Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All programs flicker and potentially lock up, ads/redirects as well


  • This topic is locked This topic is locked
23 replies to this topic

#1 Afatpenguin

Afatpenguin

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 24 January 2016 - 09:56 PM

Hello, my name is Matt

 

recently my computer has fallen victim to some sort of malware, it effects all programs, making them flicker in and out and sometimes flashing shots of background programs. It also added several adwares to my computer, which would generate links and place extra on site adds called capricornus. I used several programs already to try and remove the adware, as well as any other malware on my computer, and even though it has helped, it has not fixed the entire issue. I downloaded Rkill, ran the system, then downloaded and ran emsisoft, followed by downloading and running malwarebytes anti-malware, followed by hitman pro, followed by JRT, and finally followed by Zemana. Every single program found different results, and i took the recommended action for each program; however, my issue is still unresolved. The ads have almost completely stopped, but something is still making my program windows flicker in and out and sometimes crash, mostly my firefox browser. Please help me figure out what to do, i attached the logs as requested.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by penguin (administrator) on PENGUIN-PC (24-01-2016 21:42:57)
Running from C:\Users\penguin\Downloads
Loaded Profiles: penguin (Available Profiles: penguin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9234848 2016-01-06] (Emsisoft Ltd)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12720880 2016-01-20] (Zemana Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-11-30] (IObit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{4776E6D7-FB40-4CCD-B007-DF206E0DD00C}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2041872751-2221698952-250185442-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2041872751-2221698952-250185442-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\penguin\AppData\Roaming\Mozilla\Firefox\Profiles\hxf8a1z0.default-1453677587555
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-24] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2041872751-2221698952-250185442-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\penguin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-15]
CHR Extension: (Google Docs) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-15]
CHR Extension: (Google Drive) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Google Sheets) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-26]
CHR Extension: (Gmail) - C:\Users\penguin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10900888 2016-01-06] (Emsisoft Ltd)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12720880 2016-01-20] (Zemana Ltd.)
S2 VwcXktT; "C:\ProgramData\EvcfeEpdj\VwcXktT.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2015-04-16] (Motorola Solutions, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [41080 2016-01-24] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-16] (REALiX™)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [402136 2015-08-23] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [202144 2016-01-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [202144 2016-01-24] (Zemana Ltd.)
S1 bhxoiphu; \??\C:\windows\system32\drivers\bhxoiphu.sys [X]
S3 cpuz137; \??\C:\Users\penguin\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 21:42 - 2016-01-24 21:43 - 00018348 _____ C:\Users\penguin\Downloads\FRST.txt
2016-01-24 21:42 - 2016-01-24 21:42 - 00000000 ____D C:\FRST
2016-01-24 21:38 - 2016-01-24 21:39 - 02370560 _____ (Farbar) C:\Users\penguin\Downloads\FRST64.exe
2016-01-24 18:38 - 2016-01-24 21:35 - 00000000 ____D C:\Users\penguin\AppData\Local\CrashDumps
2016-01-24 18:34 - 2016-01-24 18:50 - 00012741 _____ C:\windows\ZAM.krnl.trace
2016-01-24 18:33 - 2016-01-24 18:38 - 00000984 _____ C:\windows\ZAM_Guard.krnl.trace
2016-01-24 18:33 - 2016-01-24 18:35 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-01-24 18:33 - 2016-01-24 18:33 - 00202144 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2016-01-24 18:33 - 2016-01-24 18:33 - 00202144 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2016-01-24 18:33 - 2016-01-24 18:33 - 00001150 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-01-24 18:33 - 2016-01-24 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-01-24 18:31 - 2016-01-24 18:31 - 05224592 _____ ( ) C:\Users\penguin\Downloads\Zemana.AntiMalware.Setup.exe
2016-01-24 18:31 - 2016-01-24 18:31 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-24 18:31 - 2016-01-24 18:31 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-24 18:31 - 2016-01-24 18:31 - 00000000 ____D C:\Users\penguin\AppData\Local\Zemana
2016-01-24 18:19 - 2016-01-24 18:19 - 00000000 ____D C:\Users\penguin\Desktop\Old Firefox Data
2016-01-24 17:42 - 2016-01-24 17:42 - 00041080 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2016-01-24 17:40 - 2016-01-24 17:40 - 00002022 _____ C:\windows\system32\.crusader
2016-01-24 17:10 - 2016-01-24 17:13 - 00000000 ____D C:\AdwCleaner
2016-01-24 17:08 - 2016-01-24 17:40 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-24 17:08 - 2016-01-24 17:08 - 11323704 _____ (SurfRight B.V.) C:\Users\penguin\Downloads\HitmanPro_x64.exe
2016-01-24 17:06 - 2016-01-24 17:06 - 10344184 _____ (SurfRight B.V.) C:\Users\penguin\Downloads\HitmanPro.exe
2016-01-24 17:04 - 2016-01-24 17:04 - 01505280 _____ C:\Users\penguin\Downloads\adwcleaner_5.030.exe
2016-01-24 16:58 - 2016-01-24 16:58 - 00000000 ____D C:\Users\penguin\.oracle_jre_usage
2016-01-24 16:55 - 2016-01-24 16:55 - 00002912 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_penguin
2016-01-24 16:50 - 2016-01-24 16:50 - 00000000 ____D C:\Users\penguin\AppData\Roaming\ProductData
2016-01-24 16:49 - 2016-01-24 17:40 - 00000000 ____D C:\ProgramData\ProductData
2016-01-24 16:45 - 2016-01-24 16:45 - 00003908 _____ C:\Users\penguin\Desktop\JRT.txt
2016-01-24 07:53 - 2016-01-24 07:53 - 01600184 _____ (Malwarebytes) C:\Users\penguin\Downloads\JRT.exe
2016-01-24 03:15 - 2016-01-24 03:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-01-24 03:15 - 2016-01-24 03:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-01-24 03:14 - 2016-01-24 03:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-24 03:14 - 2016-01-24 03:13 - 00110176 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2016-01-24 03:13 - 2016-01-24 03:13 - 00000000 ____D C:\ProgramData\Oracle
2016-01-24 03:12 - 2016-01-24 03:12 - 00000000 ____D C:\Program Files\Java
2016-01-24 03:04 - 2016-01-24 17:44 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 03:03 - 2016-01-24 03:03 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-24 03:03 - 2016-01-24 03:03 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-01-24 03:03 - 2016-01-24 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-24 03:03 - 2016-01-24 03:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-24 03:03 - 2016-01-24 03:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-24 03:03 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-01-24 03:03 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-01-24 03:03 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-01-24 03:02 - 2016-01-24 03:02 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-01-24 03:01 - 2016-01-24 03:01 - 22908888 _____ (Malwarebytes ) C:\Users\penguin\Downloads\mbam-setup-bc.1878-2.2.0.1024.exe
2016-01-24 03:00 - 2016-01-24 03:01 - 04010016 _____ (Secunia) C:\Users\penguin\Downloads\PSISetup.exe
2016-01-24 02:50 - 2016-01-24 02:50 - 00000000 ____D C:\ProgramData\Emsisoft
2016-01-24 02:32 - 2016-01-24 02:32 - 00000898 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-01-24 02:32 - 2016-01-24 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-01-24 02:31 - 2016-01-24 21:43 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-01-24 02:30 - 2016-01-24 02:30 - 205471992 _____ (Emsisoft Ltd. ) C:\Users\penguin\Downloads\EmsisoftAntiMalwareSetup.exe.exe
2016-01-24 02:29 - 2016-01-24 02:29 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\penguin\Downloads\rkill.exe
2016-01-24 02:29 - 2016-01-24 02:29 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\penguin\Downloads\rkill64.exe
2016-01-24 02:29 - 2016-01-24 02:29 - 00001930 _____ C:\Users\penguin\Desktop\Rkill.txt
2016-01-24 00:24 - 2016-01-24 00:24 - 00000000 ____D C:\windows\system32\MpEngineStore
2016-01-23 13:28 - 2016-01-23 13:29 - 148229904 _____ (Microsoft Corporation) C:\Users\penguin\Downloads\msert.exe
2016-01-23 13:09 - 2016-01-23 13:10 - 00000000 ____D C:\NPE
2016-01-23 13:06 - 2016-01-23 13:26 - 00000000 ____D C:\Users\penguin\AppData\Local\NPE
2016-01-23 13:06 - 2016-01-23 13:06 - 00000000 ____D C:\ProgramData\Norton
2016-01-23 13:05 - 2016-01-23 13:05 - 03088296 _____ (Symantec Corporation) C:\Users\penguin\Downloads\NPE.exe
2016-01-23 12:32 - 2016-01-23 12:32 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-01-23 12:31 - 2016-01-24 17:14 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-23 12:29 - 2016-01-23 12:30 - 161213656 _____ (AVAST Software) C:\Users\penguin\Downloads\avast_free_antivirus_setup.exe
2016-01-23 01:46 - 2016-01-23 01:46 - 00001415 _____ C:\Users\penguin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-22 23:35 - 2016-01-23 01:43 - 00000000 ____D C:\Users\penguin\.VirtualBox
2016-01-22 23:34 - 2016-01-23 02:00 - 00003430 _____ C:\windows\System32\Tasks\Amdlapoepa
2016-01-22 23:30 - 2016-01-22 23:30 - 00000000 _____ C:\windows\SysWOW64\bc11Y68dD2lLot9r0l
2016-01-22 23:28 - 2016-01-22 23:29 - 00000000 ____D C:\Users\penguin\AppData\Local\Tempfolder
2016-01-22 23:28 - 2016-01-22 23:28 - 00003346 _____ C:\windows\System32\Tasks\Yceat
2016-01-22 23:28 - 2016-01-22 23:28 - 00000000 ____D C:\windows\system32\quns
2016-01-16 02:23 - 2016-01-16 02:23 - 01026304 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2016-01-16 02:23 - 2016-01-16 02:23 - 00082544 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2016-01-16 02:11 - 2016-01-22 01:05 - 00002258 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-01-16 02:11 - 2016-01-16 02:11 - 00003188 _____ C:\windows\System32\Tasks\ASC9_PerformanceMonitor
2016-01-16 02:11 - 2016-01-16 02:11 - 00002876 _____ C:\windows\System32\Tasks\ASC9_SkipUac_penguin
2016-01-16 02:11 - 2016-01-16 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-01-16 02:11 - 2016-01-16 02:11 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-01-16 02:06 - 2016-01-16 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-01-13 00:37 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-13 00:37 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-13 00:37 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-13 00:37 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-13 00:37 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-13 00:37 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-13 00:37 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 00:37 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-13 00:37 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-13 00:37 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-13 00:37 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-13 00:37 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-13 00:37 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 00:37 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-13 00:37 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-13 00:37 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-13 00:37 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-13 00:37 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-13 00:37 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-13 00:37 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-13 00:37 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-13 00:37 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-13 00:37 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-13 00:37 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-13 00:37 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-13 00:37 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-13 00:37 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-13 00:37 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-13 00:37 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-13 00:37 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-13 00:37 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-13 00:36 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-01-13 00:36 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-01-13 00:36 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-13 00:36 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-01-13 00:36 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-01-13 00:36 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-01-13 00:36 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-01-13 00:36 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-13 00:36 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-01-13 00:36 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-01-13 00:36 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-01-13 00:36 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-13 00:36 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-01-13 00:36 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-01-13 00:36 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-01-13 00:36 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-13 00:36 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-13 00:36 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-01-13 00:36 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-01-13 00:36 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-01-13 00:36 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-01-13 00:36 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-01-13 00:36 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-01-13 00:36 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 00:36 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-01-13 00:36 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-13 00:36 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-13 00:36 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-01-13 00:36 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-01-13 00:36 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-01-13 00:36 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-01-13 00:36 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-01-13 00:36 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-01-13 00:36 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-01-13 00:36 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-01-13 00:36 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-01-13 00:36 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-01-13 00:36 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-13 00:36 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-01-13 00:36 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-01-13 00:36 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-01-13 00:36 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-13 00:36 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-01-13 00:36 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-01-13 00:36 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-01-13 00:36 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-01-13 00:36 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-13 00:36 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 00:36 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-01-13 00:36 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-01-13 00:36 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-01-13 00:36 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-13 00:36 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-01-13 00:36 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-13 00:36 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-01-13 00:36 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-13 00:36 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-01-13 00:36 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-01-13 00:36 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-13 00:36 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-13 00:36 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-13 00:36 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-13 00:36 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-13 00:36 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-13 00:36 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 00:36 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 00:36 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-13 00:36 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-13 00:36 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-13 00:36 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-13 00:36 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-13 00:36 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-13 00:36 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-13 00:36 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-13 00:36 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-13 00:36 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-13 00:36 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-13 00:36 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-13 00:36 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-13 00:36 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-13 00:36 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-13 00:36 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-13 00:36 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-13 00:36 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-13 00:36 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-01-13 00:35 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-13 00:35 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-13 00:35 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-01-13 00:35 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-13 00:35 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-01-13 00:35 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-01-13 00:35 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-01-13 00:35 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-01-13 00:35 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-01-13 00:35 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-01-13 00:35 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-01-13 00:35 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-01-13 00:35 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-01-13 00:35 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-13 00:35 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-01-13 00:35 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-13 00:35 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-01-13 00:35 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-01-13 00:35 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-01-13 00:35 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-01-13 00:35 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-01-13 00:35 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-01-13 00:35 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-01-13 00:35 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-01-13 00:35 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-01-13 00:35 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-01-13 00:35 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-13 00:35 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-01-13 00:35 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-01-13 00:35 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-13 00:35 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-01-13 00:35 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-01-13 00:35 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-01-13 00:35 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-01-13 00:35 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-01-13 00:35 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-01-13 00:35 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-01-13 00:35 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-13 00:35 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-01-13 00:35 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-13 00:35 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-01-13 00:35 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-01-13 00:35 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-01-13 00:35 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-01-13 00:35 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-01-13 00:35 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-01-13 00:35 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-01-13 00:35 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 00:35 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-10 17:37 - 2016-01-13 04:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-25 20:20 - 2015-12-25 20:20 - 00001108 _____ C:\Users\Public\Desktop\GS Auto Clicker.lnk
2015-12-25 20:20 - 2015-12-25 20:20 - 00000000 ____D C:\Users\penguin\Documents\AutomaticSolution Software
2015-12-25 20:20 - 2015-12-25 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GS Auto Clicker
2015-12-25 20:20 - 2015-12-25 20:20 - 00000000 ____D C:\Program Files (x86)\GSAutoClicker3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-24 21:42 - 2015-07-15 14:19 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-24 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS
2016-01-24 20:53 - 2009-07-13 23:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-24 20:53 - 2009-07-13 23:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-24 18:33 - 2014-08-16 13:22 - 00000000 ____D C:\Users\penguin\AppData\Local\Adobe
2016-01-24 17:44 - 2011-07-30 17:00 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-01-24 17:44 - 2011-07-30 17:00 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-01-24 17:44 - 2011-07-30 16:49 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-01-24 17:43 - 2015-07-15 14:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-24 17:42 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-24 17:00 - 2011-07-30 16:43 - 00000000 ____D C:\ProgramData\Skype
2016-01-24 16:58 - 2014-05-20 04:50 - 00000000 ____D C:\Users\penguin
2016-01-24 16:37 - 2014-10-14 00:44 - 00000000 ____D C:\Users\penguin\AppData\Roaming\IObit
2016-01-24 00:24 - 2011-07-30 15:57 - 00357888 _____ (Microsoft Corporation) C:\windows\system32\DNSAPI.dll
2016-01-24 00:24 - 2011-07-30 15:57 - 00270336 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2016-01-23 12:32 - 2015-11-15 15:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-23 02:03 - 2011-07-30 16:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage
2016-01-23 02:03 - 2011-07-30 16:35 - 00000000 ____D C:\Program Files (x86)\Dell Stage
2016-01-23 02:03 - 2011-07-30 16:24 - 00000000 ____D C:\ProgramData\Dell
2016-01-23 01:56 - 2014-10-14 00:45 - 00000000 ____D C:\ProgramData\IObit
2016-01-23 01:56 - 2014-10-14 00:45 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-23 01:47 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-23 01:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-01-22 22:56 - 2014-05-20 14:23 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-22 14:59 - 2014-07-18 20:58 - 00000000 ____D C:\Users\penguin\AppData\Roaming\SoftGrid Client
2016-01-16 02:32 - 2014-05-20 13:21 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-16 02:23 - 2011-07-30 16:21 - 00116304 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNUninst64.dll
2016-01-16 02:11 - 2014-10-14 00:45 - 00000000 ____D C:\Users\penguin\AppData\LocalLow\IObit
2016-01-16 01:57 - 2014-08-15 12:56 - 00000000 __SHD C:\Users\penguin\AppData\Local\EmieUserList
2016-01-16 01:57 - 2014-08-15 12:56 - 00000000 __SHD C:\Users\penguin\AppData\Local\EmieSiteList
2016-01-14 22:55 - 2015-06-23 13:08 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 20:44 - 2015-07-15 14:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-13 05:05 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2016-01-13 04:11 - 2009-07-14 00:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-13 04:06 - 2014-05-20 12:45 - 00000000 ____D C:\Users\penguin\AppData\Local\Deployment
2016-01-13 04:03 - 2014-07-19 11:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 04:03 - 2014-07-19 11:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 04:03 - 2014-05-20 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-13 04:03 - 2009-07-13 23:45 - 00294496 _____ C:\windows\system32\FNTCACHE.DAT
2016-01-13 04:00 - 2014-12-27 19:28 - 00000000 ____D C:\windows\system32\appraiser
2016-01-13 04:00 - 2014-05-22 13:44 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-13 03:17 - 2014-07-19 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 03:15 - 2014-08-31 17:41 - 00000000 ____D C:\windows\system32\MRT
2016-01-13 03:07 - 2014-08-31 17:41 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-12 14:40 - 2015-11-10 17:24 - 00000000 ____D C:\Users\penguin\Documents\majesty2
2016-01-05 01:39 - 2014-12-02 18:55 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2016-01-02 16:45 - 2014-05-20 12:49 - 00000000 ____D C:\Users\penguin\AppData\Local\Google
2016-01-01 23:33 - 2014-07-17 20:34 - 00000000 ____D C:\Users\penguin\AppData\Roaming\Curse Client
2015-12-31 20:54 - 2014-05-20 13:18 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2015-12-29 15:19 - 2009-07-14 00:08 - 00032622 _____ C:\windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-06-26 16:09 - 2015-10-16 19:47 - 0008704 _____ () C:\Users\penguin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-30 17:10 - 2015-03-30 17:19 - 0020328 _____ () C:\ProgramData\HirezPipeError.txt

Some files in TEMP:
====================
C:\Users\penguin\AppData\Local\Temp\cg291q8g.dll
C:\Users\penguin\AppData\Local\Temp\sqlite3.dll
C:\Users\penguin\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 16:37

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by penguin (2016-01-24 21:44:04)
Running from C:\Users\penguin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-20 09:50:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2041872751-2221698952-250185442-500 - Administrator - Disabled)
Guest (S-1-5-21-2041872751-2221698952-250185442-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2041872751-2221698952-250185442-1002 - Limited - Enabled)
penguin (S-1-5-21-2041872751-2221698952-250185442-1000 - Administrator - Enabled) => C:\Users\penguin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Out of date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden
AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.)
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
Heroes of Might & Magic V (HKLM-x32\...\Steam App 15170) (Version:  - Nival)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\Steam App 15380) (Version:  - Nival)
Heroes of Might & Magic V: Tribes of the East (HKLM-x32\...\Steam App 15370) (Version:  - Nival)
Heroes of Newerth (HKLM-x32\...\hon) (Version: 2.3.0 - S2 Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.3 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.37 - IObit)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Majesty 2 Collection (HKLM-x32\...\Steam App 73020) (Version:  - 1C:InoCo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM-x32\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Colonization (HKLM-x32\...\Steam App 16810) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Warlords (HKLM-x32\...\Steam App 3990) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.21.3183.0 - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Unity (HKLM-x32\...\Unity) (Version: 5.2.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\UnityWebPlayer) (Version: 5.2.2f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.844 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F2C7FD9-E24E-48F6-AE22-BB3A7F02E624} - \DNSDOURO -> No File <==== ATTENTION
Task: {221C5731-3F3F-424D-A743-FAF9F5C945E5} - System32\Tasks\ASC9_SkipUac_penguin => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-11-30] (IObit)
Task: {23379092-DB31-422A-85D3-C253CE964E77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {29457B5D-EFFC-42C3-88A8-27135884E88F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {30537F0F-68F4-4B0F-8A99-B2D6F9A6758F} - System32\Tasks\Yceat => C:\PROGRA~1\SHOPPE~1\Anuundol.bat
Task: {4462EADA-2DD6-4C1B-A7B3-841BBD1E2536} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4DF46CE4-35E3-4D7F-BBFE-7B6E7DD87EB9} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {55652780-C11B-4C81-9770-32BDFB81FDCF} - \SushiLeads -> No File <==== ATTENTION
Task: {5665BC16-2B92-4195-951D-CECBEEB0C96F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {56DA1623-0EA3-476A-AE78-198591FB9CCB} - \SecurityApps2 -> No File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6AACB5D9-E41E-4B9D-A3BC-0DA1EEA15B78} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {6E082DA6-53B3-4ACD-A789-327D2B4EDDDA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {7AD34244-E6F2-4A85-BE63-E6C4E657D941} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {868BDE8C-385D-4E9D-A565-19F2423B952D} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {9740B398-2DB0-4002-9F73-B6DFDC5D8B96} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {9F796328-9B6E-4579-94BF-8B510D96AF26} - System32\Tasks\Amdlapoepa => C:\ProgramData\Amdlapoepa\1.0.7.1\vsuahcel.exe
Task: {BD291161-208F-40CF-A34D-97FF48F9C17A} - \boosterpop -> No File <==== ATTENTION
Task: {C082BDC7-3C68-431C-8C45-CD4E1EFD9199} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2015-12-03] (IObit)
Task: {D3BB0C5F-B832-4A96-B763-DCA7B27DE688} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {D9BA5AE7-3866-45A6-89B7-F7320E0B1140} - System32\Tasks\Uninstaller_SkipUac_penguin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-10-30] (IObit)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E4DCF43A-DAF2-44DD-ADA0-010CDD3272F7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-23] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-07-30 16:49 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-12-17 13:53 - 2010-12-17 13:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-30 18:28 - 2011-04-10 13:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2015-11-16 03:18 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2016-01-16 02:11 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-01-16 02:11 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-01-16 02:11 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2014-05-20 14:23 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-20 14:23 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-20 14:23 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-20 14:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-20 14:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-16 02:11 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2016-01-16 02:11 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2015-04-16 14:21 - 2015-09-21 10:49 - 00348960 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-04-16 14:21 - 2015-09-21 10:49 - 00183584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-04-16 14:21 - 2015-09-21 10:49 - 00050976 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-11-16 03:18 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-11-16 03:18 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-11-16 03:18 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2014-10-16 12:25 - 2014-10-16 12:25 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-07-30 16:07 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2041872751-2221698952-250185442-1000\...\1-se.com -> 1-se.com

There are 11404 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-23 02:57 - 00450833 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2041872751-2221698952-250185442-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\penguin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: laktrd =>
MSCONFIG\startupreg: SpaceSoundPro =>
MSCONFIG\startupreg: Windi =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F9DC93A6-11B7-4202-BF76-28905FD2C6DE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{034163DF-92B0-4092-81F0-E7447784EEA6}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{E2A46050-B77E-449B-B419-EB2CBE47A93E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{ECAAB747-E18A-4A03-BB53-127704082092}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{94278EFA-20B5-4207-AFFF-3E0F7F93DBAC}] => (Allow) LPort=2869
FirewallRules: [{1AB88373-0320-45EE-985D-00AD3213B496}] => (Allow) LPort=1900
FirewallRules: [{52D79E54-4DF5-4AF9-A83A-6985883F88CE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{3C9EAC3D-8B45-4251-A463-6B77992B6D1C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A80346D7-A937-4801-90C2-9E77EFA07B8B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{81C94F07-2185-4A46-B4F5-8B3A083F47F6}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{6FA5EC50-410C-4436-96CC-1A20A5C74A2B}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{5D288087-8927-4EE3-B0CD-567D077D672A}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{473FC960-A13C-4FA3-84A3-BAFFF1E256A3}C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Block) C:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{F36706E2-67D2-406A-944C-67EF4E07340A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\heroes of might and magic 5\bina1\testapp.exe
FirewallRules: [{5F7269A9-0D05-462D-9C1C-06C5C43B883E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\heroes of might and magic 5\bina1\testapp.exe
FirewallRules: [{301881C2-5A02-419F-A51A-E75002772791}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe
FirewallRules: [{30870CBA-2655-4EA0-84EB-738F499BDC2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes of Might and Magic 5 Tribes of the East\bin\H5_Game.exe
FirewallRules: [{B25BACB2-91B4-4C3F-8E2B-6194E77B18A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\heroes of might and magic 5\bin\H5_Game.exe
FirewallRules: [{F33C8A99-CF78-41C0-A8EB-E294DB351547}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\heroes of might and magic 5\bin\H5_Game.exe
FirewallRules: [{4E464D2F-ABB3-4AEF-86E6-01EF439531E4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA6F205E-C1A2-4898-B7C9-8A6533CE4C2F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7072E17D-1188-4F88-B251-111DE2CDAA0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{50299D75-3418-45F4-B9EF-36481E0348AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{46FE1CC5-66FB-4050-8C2F-3D813404F42A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{F61C4FEF-9EC2-49AE-A6DB-11ABF2E7CA8A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{D1705770-558E-49AB-A957-684634AD93CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{6369CE9E-3C17-45D9-8785-40F18F02A764}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{53277813-5404-4C56-B566-32530D38397A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C412BF2-30F9-4AC2-8790-B08AA45FFD08}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F7D0FBF-41B7-4831-98B4-151D69A9D6AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{A07A4792-4309-40F9-A376-9E96E5110AF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{60D9C4ED-7187-4CE0-BD06-95EF1CAC7365}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{BA478332-7DE4-4406-A4DD-EFB0758DF50D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{6BF01CDF-E37B-4416-8598-55E1999B73B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{A8E339C3-6244-4AC1-B7DA-E5EB40A33E37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{86844BF2-627A-47CA-9032-8DD6D2B6B0CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{75484802-88B9-43B7-A972-394A4D86D959}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3DCBAEAC-B055-4E41-965C-41EDFEC7B0A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96504F29-510E-49A1-99A7-10A6E9335091}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C080A6A6-6516-424C-88C2-E5929774924F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{557DA560-FE88-4557-B7FF-CD1C81C9FF98}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{D9AAF666-7F32-410A-ACDA-B382B1DBAB84}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7FCC730D-A687-4767-B143-B33E3DD01B46}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [{02481BF3-4ECC-4CAF-8C29-905061E41473}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\Majesty2.exe
FirewallRules: [{6139E1E6-B158-481A-AA60-455ADD8321A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\Majesty2.exe
FirewallRules: [{4C071FE5-7C01-431E-9723-C14276AC9EA2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe
FirewallRules: [{91B1111E-DB71-4C19-B8E8-72C8F512DF26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Majesty 2 Collection\M2Editor.exe
FirewallRules: [{A18273BC-5A09-4F10-9B9D-A1CB3D1C1642}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A285F1CF-BE87-40F5-A037-08707A3F2929}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{52C1BCAA-698C-4039-A714-4DFBB4CE4250}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{485EA8E6-543E-4410-B239-2E3798E45F84}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{E59F0E8D-D199-468C-9F9F-455D98910EA1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3D0CCA3C-D529-40D9-B852-F71A2C5BCC48}] => (Allow) C:\windows\system32\rundll32.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

16-01-2016 02:20:57 Driver Booster : Realtek PCIe FE Family Controller
22-01-2016 23:32:19 Device Driver Package Install: Oracle Corporation Universal Serial Bus controllers
22-01-2016 23:33:53 Device Driver Package Install: Oracle Corporation Network adapters
22-01-2016 23:34:37 Device Driver Package Install: Oracle Corporation Network Service
23-01-2016 03:49:30 Chrome Cleanup Tool
23-01-2016 12:43:10 ASU_MSI_TRAN
23-01-2016 13:16:51 Norton_Power_Eraser_20160123131648642
24-01-2016 07:54:22 JRT Pre-Junkware Removal
24-01-2016 17:38:48 Checkpoint by HitmanPro
24-01-2016 17:40:11 Checkpoint by HitmanPro
24-01-2016 21:32:38 Zemana AntiMalware 1/24/2016 9:32:37 PM

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2016 09:35:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0xf4c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/24/2016 09:35:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dd8

Start Time: 01d15718cf97e940

Termination Time: 10

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 3c927758-c30c-11e5-aee2-ac7289302cb6

Error: (01/24/2016 06:38:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1660
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/24/2016 06:38:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 43.0.4.5848 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 664

Start Time: 01d156ff9f20a6f3

Termination Time: 15

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8ad81223-c2f3-11e5-aee2-ac7289302cb6

Error: (01/24/2016 05:54:28 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (01/24/2016 05:44:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/24/2016 05:40:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.3.39.94, time stamp: 0x535a5192
Faulting module name: KERNELBASE.dll, version: 6.1.7601.19110, time stamp: 0x56842600
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1474
Faulting application start time: 0xSDUpdate.exe0
Faulting application path: SDUpdate.exe1
Faulting module path: SDUpdate.exe2
Report Id: SDUpdate.exe3

Error: (01/24/2016 05:40:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000001D3F210.72).  hr = 0x80070005, Access is denied.
.

Error: (01/24/2016 05:40:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0000000014CAE100.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {27d864fa-7b43-41ed-9464-127d6ad484f8}

Error: (01/24/2016 05:40:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007a0,(null),0,REG_BINARY,0000000000D9E430.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {d76c65c5-51f2-4d26-b3e3-52ac958b39ec}


System errors:
=============
Error: (01/24/2016 05:44:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (01/24/2016 05:44:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VwcXktT service failed to start due to the following error:
%%2

Error: (01/24/2016 05:43:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.

Error: (01/24/2016 05:42:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Event Log service failed to start due to the following error:
%%1053

Error: (01/24/2016 05:42:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.

Error: (01/24/2016 05:42:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (01/24/2016 05:40:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/24/2016 05:40:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (01/24/2016 05:17:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
VBoxNetAdp

Error: (01/24/2016 05:17:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VwcXktT service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
  Date: 2016-01-23 01:42:20.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:42:20.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:38:24.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:38:15.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:38:15.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:37:32.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:37:32.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:37:02.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:37:02.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-23 01:36:43.309
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 56%
Total physical RAM: 4003.16 MB
Available physical RAM: 1728.59 MB
Total Virtual: 8004.54 MB
Available Virtual: 4910.33 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:160.11 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 99115A5F)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Afatpenguin, 24 January 2016 - 09:59 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 29 January 2016 - 03:17 PM

Greetings Matt and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Advanced SystemCare 9
IObit Malware Fighter 3
IObit Uninstaller
Spybot - Search and Destroy

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S2 VwcXktT; "C:\ProgramData\EvcfeEpdj\VwcXktT.exe" [X]
C:\ProgramData\EvcfeEpdj
S1 bhxoiphu; \??\C:\windows\system32\drivers\bhxoiphu.sys [X]
S3 cpuz137; \??\C:\Users\penguin\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
2016-01-22 23:34 - 2016-01-23 02:00 - 00003430 _____ C:\windows\System32\Tasks\Amdlapoepa
2016-01-22 23:30 - 2016-01-22 23:30 - 00000000 _____ C:\windows\SysWOW64\bc11Y68dD2lLot9r0l
2016-01-22 23:28 - 2016-01-22 23:29 - 00000000 ____D C:\Users\penguin\AppData\Local\Tempfolder
2016-01-22 23:28 - 2016-01-22 23:28 - 00003346 _____ C:\windows\System32\Tasks\Yceat
2016-01-22 23:28 - 2016-01-22 23:28 - 00000000 ____D C:\windows\system32\quns
2016-01-16 02:11 - 2016-01-16 02:11 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
C:\Users\penguin\AppData\Local\Temp\cg291q8g.dll
C:\Users\penguin\AppData\Local\Temp\sqlite3.dll
C:\Users\penguin\AppData\Local\Temp\Uninstall.exe
Task: {0F2C7FD9-E24E-48F6-AE22-BB3A7F02E624} - \DNSDOURO -> No File <==== ATTENTION
Task: {221C5731-3F3F-424D-A743-FAF9F5C945E5} - System32\Tasks\ASC9_SkipUac_penguin => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-11-30] (IObit)
Task: {30537F0F-68F4-4B0F-8A99-B2D6F9A6758F} - System32\Tasks\Yceat => C:\PROGRA~1\SHOPPE~1\Anuundol.bat
C:\PROGRA~1\SHOPPE~1
Task: {55652780-C11B-4C81-9770-32BDFB81FDCF} - \SushiLeads -> No File <==== ATTENTION
Task: {56DA1623-0EA3-476A-AE78-198591FB9CCB} - \SecurityApps2 -> No File <==== ATTENTION
Task: {9F796328-9B6E-4579-94BF-8B510D96AF26} - System32\Tasks\Amdlapoepa => C:\ProgramData\Amdlapoepa
Task: {BD291161-208F-40CF-A34D-97FF48F9C17A} - \boosterpop -> No File <==== ATTENTION
Reg: reg query " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 29 January 2016 - 03:49 PM

Hi Oh my, matt here,

 

I uninstalled the programs like asked, though i dont completely understand why, those programs had helped me out before, but i assume you had a reason so i did it. Ran the fixlist like asked, posted the log below. I also attached the system information as asked, it took a very long time to save the information. i zipped the file and attached it as requested. computer is still flashing, mostly when i run any internet browser and have any ads, flash, or java running on it. thanks for the help!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by penguin (2016-01-29 15:41:12) Run:1
Running from C:\Users\penguin\Desktop
Loaded Profiles: penguin (Available Profiles: penguin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S2 VwcXktT; "C:\ProgramData\EvcfeEpdj\VwcXktT.exe" [X]
C:\ProgramData\EvcfeEpdj
S1 bhxoiphu; \??\C:\windows\system32\drivers\bhxoiphu.sys [X]
S3 cpuz137; \??\C:\Users\penguin\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
2016-01-22 23:34 - 2016-01-23 02:00 - 00003430 _____ C:\windows\System32\Tasks\Amdlapoepa
2016-01-22 23:30 - 2016-01-22 23:30 - 00000000 _____ C:\windows\SysWOW64\bc11Y68dD2lLot9r0l
2016-01-22 23:28 - 2016-01-22 23:29 - 00000000 ____D C:\Users\penguin\AppData\Local\Tempfolder
2016-01-22 23:28 - 2016-01-22 23:28 - 00003346 _____ C:\windows\System32\Tasks\Yceat
2016-01-22 23:28 - 2016-01-22 23:28 - 00000000 ____D C:\windows\system32\quns
2016-01-16 02:11 - 2016-01-16 02:11 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
C:\Users\penguin\AppData\Local\Temp\cg291q8g.dll
C:\Users\penguin\AppData\Local\Temp\sqlite3.dll
C:\Users\penguin\AppData\Local\Temp\Uninstall.exe
Task: {0F2C7FD9-E24E-48F6-AE22-BB3A7F02E624} - \DNSDOURO -> No File <==== ATTENTION
Task: {221C5731-3F3F-424D-A743-FAF9F5C945E5} - System32\Tasks\ASC9_SkipUac_penguin => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-11-30] (IObit)
Task: {30537F0F-68F4-4B0F-8A99-B2D6F9A6758F} - System32\Tasks\Yceat => C:\PROGRA~1\SHOPPE~1\Anuundol.bat
C:\PROGRA~1\SHOPPE~1
Task: {55652780-C11B-4C81-9770-32BDFB81FDCF} - \SushiLeads -> No File <==== ATTENTION
Task: {56DA1623-0EA3-476A-AE78-198591FB9CCB} - \SecurityApps2 -> No File <==== ATTENTION
Task: {9F796328-9B6E-4579-94BF-8B510D96AF26} - System32\Tasks\Amdlapoepa => C:\ProgramData\Amdlapoepa
Task: {BD291161-208F-40CF-A34D-97FF48F9C17A} - \boosterpop -> No File <==== ATTENTION
Reg: reg query " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
*****************

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
VwcXktT => service removed successfully
"C:\ProgramData\EvcfeEpdj" => not found.
bhxoiphu => service removed successfully
cpuz137 => service removed successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => service removed successfully
C:\windows\System32\Tasks\Amdlapoepa => moved successfully
C:\windows\SysWOW64\bc11Y68dD2lLot9r0l => moved successfully
C:\Users\penguin\AppData\Local\Tempfolder => moved successfully
C:\windows\System32\Tasks\Yceat => moved successfully
C:\windows\system32\quns => moved successfully
C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} => moved successfully
C:\Users\penguin\AppData\Local\Temp\cg291q8g.dll => moved successfully
C:\Users\penguin\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\penguin\AppData\Local\Temp\Uninstall.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0F2C7FD9-E24E-48F6-AE22-BB3A7F02E624}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F2C7FD9-E24E-48F6-AE22-BB3A7F02E624}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSDOURO => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{221C5731-3F3F-424D-A743-FAF9F5C945E5} => key not found.
C:\windows\System32\Tasks\ASC9_SkipUac_penguin => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_penguin => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30537F0F-68F4-4B0F-8A99-B2D6F9A6758F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30537F0F-68F4-4B0F-8A99-B2D6F9A6758F}" => key removed successfully
C:\windows\System32\Tasks\Yceat => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yceat" => key removed successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55652780-C11B-4C81-9770-32BDFB81FDCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55652780-C11B-4C81-9770-32BDFB81FDCF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56DA1623-0EA3-476A-AE78-198591FB9CCB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56DA1623-0EA3-476A-AE78-198591FB9CCB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9F796328-9B6E-4579-94BF-8B510D96AF26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F796328-9B6E-4579-94BF-8B510D96AF26}" => key removed successfully
C:\windows\System32\Tasks\Amdlapoepa => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Amdlapoepa" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD291161-208F-40CF-A34D-97FF48F9C17A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD291161-208F-40CF-A34D-97FF48F9C17A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop => key not found.

========= reg query " HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" =========


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\laktrd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpaceSoundPro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windi


========= End of Reg: =========


==== End of Fixlog 15:41:23 ====

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 29 January 2016 - 04:14 PM

Hi Matt,

You can reinstall those programs once we are done but I wanted to get them out of the way while we figure out what is going on with your computer. Those programs can cause some system issues.

Can you tell me if you have the same issue while in Safe Mode with Networking?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 29 January 2016 - 06:11 PM

I am at work right now, but I will be able to tell you tomorrow :)

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 29 January 2016 - 06:12 PM

No problem, thanks for the note.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 31 January 2016 - 09:26 AM

Sorry for the late reply, lost internet for a day :/ it does not happen while I'm in safe mode, but it still persists in normal mode...
Sorry for the late reply, lost internet for a day :/ it does not happen while I'm in safe mode, but it still persists in normal mode...
Sorry for the late reply, lost internet for a day :/ it does not happen while I'm in safe mode, but it still persists in normal mode...
Sorry for the late reply, lost internet for a day :/ it does not happen while I'm in safe mode, but it still persists in normal mode...
Sorry for the late reply, lost internet for a day :/ it does not happen while I'm in safe mode, but it still persists in normal mode...
Sorry for the late reply, lost internet for a day :/ it does not flicker while in safe mode, only while in normal mode

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 31 January 2016 - 03:42 PM

Thanks for the update.

Please do this.

===================================================

Using Low Resolution Video From Advanced Startup Options Screen - Windows 7/Vista

--------------------
  • Restart your computer
  • Press F8 until you are presented with the Advanced Startup Options menu
  • Using the down arrow select Enable low resolution video and press Enter
  • Boot your computer into Normal Mode and check the video performance
  • Your screen resolution may look different as if it was in Safe Mode, that is normal
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 31 January 2016 - 05:12 PM

hello again,

 

no that did not help, my firefox browser still flickered, and it seems to happen mostly on sites with alot of ads, especially ones that play movies or moving animations...



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 31 January 2016 - 06:00 PM

Does it still flicker if you are running a program other than Firefox?

Please do this after you reboot normally.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Programs other than Firefox?
  • Clean Boot results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 12:26 PM

hey!

 

so it only does the flickering with my firefox now, but it still is doing it even after rebooting with your instructions. also, my computer still seems more bogged down than usual, taking longer to load up most programs and not being able to continually run most games i have on my computer.

 

again, thanks for the help :)



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 01 February 2016 - 02:20 PM

OK thank you, please do this.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Please report how Firefox is running
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 01 February 2016 - 03:10 PM

Still flickering, but on a lesser scale, doesn't seem to lock up and crash like before, and only flickers when i first load up a page that contains flash elements or ads, then seems to be alright.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:38 AM

Posted 01 February 2016 - 04:16 PM

Thanks, please do this.

===================================================

Disabling Hardware Acceleration in Firefox

--------------------
  • Launch Firefox
  • Copy and paste the following in the address bar then hit Enter

about:preferences#advanced

  • Click the General tab
  • Under Browsing uncheck Use hardware acceleration when available
  • Click OK, then restart Firefox
  • Check your browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Afatpenguin

Afatpenguin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 02 February 2016 - 01:55 PM

yeah that helped alot! sorry, i was at work last night/this morning. i dont see any flickering anymore, but im just hoping im not being optimistic






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users