E3028B-B681-4EF8-8DF9-AACBC0193031}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7D849438-B060-495B-A6C4-1399CB76E033}] => (Allow) C:\Users\Lkjhh_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43C26C20-00E1-4EC0-AB17-303B5AC5106A}] => (Allow) C:\Users\Lkjhh_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22CCB002-0B3F-46D4-B90A-B7A120264DA7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6B3A7871-FFF7-4B21-A863-D373994581B2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DF767835-2023-45E2-B219-AF03996EB15B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2555532C-7810-4A51-AA2B-A971B831232B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{77012502-C0E3-4C5D-8054-593407ED4E93}] => (Allow) LPort=1900
FirewallRules: [{F736F64A-0A4B-4EE0-B7DD-068D157973A6}] => (Allow) LPort=2869
FirewallRules: [{9DC5154C-7307-4099-8990-C27D95B5C40B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{605EF5EE-99A7-4258-8FE1-8EA6D057B8D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{63609F1D-568E-45AF-B88F-2300302FA017}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{773DFAE4-7BAF-4FF6-A89A-F6CF60BB7723}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{2CEA93E0-894F-4618-9B86-5FBE6C635BF0}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{1D296B8C-30C8-462F-B225-3B0F79DEDF4B}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{EC134586-CB4F-4F8B-8461-A78C12CBA856}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{2D30FDF7-24D5-408B-B5B7-A07DDB528F04}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\POSTAL1\Postal Plus.exe
FirewallRules: [{FD1992D7-867D-42E3-8090-53B5008F515B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marc Ecko's Getting Up 2\_Bin\launcher.exe
FirewallRules: [{A7E18E97-C7C5-47D6-ABF2-773EA382659E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marc Ecko's Getting Up 2\_Bin\launcher.exe
FirewallRules: [{8A05CF07-6D30-466A-A9E3-58E0F61DB638}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{FF5025AD-0B71-451C-8F78-EB29A104487C}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{8D46B01C-5893-4403-97D9-94E727FF85A8}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{2607F05B-443D-4B03-867F-B0A891D7A1B6}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{8691D76C-B3D4-4EA1-B77C-CB8BDE0D32AC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{C62B84E1-3A08-4EA4-9BCB-385C558C72A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Hatoful Boyfriend\hatoful.exe
FirewallRules: [{83A563B2-5D66-446B-9C67-267099756E7D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Black Plague\redist\Penumbra.exe
FirewallRules: [{F395DD38-BF88-4093-98CF-2D53E6FC5E0D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Black Plague\redist\Penumbra.exe
FirewallRules: [{7EEB6901-2A19-433D-859E-395FF6A255CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{BD55CB12-81A3-4A25-AA36-B1F47BABD838}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{2EE36204-54C5-4A97-BFB8-14D42968508A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{75322B77-ED51-49D0-8734-3A9EBFCAAA3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [TCP Query User{9479401C-6B0E-46BC-8244-FD16A9E0F957}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{551082DD-90FF-46ED-B9CB-470B8E57006E}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{1238209D-F00E-481E-A69D-FDF967EEA223}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{C6D3CA8F-BBC3-4082-B18C-2BA99032884B}] => (Allow) C:\Program Files (x86)\Origin Games\Zuma's Revenge\ZumasRevenge.exe
FirewallRules: [{25BE160E-7F13-414A-9197-DCA9810FFAC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{35EF98E6-7DCB-49BA-843D-AF3C3019E84C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MurderMiners\Murder Miners.exe
FirewallRules: [{FFFC5EBA-F029-4189-B7DF-BEEA96106824}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{9719AB49-59DE-49B8-9A00-27D11FBB57F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{7FF0F2BD-EAB3-40D2-B2A5-0B569282933D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{216FB5A1-33A2-4CC1-99AE-8CCBB1B4FA33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{034A09F9-8616-4242-8C4C-52AF3346D694}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{D0DD69FE-9E17-4F54-86C6-7BEABFEAE12A}C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [UDP Query User{6CD641C1-8503-4CDB-BDBC-0942D6AFA429}C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [TCP Query User{BA15F391-38AC-40AC-B632-6DFC30929727}C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [UDP Query User{8551275D-B1DD-425F-AB61-D10FC0AC6883}C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\lkjhh_000\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2015 01:24:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (10128) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 01:24:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (10128) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/24/2015 01:24:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (10128) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 01:24:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (10128) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/24/2015 01:24:31 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (10128) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 01:24:31 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (10128) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/24/2015 01:24:20 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (10128) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 01:24:20 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (10128) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/24/2015 01:24:10 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (10128) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (12/24/2015 01:24:10 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (10128) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/24/2015 01:28:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:27:16 PM) (Source: DCOM) (EventID: 10016) (User: MYDAMNLAPTOP)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MyDamnLaptopJVGordonS-1-5-21-628469187-4269208208-1694598833-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (12/24/2015 01:23:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 64%
Total physical RAM: 6024.96 MB
Available physical RAM: 2124.39 MB
Total Virtual: 6984.96 MB
Available Virtual: 4023.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:456.36 GB) (Free:1.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 405BB33C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 24 December 2015 - 06:17 PM

Thank you for the information. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

AVG PC TuneUp

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> DefaultScope {DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} URL = 
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> {DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} URL = 
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
CHR HomePage: Default -> hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
CHR StartupUrls: Default -> "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938","hxxp://www.google.com/","hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120925&user_guid=3376D850497D46C68127A2760D19314C&machine_id=ad2a3962974acac6d9ee7d2f06c42270&browser=CR&os=win&os_version=6.1-x86-SP1","hxxp://www.default-search.net?sid=476&aid=179&itype=n&ver=12349&tm=359&src=hmp"
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\e1024980d0f76f196cee
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\cec50022eed1c09a1a237427ade30f
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\cbc16301e14aa781236768cc
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\ca538bf9627500b4c9dc64
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\9f93c0f048bb1a04f82b8d509c6df26a
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\7258e4e67d470460ddfaef
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\6066acd5b480659d92
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\57759e427b411c5a332a9155b62c9d80
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\26bf3e1d03c2d0dc4c94f82e3f7da2
2015-09-14 00:58 - 2015-09-14 00:58 - 0000000 _____ () C:\Users\Lkjhh_000\AppData\Local\{0E8EED5D-2BB4-4473-849F-848822B7F825}
2015-08-01 09:18 - 2015-08-01 09:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-13 09:20 - 2014-03-13 09:21 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-13 09:16 - 2014-03-13 09:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-13 09:18 - 2014-03-13 09:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-13 09:19 - 2014-03-13 09:20 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-13 09:16 - 2014-03-13 09:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\Lkjhh_000\AppData\Local\Temp\jtywkfd0.dll
C:\Users\Lkjhh_000\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Lkjhh_000\AppData\Local\Temp\systme2n.dll
Task: {528604C1-79DC-425A-9602-B648E305BD65} - \StartMenuAutoupdate -> No File <==== ATTENTION
Task: {66C215A3-5DC5-4F80-89DA-A9429C2511AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A342DB9-85A9-4FBC-9546-53D84B6DD549} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {853A1375-F270-4FB4-AE79-BD22194EAA0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A4F794F5-AF7D-43A8-9C8B-617688F863EB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B7913B56-8DC2-4887-8246-30FC46C18FD3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CB5CF3BD-43B7-481D-97E8-1C8DA77572C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D093D525-345A-4F08-B858-0FBFDF97F3BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D58AC091-9560-4217-AAD1-CE67C8D843B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E262176D-AA63-4E6D-AAA9-AAB32CEC121B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EE8E8C55-7F30-4E74-9896-207C7FCCFA4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F047EBBD-C62B-43A9-B4E5-2181162C63DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5
File: C:\Users\Lkjhh_000\Desktop\autosave3.ess
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Folder Size

--------------------
  • Download Folder Size and save it on your Desktop
  • Double click the icon and click Run
  • Click Next
  • Select I accept the agreement then click Next
  • Click Next 3 times then click Install
  • Close the browser window that will appear
  • Double click Finish
  • Left click on C:\ in the lower left hand corner to highlight the line
  • Click Scan, then Scan Selected Drive
  • When the scan has completed click the Size column so that the largest size is on top
  • Please take a screen shot of this window and attach it to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlist
  • AdwCleaner log
  • Junkware log
  • Folder Size screen shot

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 JVGordon

JVGordon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 24 December 2015 - 09:16 PM

# AdwCleaner v5.026 - Logfile created 24/12/2015 at 17:06:58
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : JVGordon - MYDAMNLAPTOP
# Running from : C:\Users\Lkjhh_000\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Deleted : vToolbarUpdater40.2.4
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1215av
[-] Folder Deleted : C:\Users\Lkjhh_000\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Lkjhh_000\AppData\Local\DriverToolkit
[!] Folder Not Deleted : C:\Users\Lkjhh_000\AppData\Local\PackageAware
[!] Folder Not Deleted : C:\Users\Lkjhh_000\AppData\Local\DriverToolkit
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\RapidMediaConverter
[-] Key Deleted : HKLM\SOFTWARE\TermTutor
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : default-search.net
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : startnow.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120925&user_guid=3376D850497D46C68127A2760D19314C&machine_id=ad2a3962974acac6d9ee7d2f06c42270&browser=CR&os=win&os_version=6.1-x86-SP1
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.default-search.net?sid=476&aid=179&itype=n&ver=12349&tm=359&src=hmp
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : default-search.net
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : startnow.com
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120925&user_guid=3376D850497D46C68127A2760D19314C&machine_id=ad2a3962974acac6d9ee7d2f06c42270&browser=CR&os=win&os_version=6.1-x86-SP1
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.default-search.net?sid=476&aid=179&itype=n&ver=12349&tm=359&src=hmp
[-] [C:\Users\Lkjhh_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12261 bytes] ##########
 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by JVGordon (2015-12-24 16:51:07) Run:2
Running from C:\Users\Lkjhh_000\Desktop
Loaded Profiles: JVGordon (Available Profiles: JVGordon & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> DefaultScope {DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} URL = 
SearchScopes: HKU\S-1-5-21-628469187-4269208208-1694598833-1001 -> {DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} URL = 
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
CHR HomePage: Default -> hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
CHR StartupUrls: Default -> "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938","hxxp://www.google.com/","hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120925&user_guid=3376D850497D46C68127A2760D19314C&machine_id=ad2a3962974acac6d9ee7d2f06c42270&browser=CR&os=win&os_version=6.1-x86-SP1","hxxp://www.default-search.net?sid=476&aid=179&itype=n&ver=12349&tm=359&src=hmp"
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\e1024980d0f76f196cee
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\cec50022eed1c09a1a237427ade30f
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\cbc16301e14aa781236768cc
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\ca538bf9627500b4c9dc64
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\9f93c0f048bb1a04f82b8d509c6df26a
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\7258e4e67d470460ddfaef
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\6066acd5b480659d92
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\57759e427b411c5a332a9155b62c9d80
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 _____ C:\26bf3e1d03c2d0dc4c94f82e3f7da2
2015-09-14 00:58 - 2015-09-14 00:58 - 0000000 _____ () C:\Users\Lkjhh_000\AppData\Local\{0E8EED5D-2BB4-4473-849F-848822B7F825}
2015-08-01 09:18 - 2015-08-01 09:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-03-13 09:20 - 2014-03-13 09:21 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-03-13 09:16 - 2014-03-13 09:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-03-13 09:18 - 2014-03-13 09:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-03-13 09:19 - 2014-03-13 09:20 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-03-13 09:16 - 2014-03-13 09:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\Lkjhh_000\AppData\Local\Temp\jtywkfd0.dll
C:\Users\Lkjhh_000\AppData\Local\Temp\ovi-uninstall.exe
C:\Users\Lkjhh_000\AppData\Local\Temp\systme2n.dll
Task: {528604C1-79DC-425A-9602-B648E305BD65} - \StartMenuAutoupdate -> No File <==== ATTENTION
Task: {66C215A3-5DC5-4F80-89DA-A9429C2511AB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6A342DB9-85A9-4FBC-9546-53D84B6DD549} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {853A1375-F270-4FB4-AE79-BD22194EAA0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A4F794F5-AF7D-43A8-9C8B-617688F863EB} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B7913B56-8DC2-4887-8246-30FC46C18FD3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CB5CF3BD-43B7-481D-97E8-1C8DA77572C8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D093D525-345A-4F08-B858-0FBFDF97F3BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D58AC091-9560-4217-AAD1-CE67C8D843B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E262176D-AA63-4E6D-AAA9-AAB32CEC121B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EE8E8C55-7F30-4E74-9896-207C7FCCFA4D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F047EBBD-C62B-43A9-B4E5-2181162C63DF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:05E9FFE5
File: C:\Users\Lkjhh_000\Desktop\autosave3.ess
*****************
 
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-628469187-4269208208-1694598833-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} => key not found. 
HKCR\CLSID\{DED55AEC-83C9-4AC1-B5E1-EF0FE4EB778B} => key not found. 
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
wfpcapture => service not found.
"C:\e1024980d0f76f196cee" => not found.
"C:\cec50022eed1c09a1a237427ade30f" => not found.
"C:\cbc16301e14aa781236768cc" => not found.
"C:\ca538bf9627500b4c9dc64" => not found.
"C:\9f93c0f048bb1a04f82b8d509c6df26a" => not found.
"C:\7258e4e67d470460ddfaef" => not found.
"C:\6066acd5b480659d92" => not found.
"C:\57759e427b411c5a332a9155b62c9d80" => not found.
"C:\26bf3e1d03c2d0dc4c94f82e3f7da2" => not found.
"C:\Users\Lkjhh_000\AppData\Local\{0E8EED5D-2BB4-4473-849F-848822B7F825}" => not found.
"C:\ProgramData\DP45977C.lfl" => not found.
"C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log" => not found.
"C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log" => not found.
"C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log" => not found.
"C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log" => not found.
"C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log" => not found.
"C:\Users\Lkjhh_000\AppData\Local\Temp\jtywkfd0.dll" => not found.
"C:\Users\Lkjhh_000\AppData\Local\Temp\ovi-uninstall.exe" => not found.
"C:\Users\Lkjhh_000\AppData\Local\Temp\systme2n.dll" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{528604C1-79DC-425A-9602-B648E305BD65} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartMenuAutoupdate => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C215A3-5DC5-4F80-89DA-A9429C2511AB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A342DB9-85A9-4FBC-9546-53D84B6DD549} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{853A1375-F270-4FB4-AE79-BD22194EAA0A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4F794F5-AF7D-43A8-9C8B-617688F863EB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7913B56-8DC2-4887-8246-30FC46C18FD3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB5CF3BD-43B7-481D-97E8-1C8DA77572C8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D093D525-345A-4F08-B858-0FBFDF97F3BB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D58AC091-9560-4217-AAD1-CE67C8D843B2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E262176D-AA63-4E6D-AAA9-AAB32CEC121B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE8E8C55-7F30-4E74-9896-207C7FCCFA4D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F047EBBD-C62B-43A9-B4E5-2181162C63DF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
"C:\ProgramData\Temp" => ":05E9FFE5" ADS not found.
 
========================= File: C:\Users\Lkjhh_000\Desktop\autosave3.ess ========================
 
File not signed
MD5: BA1622F2FE7FB523E87AEA7001FD9488
Creation and modification date: 2015-12-16 14:30 - 2015-12-16 14:32
Size: 9281536
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
==== End of Fixlog 16:51:09 ====
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by JVGordon (Administrator) on Thu 12/24/2015 at 17:26:00.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Successfully deleted: C:\Users\Lkjhh_000\AppData\Roaming\new version available (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\Tasks\DriverToolkit Autorun.job (Task) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/24/2015 at 17:29:39.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Screencap link is below.(i don't know how to reply with pictures.)

http://imgur.com/HytZtgn

-



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 24 December 2015 - 10:36 PM

Thank you for the information. As you can see in the Folder Size report Steam is eating up over 80% of your hard drive space.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 24 December 2015 - 10:40 PM

Wait, I take that back. You have highlighted the Program Files (x86) folder. You need to highlight the C: drive at the top of the list above Program Files (x86).
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 JVGordon

JVGordon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 25 December 2015 - 04:25 AM

http://imgur.com/7l3bPGv



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:29 AM

Posted 25 December 2015 - 10:38 AM

Thank you, it still looks like Steam is a major contributor. Can you follow the steps one more time and show the results for the Users Folder?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 JVGordon

JVGordon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 25 December 2015 - 12:40 PM

Steam is gonna be pretty big considering all the games I have. I had about 100gb left before my computer became infected.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users