Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange entry in LAN proxy settings that i cannot delete


  • This topic is locked This topic is locked
20 replies to this topic

#1 antstorm

antstorm

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 27 December 2015 - 02:17 AM

Hi Forum , if ive posted in the incorrect area i would like to apologise in advance 

i have a win 10 PC and i noticed that in Chrome and in my LAN settings i have this address in LAN ( Use Automatic Configuration Script ) http://ɴ.net/proxy.pac

 

I contacted PureVpn and they said it does not belong to them , ive run a scan with AVG ( paid version ) and with Malwarebytes ( Paid version ) both have not piced up anything fishy , i delete the address only for it to come back again 

ive been a bit reluctant to pay for things on the pc till i find out what it is , but searches have not been successful , can anyone assist me please 

 

regards 

 

Ant Attached File  Capture.PNG   9.59KB   2 downloads

 

System Windows 10 home x64



BC AdBot (Login to Remove)

 


#2 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 27 December 2015 - 02:40 AM

Adwcleaner that i downloaded from here has seemed to get rid of it , but i will monitor it for a few days just in case 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 27 December 2015 - 11:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post these logs and I will review them.


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#4 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 28 December 2015 - 05:41 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Anthony (administrator) on ANTHONY-PC (28-12-2015 21:33:06)
Running from C:\Users\Anthony\Downloads
Loaded Profiles: Anthony (Available Profiles: Anthony & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfSdkS64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Crystal Rich Ltd) C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
() C:\Program Files (x86)\GreedyTorrent\GTor.exe
(Angus Johnson) C:\Program Files (x86)\iiMUM\iimum.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\DFX\DFX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(PureVPN) C:\Program Files (x86)\PureVPN\purevpn.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB Safely Remove] => C:\Program Files (x86)\USB Safely Remove\USBSafelyRemove.exe [2239260 2013-03-14] (Crystal Rich Ltd)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1282008 2015-07-30] ()
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-01-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372ADCBDE3DF8B3FE491E5A76A79D1291A0DE317FFBF927F42782FA48270F2C969563B183A4B0112F3497DD3C2A423EC83498BDBAAC928910A9FB7FE5788E454C027A28F4A91AF2BF09E261F85B0EEE4F7929E63C4062496CB09534BB6D03FF69ED2915D0EA215B4FB3D1044E86EB87DFB4898BCBD50E5C4DDFBDB83B9410E1ADF91446C43C959E0E341D67A5A7EF8712586DE3B8B9C5B6F80F42F235BF68900EBFE6304BB0D9F67408B76201EC26180B4BD76500DE4F0DF86DF4A063AECECCA69DDF8A162B67A4B9800FA7570D5B551AC2703ADC0FFCED00650A96CD81EC4187B90C6B2140CE99C1937C40587EA72899897E628115BCAB73B3D9F425860B109A67347B8A121F65D0968D56A3DDE6B8171CEA61B08AE568B9D03C398977CE86F75055230EF370CABF67C9CF97C3223719555403F3E0BD2AF0E1E8742DECB05FADB0227F15D40EE2D6DC5A49FE1E6BC9E6CEDDE74294C3BB6FD5C5FEDFAD672DF1DFFD219BD8BC1EC39158EAB507998755F553441D01CD26A5501F6FB2DB4F3597510F85B93A542514C8013EEDBBFC913DCCE8B20A5759665BDFD9919EB22A89163D8656386D857C5BFC7C241C1D726CD94AB0F92D5B0FEFCF1D4ABDD26FBC6C17A4CCACF2D31E5E713059DE93C59D3B8D3E8D03B5D663F9DFADB03E093CB84FCF500A1F0E2E5BA1C9D81DB12CC799C6539AF0CC35682D95CB789C745A452BD8B38E6CF08E0579DA1AB43AD0858D0305F961B15A79C1090F4867040EA2BD36CF6512AAB44CE5A1098EFE039134F23BF057777FEF3E68E45827B0487924CAD4E5F0B1C3B4F5A0E3853B39640EB0782D78888FE92C3B68624E84FF6A5EDED87BE62D34CE858F34E5FFFBBA75F014DF0F648988B51A72DE1FF54D5C7A4B8ECB10C5E9EF51DE98C01EF8C406F9824A0C15A29E16B5A53E3643B0065A4263ECAE50D2CB976D3D2EA6255A65F1C6CC86167F1784A27B832037DB4CE1E262475334F3B2430F86C7A24456EEA82AB678ABA91BB4C0CC82C877B80B6D3574007257272C3E126C17A8B36AA8AA9431FF01BF658F82D8153EDDEA6804CDC564A3F5E9967B08FEEB823D3DB9356A4ACDD80E883CA58A1C661D01D145F80A3AB67E8036C0BAE1BB7BC43204EB0CF38214BC74A9AEF036A31D5A9C552D93A25C0E84057BCE5437B1634680D04A77472D631432D2BAA7A3ACD64220EFCF9E7848F8FD9801BEF7561A470A1822032160EB59EDC0F977882DCE4FB2872D89D27FF076DBA74A9672F86909956579C28853FA8DE7002CC8458D09256D42A39F1A4BDB6B56D36D51488E7368686E54C1BBBFFF48884E0D536BE362E59BD7F18329A4B82AED396E4F92865F594D0DA38F7CACE7A4603AF60C1A53BDFD19476094AAC6E4A8F31FC1257D48D03BB0EF515D8460B9441532C8B5043D0531D5881ADB6D997BB184FD8CAF4D8E6C759C3F7143B9E32BC7A0EC6234B68ADF4111CA1D136721438E5E6D7125D480CE982D84AEA7703B4010CD27867D6DDC5E0C970385196F020E48EDDB24C56972F9E61E6CC29C1712551583828F899534AACFFFC66F99999EA2BA2731D52A7FD2FA262A22B075DA52A5AA58F5B41AA9CDC9181406717F3F75E7C475090121966838125236E4DC6291AE3874968E8208B983AADB03CA60ACD935E6DA1B829407F70A77340E4439F22FDC2FC4218DE0F25D2F886C0AAEB693C2B23DB0EAB9953BF806C2173E0BC9D0D7EF0E763775BC1432FF48D6035B1214294C81B71CD98C42831014090CD99CB74929AE853F88132E559104D4FEA98AD40F17DA4100A909A6981BAD9EFB240A79520927AA12232A56F4D8893BFF92BFC2BD42CF3DC09BDC484DFDBA3A10C609186104CE33E3024F44000BE34814FF5DC9872D44B4157FB3A6655B985F6CC5EF4586F2ABFEE12DCBDB90181B396F95FE3213F094D1F3DD3D7FED800F4ED21290F613B62048E0FC1F1328D9F87A5653B489D36F727BE9D755523DEF0472F1C1D5AC90EE665379FF39D06E863C244890F5333A0B89B92022C1A8198029FE5F8C203B3DD211D4398958EE190108DD50B7850E20D8ABE2B927D53D28F3B8CA26BE81BC6B83C0E2B3B1DDA28066C63860CEA89DF82708EF21D4D36B84663E87B4385A3E37BD3FF1EB2BF64184C44723490669AF4DA092D45BA21A569A352E513D9A9B43E9CD4B812055822626EFC55F950009232B8B3BB2D63D44A8B0BD9BD4E84C5A724496A2326F63C97DBCB235366EC0CF6096B5F4988D073C34BD3A084130CEA8D6EE22E542B411C1E18599667B3FD6DDE0669AD82C85A1C10CA5862213CB1BB277E6C4F6564F20A9BCEA1B48170504C47235D78ED0A0441987C8C17D90D7B56CF487C46733BA4A6848FEC42B97CE4048F3C6D9C493322F052EF93F02F142B3940A10921BD15C911E7A97AA4A20DC383C62CD288D252BA937B3F60761E6653568A01241BB573664DE04811CF3F59B4C2D7E8A6C55DA16F468383456AA751697697397C2A5E5ABFA0F1099D80447D49DA509AA1347F3943EE9BAA1FDAD2A0E69410B34253AD4991282D0E952260F52AB9F02A3D00B37098CF60354424F862066E45E92AC475C99A00E7380766E589ABF66271619142795CF7A7FBD138A6CC5BD7E135122341D1F06EB5B436C59BE0ADEDC71BC03D7C63C16751AD56C69E36DECFE9E8214C719FCDF2E9FE2DC971F03C1C2AD6B6D368FE8B11D0389650C73D1C7E73708145FA05992A150E6A909656EA786E244BDF1CD71F4B0FD05B1335D703182FFA9D96C99108297B1FE327A83BF4F69D2A9C3D1EB73A9DD8CEE2B3220904AC31011FD6407A5BA427FACB46227FDEDB13D1CA6443DED3DC3B6CF06A59DC9B9226FBF357334ABF58412605FD206E7B6125FA19E5D68F75783FA08205B05C0A12D1830068317F6105958C4EB37BCB1BEAE6A401C267641AA58274A410D76B4D2A03E418020869B6886BB81964761B3FCD8EA68050AD6CFF99649CDE8FA53F04B0C96E271C0B092E24D81EA2D723775799E713EA9DA6967EF57AAAFE1C6732F2F047556027F021C65FC20C1C3BCB392ACF8FF7A9E14D9728A5AAACD255FC3866B041E9C96DCF592083D78C9E405DDD7991D2E2536D2EB1BA0F0ECE3DFB6A34C2665CFAC2D1850FD478F617FDD4E9DD4492C553BD375CFD33F4744D642006F3A5216A1FF7D73643ED751CAECDFDCB56247AA2F66FBCB8315DAAA86006A99E0350A72D5D5260D6BB77AC53CDD7ABACB859586C279B7FACDF076C922AC27F3E907FB3B4EC977CA634A28DF064162165222DCCE674DAB60A4E9D48E7FCEA267ABB1F8E0A2012AA6DB532A4CE74FBAF583E2C292FA1B56BE585D14EE073CDAFE3FC0C19050E698EC41B9D27F5DB41A779208118A5D3F8F74333B2AD2FE3CEE273BBFEA485EAD817EFFEDF1260C1A125070589B6F0F31984ED498CBD273E84A718F54C82CBC2747E678F8437DDE23C9EA3C877823034B7C70731C2D01CC09D11D3364E7945B6480B9B416ACB54CD1194B46C6D2E147619AC1C1FA915AF80A5098647247EBCF0449634F69C96AFC740BCE61993228183D98D0F85406D8FFD934
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8300568 2015-07-24] (Binary Fortress Software)
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\...\Run: [GreedyTorrent] => C:\Program Files (x86)\GreedyTorrent\GTor.exe [2526661 2007-03-08] ()
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\...\Run: [iiMUM] => C:\Program Files (x86)\iiMUM\iimum.exe [922112 2014-12-04] (Angus Johnson)
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-12-13] (SlySoft, Inc.)
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\...\MountPoints2: {188f5080-794d-11e5-9bdd-902b3421fa32} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\DisplayFusion\DFSSaver.scr [4664832 2015-07-24] (Binary Fortress Software)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\system32\pfmshx_853.dll [2013-04-11] (Pismo Technic Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\SysWOW64\pfmshx_853.dll [2013-04-11] (Pismo Technic Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-12-24]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-24]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk [2015-12-28]
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (PureVPN)
BootExecute: autocheck autochk * DfSDKBt
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{1AB1C33B-F15D-4678-8DBD-9F344718551B}: [NameServer] 79.142.73.128 8.8.4.4
Tcpip\..\Interfaces\{95da7fff-6f6f-4d72-8c15-da146352b4fd}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{98f5a6a1-686a-4eb4-a6c0-dd3bb3380ce0}: [DhcpNameServer] 10.1.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-AU&Src=WD8&Tid=80033A59&OHP=http%3A%2F%2Fwww.news.net%2Findex.php%3Freferid%3D144&OSP=
HKU\S-1-5-21-2336595450-1870726247-16309641-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com.au/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-12-24] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-12-24] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-12-24] (LastPass)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-12-24] (LastPass)
Toolbar: HKU\S-1-5-21-2336595450-1870726247-16309641-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2336595450-1870726247-16309641-1000 -> hxxp://google.com.au/
 
FireFox:
========
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default
FF Homepage: hxxps://www.google.com.au
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-12-24] (LastPass)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll [2012-10-25] (Commonwealth Government of Australia)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-26] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-21] (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @gpac/osmozilla,version=1.0 -> C:\Program Files (x86)\GPAC\nposmozilla.dll [2012-05-25] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-12-24] (LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2336595450-1870726247-16309641-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2336595450-1870726247-16309641-1000: facebook.com/fbDesktopPlugin -> C:\Users\Anthony\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\searchplugins\kickassto.xml [2014-12-27]
FF Extension: Download Unlimited - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\downloadunlimited@ideawide.com.xpi [2012-06-21] [not signed]
FF Extension: Multi Links - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\multilinks@plugin.xpi [2012-07-05] [not signed]
FF Extension: DownloadHelper - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-31] [not signed]
FF Extension: DownThemAll! - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-21] [not signed]
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-24] [not signed]
FF Extension: LastPass - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\support@lastpass.com [2015-12-24]
FF Extension: Wiktionary and Google Translate - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\googledictionary@toptip.ca.xpi [2014-11-20] [not signed]
FF Extension: Greasemonkey - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-12-15] [not signed]
FF Extension: S3.Google Translator - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\s3google@translator.xpi [2014-12-27] [not signed]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\adblockpopups@jessehakanen.net.xpi [2014-12-28] [not signed]
FF Extension: BetterPrivacy - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-12-31] [not signed]
FF Extension: Tab Mix Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-16] [not signed]
FF Extension: Tiny Menu - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}.xpi [2015-01-16] [not signed]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2015-07-03]
FF Extension: Bookmark Deduplicator - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\bookmarkdeduplicator@foxhatdev.xpi [2015-06-29]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-12-28] [not signed]
FF Extension: English (Australian) Dictionary - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\en-AU@dictionaries.addons.mozilla.org [2015-01-13] [not signed]
FF Extension: British English Dictionary (Updated) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\en-gb@flyingtophat.co.uk [2015-01-13] [not signed]
FF Extension: Australian English Dictionary - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\en_AU@dictionaries.addons.mozilla.org [2014-12-27] [not signed]
FF Extension: No Name - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\fbp@fbpurity.com.xpi [2014-12-15] [not signed]
FF Extension: LavaFox V2 - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\info@djzig.com [2014-12-27] [not signed]
FF Extension: CutThePPricee - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\iWrvlG@Rm61.edu [2015-08-11] [not signed]
FF Extension: No Name - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\jid1-9tZMAIdeuiEjHg@jetpack.xpi [2014-12-27] [not signed]
FF Extension: No Name - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-12-27] [not signed]
FF Extension: Auto-Sort Bookmarks - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\sortbookmarks@bouanto.xpi [2015-01-16] [not signed]
FF Extension: Türkçe Yazım Denetimi - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\tr-fix@dictionaries.addons.mozilla.org [2015-01-13] [not signed]
FF Extension: BlackFox V2 - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\zigboom@hotmail.com [2014-12-27] [not signed]
FF Extension: Download Status Bar - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-12-25] [not signed]
FF Extension: Adblock Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: Wondershare Player - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2013-10-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-11-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-11-09] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com.au/
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-12-25]
CHR Extension: (Sound Pirate) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\idleenniidjlnmnjkjmmnocnkmjibadd [2015-10-03]
CHR Extension: (Google Play) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-12-27]
CHR Extension: (AdBlock Pro) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-11-06]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2013-10-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-07-25] (Adobe Systems) [File not signed]
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1563664 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4507176 2015-07-24] (Binary Fortress Software)
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$MYMOVIES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation)
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [64512 2010-11-27] (Nalpeiron Ltd.) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2015-05-19] (The OpenVPN Project)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 USBSafelyRemoveService; C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [1521464 2013-03-13] (Crystal Rich Ltd)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2015-12-11] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2015-12-11] (AVG Technologies CZ, s.r.o.)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-04-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTunerService.exe [223600 2015-05-18] ()
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-03] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-03] (SlySoft, Inc.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-14] (Windows ® Win 7 DDK provider)
R1 hugoio64; C:\Program Files (x86)\i-Menu\hugoio64.sys [13856 2008-04-29] ()
S3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-10-31] (Microsoft Corporation)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 12\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MDRAID; C:\Windows\System32\DRIVERS\MDRAID.sys [188776 2013-08-01] (Mediafour Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 pfmfs_853; C:\Windows\System32\Drivers\pfmfs_853.sys [251128 2013-04-11] (Pismo Technic Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2015-08-28] (Duplex Secure Ltd.)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [346992 2009-12-15] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-15] (Anchorfree Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-11-23] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17408 2008-03-26] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\system32\DRIVERS\lgx64diag.sys [27136 2008-03-26] (LG Electronics Inc.)
S3 USBModem; C:\Windows\system32\DRIVERS\lgx64modem.sys [33792 2008-03-26] (LG Electronics Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2015-07-10] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2011-11-17] (Wondershare)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-03-17] (CyberLink Corp.)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 21:33 - 2015-12-28 21:34 - 00047408 _____ C:\Users\Anthony\Downloads\FRST.txt
2015-12-28 21:32 - 2015-12-28 21:33 - 00000000 ____D C:\FRST
2015-12-28 21:32 - 2015-12-28 21:32 - 02370560 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe
2015-12-28 21:29 - 2015-12-28 21:29 - 00016148 _____ C:\WINDOWS\system32\ANTHONY-PC_Anthony_HistoryPrediction.bin
2015-12-28 19:56 - 2015-12-28 19:56 - 00099429 _____ C:\Users\Anthony\Downloads\Hellraiser Pentalogy 720p BluRay x264.torrent
2015-12-28 19:56 - 2015-12-28 19:56 - 00068079 _____ C:\Users\Anthony\Downloads\Terry Pratchett Pack 720p BluRay 720p AC3 or DTS x264-LEGi0N.torrent
2015-12-28 19:50 - 2015-12-28 19:50 - 00665912 _____ C:\Users\Anthony\Downloads\Bill And Ted Duology & Ghostbusters Duology 720p MiXED x264 AAC-ViP3R.torrent
2015-12-28 19:48 - 2015-12-28 19:49 - 00020566 _____ C:\Users\Anthony\Downloads\Phantasm Quadrilogy (mpg) THC.torrent
2015-12-28 19:45 - 2015-12-28 19:45 - 00015513 _____ C:\Users\Anthony\Downloads\WISHMASTER.1.&.2.Double.Feature.dvdrip.WESTDENCO.torrent
2015-12-28 18:10 - 2015-12-28 18:10 - 00009596 _____ C:\Users\Anthony\Downloads\[kat.cr]carrie.2002.720p.brrip.x264.yify.torrent
2015-12-28 16:34 - 2015-12-28 16:34 - 00016003 _____ C:\Users\Anthony\Downloads\[kat.cr]hellbound.hellraiser.ii.uncut.1988.720p.brrip.x264.yify.torrent
2015-12-28 16:34 - 2015-12-28 16:34 - 00015963 _____ C:\Users\Anthony\Downloads\[kat.cr]hellraiser.iii.hell.on.earth.uncut.1992.720p.brrip.x264.yify.torrent
2015-12-28 16:33 - 2015-12-28 16:33 - 00017113 _____ C:\Users\Anthony\Downloads\[kat.cr]dawn.of.the.dead.2004.unrated.720p.brrip.yify.torrent
2015-12-28 16:33 - 2015-12-28 16:33 - 00016159 _____ C:\Users\Anthony\Downloads\[kat.cr]hellraiser.uncut.1987.720p.brrip.x264.yify.torrent
2015-12-28 16:32 - 2015-12-28 16:32 - 00018831 _____ C:\Users\Anthony\Downloads\[kat.cr]return.of.the.living.dead.complete.collection.divx.torrent
2015-12-28 16:28 - 2015-12-28 16:28 - 00012705 _____ C:\Users\Anthony\Downloads\Hotel Transylvania (2012) [720p] [YTS.AG].torrent
2015-12-28 16:26 - 2015-12-28 16:27 - 00030299 _____ C:\Users\Anthony\Downloads\Jerusalem (2013) [720p] [YTS.AG].torrent
2015-12-28 16:26 - 2015-12-28 16:26 - 00041238 _____ C:\Users\Anthony\Downloads\2010 (1984) [720p] [YTS.AG].torrent
2015-12-28 16:26 - 2015-12-28 16:26 - 00038970 _____ C:\Users\Anthony\Downloads\Extinction (2015) [720p] [YTS.AG].torrent
2015-12-28 16:26 - 2015-12-28 16:26 - 00017661 _____ C:\Users\Anthony\Downloads\Sinister (2012) [720p] [YTS.AG].torrent
2015-12-28 16:25 - 2015-12-28 16:25 - 00030075 _____ C:\Users\Anthony\Downloads\The Bad Education Movie (2015) [720p] [YTS.AG].torrent
2015-12-28 16:25 - 2015-12-28 16:25 - 00027707 _____ C:\Users\Anthony\Downloads\The Visit (2015) [720p] [YTS.AG].torrent
2015-12-28 16:24 - 2015-12-28 16:24 - 00032009 _____ C:\Users\Anthony\Downloads\Sinister 2 (2015) [720p] [YTS.AG].torrent
2015-12-28 16:24 - 2015-12-28 16:24 - 00027403 _____ C:\Users\Anthony\Downloads\Scouts Guide to the Zombie Apocalypse (2015) [720p] [YTS.AG].torrent
2015-12-28 16:24 - 2015-12-28 16:24 - 00027209 _____ C:\Users\Anthony\Downloads\Hotel Transylvania 2 (2015) [720p] [YTS.AG].torrent
2015-12-28 16:24 - 2015-12-28 16:24 - 00026203 _____ C:\Users\Anthony\Downloads\Night of the Wild (2015) [720p] [YTS.AG].torrent
2015-12-28 16:24 - 2015-12-28 16:24 - 00023127 _____ C:\Users\Anthony\Downloads\Star Leaf (2015) [720p] [YTS.AG].torrent
2015-12-28 16:18 - 2015-12-28 16:18 - 00003332 _____ C:\Users\Anthony\Downloads\[kat.cr]ash.vs.evil.dead.s01e09.webrip.x264.fum.ettv.torrent
2015-12-28 15:53 - 2015-12-28 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-28 15:53 - 2015-12-28 15:53 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-12-27 18:25 - 2015-12-27 18:25 - 00006698 _____ C:\TDSSKiller.3.1.0.9_27.12.2015_18.25.11_log.txt
2015-12-27 18:22 - 2015-12-27 18:32 - 00000000 ____D C:\AdwCleaner
2015-12-27 18:21 - 2015-12-27 18:22 - 00001714 _____ C:\Users\Anthony\Desktop\Rkill.txt
2015-12-26 08:18 - 2015-12-26 08:18 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\30817
2015-12-26 08:15 - 2015-12-26 08:16 - 00000000 ____D C:\Users\Anthony\Desktop\recode
2015-12-26 08:09 - 2015-12-26 08:09 - 00000000 ____D C:\Users\Anthony\Desktop\New folder
2015-12-25 16:08 - 2015-12-25 21:21 - 00000000 ____D C:\Users\Anthony\Desktop\Perplexer - Da Capo EP
2015-12-24 12:47 - 2015-12-24 12:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Leader Technologies
2015-12-24 06:27 - 2015-12-24 06:27 - 00000000 ____D C:\Users\Anthony\Desktop\King
2015-12-24 04:46 - 2015-12-27 18:25 - 00000022 _____ C:\Users\Anthony\Desktop\New Text Document.txt
2015-12-23 10:56 - 2015-12-23 10:56 - 00000000 ____D C:\Users\Anthony\DesktopSeafood Lovers Guide
2015-12-23 10:13 - 2015-12-25 15:18 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 10:13 - 2015-12-23 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 10:13 - 2015-12-23 10:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 10:13 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-23 10:13 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-23 10:13 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-23 00:52 - 2015-12-23 03:28 - 00000000 ____D C:\Users\Anthony\Desktop\VIDEO_TS
2015-12-22 15:54 - 2015-12-22 15:54 - 00000000 ____D C:\Users\Anthony\Documents\DVD Converter Ultimate
2015-12-20 18:43 - 2015-12-20 18:54 - 00007680 _____ C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-20 18:07 - 2015-12-20 18:07 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-12-19 18:51 - 2015-12-28 18:00 - 00000424 _____ C:\WINDOWS\Tasks\ConvertXtoDVD Update.job
2015-12-19 18:51 - 2015-12-19 18:51 - 00002982 _____ C:\WINDOWS\System32\Tasks\ConvertXtoDVD Update
2015-12-19 18:51 - 2015-12-19 18:51 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\ConvertXtoDVD
2015-12-19 14:36 - 2015-12-19 14:36 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2015-12-19 14:36 - 2015-12-19 14:36 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2015-12-16 07:20 - 2015-12-16 07:20 - 00000000 ____D C:\Users\Anthony\Documents\Ashampoo Burning Studio 16
2015-12-16 07:13 - 2015-12-16 07:13 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\wurst
2015-12-16 04:14 - 2015-12-11 15:33 - 00048552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll
2015-12-16 04:14 - 2015-12-11 15:33 - 00042408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\uxtuneup.dll
2015-12-16 04:14 - 2015-12-11 15:33 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-12-16 04:14 - 2015-12-11 15:33 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-12-16 04:13 - 2015-12-16 04:13 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2015-12-16 04:13 - 2015-12-16 04:13 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2015-12-16 04:13 - 2015-12-16 04:13 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2015-12-16 04:13 - 2015-12-16 04:13 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2015-12-15 18:51 - 2015-12-15 18:52 - 00000000 ____D C:\Users\Anthony\AppData\Local\MKVCleaver
2015-12-15 18:51 - 2015-12-15 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVCleaver x86
2015-12-15 18:51 - 2015-12-15 18:51 - 00000000 ____D C:\Program Files (x86)\MKVCleaver
2015-12-15 18:46 - 2015-12-15 18:46 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Faasoft Video Converter
2015-12-15 18:45 - 2015-12-15 18:45 - 00000000 ____D C:\Program Files (x86)\Faasoft
2015-12-13 22:56 - 2015-12-13 22:56 - 00000000 ____D C:\Users\Anthony\AppData\Local\bunkus.org
2015-12-13 22:55 - 2015-12-13 22:56 - 00000000 ____D C:\Program Files\MKVToolNix
2015-12-10 17:48 - 2015-12-10 17:48 - 00000000 __RHD C:\MSOCache
2015-12-10 16:52 - 2015-12-16 04:14 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-12-10 16:52 - 2015-12-11 15:39 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-12-10 16:52 - 2015-12-10 16:52 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\AVG
2015-12-10 16:50 - 2015-12-17 06:40 - 00000000 ____D C:\ProgramData\Avg
2015-12-10 16:49 - 2015-12-10 16:52 - 00000000 ____D C:\Users\Anthony\AppData\Local\AvgSetupLog
2015-12-09 18:16 - 2015-12-01 18:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 18:16 - 2015-12-01 17:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 18:16 - 2015-12-01 16:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 18:16 - 2015-12-01 16:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 18:16 - 2015-12-01 16:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 18:16 - 2015-12-01 16:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 18:16 - 2015-12-01 15:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 18:16 - 2015-11-25 16:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 18:16 - 2015-11-25 16:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 18:16 - 2015-11-25 16:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 18:16 - 2015-11-25 16:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 18:16 - 2015-11-25 16:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 18:16 - 2015-11-25 16:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 18:16 - 2015-11-25 16:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 18:16 - 2015-11-25 16:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 18:16 - 2015-11-25 16:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 18:16 - 2015-11-25 16:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 18:16 - 2015-11-25 16:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 18:16 - 2015-11-25 15:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 18:16 - 2015-11-25 15:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 18:16 - 2015-11-25 15:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 18:16 - 2015-11-25 15:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 18:16 - 2015-11-25 15:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 18:16 - 2015-11-25 15:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 18:16 - 2015-11-25 15:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 18:16 - 2015-11-25 15:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 18:16 - 2015-11-25 15:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 18:16 - 2015-11-25 15:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 18:16 - 2015-11-25 15:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 18:16 - 2015-11-25 15:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 18:16 - 2015-11-25 15:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 18:16 - 2015-11-25 15:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 18:16 - 2015-11-25 15:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 18:16 - 2015-11-25 15:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 18:16 - 2015-11-25 15:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 18:16 - 2015-11-25 15:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 18:16 - 2015-11-25 15:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 18:16 - 2015-11-25 15:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 18:16 - 2015-11-25 15:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 18:16 - 2015-11-25 15:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 18:16 - 2015-11-25 15:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 18:16 - 2015-11-25 15:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 18:16 - 2015-11-25 15:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 18:16 - 2015-11-25 15:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 18:16 - 2015-11-25 15:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 18:16 - 2015-11-25 15:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 18:16 - 2015-11-25 15:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 18:16 - 2015-11-25 15:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 18:16 - 2015-11-25 15:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 18:16 - 2015-11-25 15:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 18:16 - 2015-11-25 15:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 18:16 - 2015-11-25 15:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 18:16 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 18:16 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 18:16 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 18:16 - 2015-11-25 15:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 18:16 - 2015-11-25 15:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 18:16 - 2015-11-25 15:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 18:16 - 2015-11-25 15:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 18:16 - 2015-11-25 15:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 18:16 - 2015-11-25 15:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 18:16 - 2015-11-25 15:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 18:16 - 2015-11-25 15:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 18:16 - 2015-11-25 15:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 18:16 - 2015-11-25 15:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 18:16 - 2015-11-25 15:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 18:16 - 2015-11-25 15:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 18:16 - 2015-11-25 15:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 18:16 - 2015-11-25 15:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 18:16 - 2015-11-25 15:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 18:16 - 2015-11-25 15:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 18:16 - 2015-11-25 15:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 18:16 - 2015-11-25 15:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 18:16 - 2015-11-25 15:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 18:16 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 18:16 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 18:16 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 18:16 - 2015-11-25 15:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 18:16 - 2015-11-25 13:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 18:16 - 2015-11-25 13:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 18:47 - 2015-12-08 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-08 18:47 - 2015-12-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-07 22:47 - 2015-12-07 23:13 - 00000000 ____D C:\Users\Anthony\Ultimate
2015-12-07 22:47 - 2015-12-07 23:13 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\.Ultimate
2015-12-07 22:47 - 2015-12-07 22:47 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Ultimate
2015-12-07 22:47 - 2015-12-07 22:47 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\.decrypter
2015-12-07 22:47 - 2015-12-07 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epubor
2015-12-07 22:47 - 2015-12-07 22:47 - 00000000 ____D C:\Program Files (x86)\Epubor
2015-12-07 19:15 - 2015-12-07 19:15 - 00000000 ____D C:\Program Files\ReviverSoft
2015-12-05 10:43 - 2015-12-05 10:43 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\LG Electronics
2015-12-05 10:39 - 2008-03-26 15:55 - 00033792 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64modem.sys
2015-12-05 10:39 - 2008-03-26 15:55 - 00027136 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64diag.sys
2015-12-05 10:39 - 2008-03-26 15:55 - 00017408 _____ (LG Electronics Inc.) C:\WINDOWS\system32\Drivers\lgx64bus.sys
2015-12-05 10:38 - 2015-12-10 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite 2
2015-12-03 03:10 - 2015-12-03 03:10 - 00150440 _____ (SlySoft, Inc.) C:\WINDOWS\SysWOW64\Drivers\AnyDVD.sys
2015-12-03 03:10 - 2015-12-03 03:10 - 00150440 _____ (SlySoft, Inc.) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2015-11-30 23:31 - 2015-11-30 23:31 - 00095848 _____ (Elaborate Bytes AG) C:\WINDOWS\SysWOW64\ElbyCDIO.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 21:35 - 2015-07-14 00:12 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\uTorrent
2015-12-28 21:33 - 2015-07-10 20:05 - 00000000 ____D C:\Windows
2015-12-28 21:30 - 2012-08-08 20:00 - 00000000 ___RD C:\Users\Anthony\Desktop\Completed
2015-12-28 21:30 - 2012-07-26 20:37 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\MediaMonkey
2015-12-28 20:54 - 2012-08-08 19:56 - 00000000 ___RD C:\Users\Anthony\Desktop\Torrents
2015-12-28 19:54 - 2013-11-06 22:06 - 00000000 ____D C:\ProgramData\MFAData
2015-12-28 03:39 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-27 18:41 - 2015-11-03 11:15 - 00000000 ____D C:\ProgramData\purevpn
2015-12-27 18:36 - 2013-11-20 03:49 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\USBSafelyRemove
2015-12-27 18:35 - 2015-07-10 23:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-27 18:34 - 2015-07-10 20:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-27 12:00 - 2012-06-21 22:39 - 00000000 ___RD C:\Users\Anthony\Desktop\Audio
2015-12-26 23:44 - 2015-07-10 20:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-26 08:16 - 2013-09-04 07:31 - 00000975 _____ C:\WINDOWS\DVDShrink.txt
2015-12-26 08:04 - 2012-06-21 20:26 - 00000131 ___SH C:\ProgramData\.zreglib
2015-12-25 21:21 - 2012-06-24 17:44 - 00000000 ____D C:\Program Files (x86)\The GodFather
2015-12-25 11:21 - 2012-06-23 22:20 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\ObviousIdea
2015-12-25 11:02 - 2015-08-10 21:14 - 00847372 _____ C:\WINDOWS\system32\perfh01F.dat
2015-12-25 11:02 - 2015-08-10 21:14 - 00195320 _____ C:\WINDOWS\system32\perfc01F.dat
2015-12-25 11:02 - 2015-08-05 04:37 - 02105984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-25 11:02 - 2015-07-10 22:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-25 11:00 - 2012-06-21 22:40 - 00000000 ___RD C:\Users\Anthony\Desktop\PC
2015-12-24 12:48 - 2012-06-21 23:11 - 00000000 ____D C:\Users\Anthony\AppData\LocalLow\LastPass
2015-12-24 12:47 - 2014-10-15 13:25 - 00000000 __SHD C:\Users\Anthony\AppData\LocalLow\EmieUserList
2015-12-24 12:47 - 2014-10-15 13:25 - 00000000 __SHD C:\Users\Anthony\AppData\LocalLow\EmieSiteList
2015-12-24 01:50 - 2013-11-13 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-12-24 01:50 - 2012-07-26 20:37 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2015-12-24 00:28 - 2013-10-31 01:14 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-12-24 00:27 - 2013-10-31 01:14 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-12-24 00:27 - 2013-10-31 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-12-23 11:43 - 2012-06-21 22:38 - 00000000 ____D C:\ProgramData\TEMP
2015-12-23 10:56 - 2015-08-05 04:38 - 00000000 ____D C:\Users\Anthony
2015-12-23 10:25 - 2014-08-30 17:58 - 00000000 ___RD C:\Users\Anthony\Desktop\Stuff
2015-12-23 10:14 - 2013-09-08 19:03 - 00000000 ____D C:\Users\Anthony\AppData\Local\CrashDumps
2015-12-22 16:34 - 2015-07-10 22:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-22 15:59 - 2012-06-21 22:39 - 00000000 ___RD C:\Users\Anthony\Desktop\Video
2015-12-22 15:54 - 2012-12-07 20:56 - 00099384 _____ C:\Users\Anthony\AppData\Roaming\inst.exe
2015-12-22 15:54 - 2012-12-07 20:56 - 00082816 _____ (VSO Software) C:\Users\Anthony\AppData\Roaming\pcouffin.sys
2015-12-22 15:54 - 2012-12-07 20:56 - 00007859 _____ C:\Users\Anthony\AppData\Roaming\pcouffin.cat
2015-12-22 15:54 - 2012-12-07 20:56 - 00000000 ____D C:\ProgramData\VSO
2015-12-22 15:54 - 2012-11-02 19:27 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Vso
2015-12-22 15:54 - 2012-06-21 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-12-22 15:54 - 2012-06-21 21:27 - 00000000 ____D C:\Program Files (x86)\VSO
2015-12-20 23:10 - 2012-06-26 10:35 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\HandBrake
2015-12-20 18:07 - 2014-12-11 19:47 - 00000000 ____D C:\Program Files\Handbrake
2015-12-19 20:00 - 2015-04-27 19:15 - 00000000 ____D C:\Users\Anthony\Documents\ConvertXtoDVD
2015-12-16 07:20 - 2012-06-21 19:59 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Ashampoo
2015-12-16 07:20 - 2012-06-21 19:58 - 00000000 ____D C:\Users\Anthony\AppData\Local\ashampoo
2015-12-16 07:19 - 2012-06-22 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-12-16 07:18 - 2012-06-21 19:58 - 00000000 ____D C:\ProgramData\ashampoo
2015-12-16 07:18 - 2012-06-21 19:57 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2015-12-15 07:27 - 2012-12-22 00:31 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Skype
2015-12-15 00:47 - 2015-07-10 23:20 - 05880656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-13 22:56 - 2012-07-29 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2015-12-13 19:36 - 2008-05-06 17:36 - 00026880 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdcsam64.sys
2015-12-12 16:39 - 2014-06-03 00:56 - 00000000 __SHD C:\Users\Anthony\AppData\Local\EmieUserList
2015-12-12 16:39 - 2014-06-03 00:56 - 00000000 __SHD C:\Users\Anthony\AppData\Local\EmieSiteList
2015-12-11 23:47 - 2012-06-22 04:31 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\CDisplayEx
2015-12-11 23:46 - 2013-05-31 21:02 - 00000000 ____D C:\Users\Anthony\Documents\Comics
2015-12-11 13:24 - 2015-08-05 08:25 - 00000000 ____D C:\Users\Anthony\AppData\Local\Packages
2015-12-10 18:05 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-10 17:28 - 2012-08-25 17:30 - 00000000 ____D C:\Program Files (x86)\Corel
2015-12-10 17:23 - 2012-07-29 09:40 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\avidemux
2015-12-10 17:22 - 2012-12-08 13:33 - 00000000 ____D C:\Users\Anthony\Documents\AnyDVD_logs
2015-12-10 17:22 - 2012-11-21 00:20 - 00000000 ____D C:\ProgramData\DriverGenius
2015-12-10 17:22 - 2012-06-21 19:28 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Nero
2015-12-10 17:19 - 2015-07-10 20:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-10 16:52 - 2015-05-25 09:06 - 00000000 ____D C:\Users\Anthony\AppData\Local\Avg
2015-12-10 16:52 - 2013-11-06 22:31 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-10 07:31 - 2015-07-10 22:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 20:20 - 2015-07-10 21:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 20:19 - 2014-01-16 06:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 20:01 - 2012-07-08 20:43 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 14:39 - 2010-11-21 14:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 18:47 - 2015-09-20 11:40 - 00000000 ____D C:\Users\Anthony\AppData\Local\Skype
2015-12-08 18:47 - 2012-12-22 00:31 - 00000000 ____D C:\ProgramData\Skype
2015-12-05 10:48 - 2013-10-16 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2015-12-05 10:41 - 2012-06-21 22:41 - 00000000 ___RD C:\Users\Anthony\Desktop\Visual
2015-12-05 10:39 - 2012-06-20 12:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-04 18:44 - 2014-01-15 23:33 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\ComicTagger
2015-12-01 11:32 - 2015-07-10 22:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 11:32 - 2015-07-10 22:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-05-01 22:31 - 2013-05-01 22:31 - 0002913 _____ () C:\Program Files (x86)\Recipe Keeper Plus 9.0.lnk
2013-10-31 01:15 - 2015-12-24 00:28 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-12-07 20:56 - 2015-12-22 15:54 - 0099384 _____ () C:\Users\Anthony\AppData\Roaming\inst.exe
2012-12-07 20:56 - 2015-12-22 15:54 - 0007859 _____ () C:\Users\Anthony\AppData\Roaming\pcouffin.cat
2012-12-07 20:56 - 2015-12-22 15:54 - 0001167 _____ () C:\Users\Anthony\AppData\Roaming\pcouffin.inf
2012-12-07 20:56 - 2015-12-22 15:54 - 0000055 _____ () C:\Users\Anthony\AppData\Roaming\pcouffin.log
2012-12-07 20:56 - 2015-12-22 15:54 - 0082816 _____ (VSO Software) C:\Users\Anthony\AppData\Roaming\pcouffin.sys
2013-06-15 04:04 - 2015-10-10 17:04 - 0012561 _____ () C:\Users\Anthony\AppData\Roaming\SmarThruOptions.xml
2012-09-07 11:21 - 2011-12-22 15:15 - 0076407 _____ () C:\Users\Anthony\AppData\Roaming\Smiley.ico
2012-06-21 21:27 - 2014-09-20 20:46 - 0001189 _____ () C:\Users\Anthony\AppData\Roaming\vso_ts_preview.xml
2013-10-14 22:44 - 2013-10-14 22:44 - 0000037 ___SH () C:\Users\Anthony\AppData\Local\70149b02515b3bb20dd492.47983420
2013-09-25 08:01 - 2013-09-25 08:01 - 145672688 _____ () C:\Users\Anthony\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
2013-09-25 08:01 - 2013-09-25 08:01 - 0001817 _____ () C:\Users\Anthony\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
2015-12-20 18:43 - 2015-12-20 18:54 - 0007680 _____ () C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-24 00:52 - 2012-12-28 22:47 - 0000042 _____ () C:\Users\Anthony\AppData\Local\Images.fl
2012-06-29 21:00 - 2012-06-29 21:00 - 0004096 ____H () C:\Users\Anthony\AppData\Local\keyfile3.drm
2015-07-14 01:11 - 2015-07-14 01:11 - 0001218 _____ () C:\Users\Anthony\AppData\Local\recently-used.xbel
2014-10-09 15:35 - 2014-10-09 15:35 - 0000715 _____ () C:\Users\Anthony\AppData\Local\recently-used.xbel.VHW7MX
2012-07-04 18:27 - 2014-10-31 10:30 - 0007600 _____ () C:\Users\Anthony\AppData\Local\resmon.resmoncfg
2012-11-23 16:34 - 2012-11-23 16:48 - 0000700 ___SH () C:\Users\Anthony\AppData\Local\systemFL7.dat
2012-09-18 12:41 - 2012-09-18 12:41 - 0011512 _____ () C:\Users\Anthony\AppData\Local\Temp12.html
2012-09-12 23:33 - 2012-09-12 23:33 - 0012486 _____ () C:\Users\Anthony\AppData\Local\Temp18.html
2013-05-25 02:31 - 2013-05-25 02:31 - 0001955 _____ () C:\Users\Anthony\AppData\Local\Temp2.html
2013-05-25 02:31 - 2013-05-25 02:31 - 0002708 _____ () C:\Users\Anthony\AppData\Local\Temp3.html
2012-06-21 20:26 - 2015-12-26 08:04 - 0000131 ___SH () C:\ProgramData\.zreglib
2015-05-07 23:36 - 2015-05-07 23:36 - 0000261 _____ () C:\ProgramData\fontcacheev1.dat
2014-07-20 03:46 - 2014-07-20 03:46 - 0000184 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
ZeroAccess:
C:\Users\Anthony\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
Some files in TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Anthony\AppData\Local\Temp\MusicStudio.exe
C:\Users\Anthony\AppData\Local\Temp\sqlite3.dll
C:\Users\Anthony\AppData\Local\Temp\vsoConvertXtoDVD5_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 18:23
 
==================== End of FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 28 December 2015 - 10:34 AM


Remove this program in bold via the Control Panel > Programs and features applet.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC... (long line)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-2336595450-1870726247-16309641-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll [No File]
FF Extension: CutThePPricee - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\iWrvlG@Rm61.edu [2015-08-11] [not signed]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\qlf5r1fd.default\Extensions\iWrvlG@Rm61.edu
Task: {06249521-7210-4BE0-BDC1-22E598D5358C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0A2E01AF-58DD-4EAC-917E-69BDE7AAF125} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2ED1F7FB-9C5F-4FBD-9328-27009FE43D79} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3A8B81B4-A653-4713-9B9B-55E166BFE493} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {50B13047-5EDA-4402-8C93-397168D960DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {64F6D24E-0ACD-4397-BEC1-B23263F937B7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {67F88BE5-3799-446B-BDBF-16E2F384E8BC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {71B5C64C-8FC3-4C67-B259-77B60BBC2EBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {99081C09-A85A-4C59-B04E-3CDD2E5FAA93} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A692F4D8-606E-4C80-A011-CBCF9B929A3D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F4B56044-A632-4DD7-BD8D-7197B091C17A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:58D8F144
AlternateDataStreams: C:\ProgramData\TEMP:5F7539FF
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
StandardProfile\AuthorizedApplications: [Microsoft Windows Hosting Service] => C:\Users\Anthony\AppData\Local\Temp\csrss.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Please post the logs and let me know what problem persists.

#6 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 28 December 2015 - 09:06 PM

RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Anthony [Administrator]
Started from : C:\Users\Anthony\Downloads\RogueKiller.exe
Mode : Scan -- Date : 12/29/2015 13:04:46
 
¤¤¤ Processes : 1 ¤¤¤
[VT.Gen:Packer.RLPack.D.ik0@aifeaOpi] USBSafelyRemove.exe(6584) -- C:\Program 
 
Files (x86)\USB Safely Remove\USBSafelyRemove.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 13 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Systweak -> Found
[VT.Gen:Packer.RLPack.D.ik0@aifeaOpi] (X64) HKEY_LOCAL_MACHINE\Software
 
\Microsoft\Windows\CurrentVersion\Run | USB Safely Remove : C:\Program Files 
 
(x86)\USB Safely Remove\USBSafelyRemove.exe /startup [-][x] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
 
\Parameters | DhcpNameServer : 10.1.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters 
 
| DhcpNameServer : 10.1.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
 
\Parameters\Interfaces\{95da7fff-6f6f-4d72-8c15-da146352b4fd} | DhcpNameServer : 
 
10.0.0.138 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip
 
\Parameters\Interfaces\{98f5a6a1-686a-4eb4-a6c0-dd3bb3380ce0} | DhcpNameServer : 
 
10.1.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
 
\Parameters\Interfaces\{95da7fff-6f6f-4d72-8c15-da146352b4fd} | DhcpNameServer : 
 
10.0.0.138 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip
 
\Parameters\Interfaces\{98f5a6a1-686a-4eb4-a6c0-dd3bb3380ce0} | DhcpNameServer : 
 
10.1.1.1 ([X])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
 
\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
 
\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2336595450-1870726247-16309641-
 
1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | 
 
Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2336595450-1870726247-16309641-
 
1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | 
 
Start_TrackProgs : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][[[ADS]]] C:\Windows:nlsPreferences -> Found
 
¤¤¤ Hosts File : 5 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 
 
platform.wondershare.com127.0.0.1                   live.virtualdj.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   
 
asc55.iobit.com/check.php
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   
 
onhax.net/check.php
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.2                   
 
www.onhax.net/check.php
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.2                   
 
forum.onhax.net/check.php
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] b2b6651cee946bf7cbf284c98d581a03
[BSP] b0b3e246d889a867cccce99ee3fdcec4 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows 
 
Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953317 MB 
 
[Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic USB SD Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic USB CF Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic USB xD/SM Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic USB MS Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic Mini SD Reader +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 

Attached Files



#7 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 29 December 2015 - 08:18 AM

Also i tried that address and the text  file information ( i didnt save the pac file)  came back with this 

 

function FindProxyForURL(url, host) {
 
a = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (a.test(url)) { return "PROXY 93.190.137.240:8484" }
 
b = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (b.test(url)) { return "PROXY 93.190.137.240:8484" }
 
c = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (c.test(url)) { return "PROXY 93.190.137.240:8484" }
 
d = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (d.test(url)) { return "PROXY 93.190.137.240:8484" }
e = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (e.test(url)) { return "PROXY 93.190.137.240:8484" }
f = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (f.test(url)) { return "PROXY 93.190.137.240:8484" }
 
 
return "DIRECT";
 
}

Edited by antstorm, 29 December 2015 - 08:18 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 29 December 2015 - 08:46 AM

Please run the RogueKiller tool and fix everything.

The default settings will be restored.

Let me know what problem persist.

#9 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 29 December 2015 - 09:03 AM

ok will do 



#10 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 29 December 2015 - 09:51 AM

ran roguekiller , got it to delete everything it found and did a reboot , browser is a lot faster loading than it was , seconds instead of minutes 

but that   .pac thingy is still there , however use auto config is no longer ticked

Attached Files


Edited by antstorm, 29 December 2015 - 09:51 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 29 December 2015 - 03:34 PM

It may be there but not active.

 

If you select Use automatic Configuration script can you delete the Proxy.pac (the complete line)?

 

Then select the Automatic setting and click the OK button.

 

Restart the computer normally.



#12 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 29 December 2015 - 10:32 PM

It may be there but not active.

 

If you select Use automatic Configuration script can you delete the Proxy.pac (the complete line)?

 

Then select the Automatic setting and click the OK button.

 

Restart the computer normally.

nope , tried that and that Proxy.pac is still there , not ticked but still there , i ran  Adaware , AVG and Malwarebytes , they all have now come back clean 

im just a bit concerned that in the settings , those i posted above from Chrome , the apply button is always greyed out 

as you said , the pac may not be active , its still a concern though. 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:23 PM

Posted 30 December 2015 - 09:25 AM

We may be getting closer to a solution.
I have been informed by a member of the malwarebytes' team that ConvertXtoDVD is a compromised program that you may have installed or was it installed by a 3rd party program.
 
It is most important that they find the payload. It was in a \Temp folder but unfortunately the files in the folders were deleted.
 
Please think hard and try to remember from what site you downloaded this application.
Malwarebytes is looking for the payload so that it can be added to their removal tool.
Thank you for your support.
===
 
Now run this.
 
Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will  open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
 
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Task: {739C8141-CD8A-4F48-B645-19448FD9446E} - System32\Tasks\ConvertXtoDVD Update => Wscript.exe //nologo //B //E:jscript "C:\Users\Anthony\AppData\Roaming\ConvertXtoDVD\settings.ini" <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConvertXtoDVD Update.job => Wscript.exe W/nologo /B /E:jscript C:\Users\Anthony\AppData\Roaming\ConvertXtoDVD\settings.ini <==== ATTENTION
C:\WINDOWS\Tasks\ConvertXtoDVD Update.job
C:\WINDOWS\System32\Tasks\ConvertXtoDVD Update
C:\Users\Anthony\AppData\Roaming\ConvertXtoDVD
 
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
See if you can delete the proxy setting completely.
 
If you can please give us the Dowload link for the malware program.

#14 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 30 December 2015 - 11:58 AM

ConvertXtoDVD is a paid program i purchased from http://www.vso-software.fr/products/convert_x_to_dvd/

i ran your suggestion though just in case 

 

 

Attached Files


Edited by antstorm, 30 December 2015 - 12:12 PM.


#15 antstorm

antstorm
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 30 December 2015 - 12:16 PM

the registry settings in windows connections are now free of that "address " 

so is the chrome LAN settings 

 

 

 

Attached Files


Edited by antstorm, 30 December 2015 - 12:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users