Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

firefox browser hijack redirecting


  • This topic is locked This topic is locked
19 replies to this topic

#1 frost1977

frost1977

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 28 January 2016 - 12:30 PM

1st my tech support understanding of computers is limited.

 

my fire fox browser about every 1 in 3 to 5 clicks will try to redirect me to another web side a lot of them are clean up my computer sites, some of them are the dirty stuff that I do not want on my system,  I can just click in the yahoo search text box trying to look something up and it will try to redirect me, or a pop up I have to back space then I can do my search, the adblocker plus and script blocker add ons I have for firefox does stop most pages from loading all the way but it is still something I would like to fix.

 

also when I switch to the video or image section after a search I get this chunk of ads at the top

 

does the same with chrome which I have since unistalled since I never use it.

 

MS explore is clean.

 

I have tried malware bytes ,and while it removed a lot the problem is still there, also cc cleaner, panda (no longer installed) and avast both malware and avast free versions I run all the time.

 

I have windows 8.1

my internet conection is wired no wifi, I have a Ethernet outlet from the phonebox into the study  I run from that into a splitter box one in and 2 out , and use powerline adaptors to get wired internet into the room where the main computer

 

http://cdn.adservingsolutionsinc.com/  that is an example of where it tries to send me, any help would be appreciated, bare in mind I need baby step through the process.



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 28 January 2016 - 08:55 PM

Greetings frost1977 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 January 2016 - 10:47 PM

# AdwCleaner v5.031 - Logfile created 29/01/2016 at 21:17:50
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : UserPC - USER
# Running from : C:\Users\UserPC\AppData\Local\Microsoft\Windows\INetCache\IE\NYZ0JRZK\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\ShopperPro
[-] Folder Deleted : C:\Program Files (x86)\Tweaks
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaks
[-] Folder Deleted : C:\Users\UserPC\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbfamljbihbcghcciagdafdpbgcmkne
[-] Folder Deleted : C:\Users\UserPC\AppData\Local\Installer\Install_24748
[-] Folder Deleted : C:\Users\UserPC\AppData\Roaming\Search Protection

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\my.cfg
[-] File Deleted : C:\Users\Public\Desktop\File Extractor.lnk
[-] File Deleted : C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage
[-] File Deleted : C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.terraclicks.com_0.localstorage-journal
[-] File Deleted : C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\Extensions\browserprotect@browserprotect.com.xpi

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : YTDownloader

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Lightspark Team
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Extractor Packages
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks File Extractor
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\iWebar
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\palikan.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.palikan.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1

***** [ Web browsers ] *****

[-] [C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Search The Web
[-] [C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : palikan.com
[-] [C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : obbfamljbihbcghcciagdafdpbgcmkne
[-] [C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.palikan.com/?f=1&a=plk_ir_15_45&cd=2XzuyEtN2Y1L1QzuyByE0DyEtAyDzztD0D0CyE0D0EtBzytAtN0D0Tzu0StCyEtDtBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyB0Fzy0EtCtAtDtAtGyDyE0AtDtGyE0F0AtDtGtAtD0BtAtGzz0FyBtAtByDtCzyzy0DyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0DyEyEzyzy0EyEtG0CyC0ByDtGyEtByE0BtGzyyC0FtAtG0CyBtD0AtByEyDtA0FyBzz0D2QtN0A0LzuyE&cr=1656138823&ir=

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8360 bytes] ##########

 

 

 



#4 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 January 2016 - 10:49 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 Pro x64
Ran by UserPC (Administrator) on Fri 01/29/2016 at 21:26:24.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 7

Successfully deleted: C:\Users\UserPC\AppData\Local\com (Folder)
Successfully deleted: C:\Users\UserPC\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\UserPC\AppData\Local\installer (Folder)
Successfully deleted: C:\Users\UserPC\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\UserPC\AppData\Roaming\0B1L1H1F0M1P1Q1L1T (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\opensoftwareupdater (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/29/2016 at 21:28:38.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by UserPC (administrator) on USER (29-01-2016 21:38:23)
Running from C:\Users\UserPC\Desktop
Loaded Profiles: UserPC (Available Profiles: UserPC & Administrator)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-09] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2007-03-14] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2639144 2010-10-01] (CyberLink Corp.)
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\Run: [f.lux] => C:\Users\UserPC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\MountPoints2: {2fb9b0f6-cb4b-11e3-825d-74d43580dc4d} - "J:\LaunchU3.exe"
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\MountPoints2: {2fb9b14b-cb4b-11e3-825d-74d43580dc4d} - "J:\LaunchU3.exe" -a
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\MountPoints2: {e66bb44e-c4bd-11e3-8251-74d43580dc4d} - "M:\LOCKv247.exe"
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-09] (Avast Software s.r.o.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51308;https=127.0.0.1:51308
Tcpip\Parameters: [DhcpNameServer] 199.15.192.131 199.15.192.132
Tcpip\..\Interfaces\{AB09C578-E98A-47BE-B979-DE7A3605803B}: [DhcpNameServer] 199.15.192.131 199.15.192.132

Internet Explorer:
==================
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-14] (Oracle Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-14] (Oracle Corporation)
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-268514846-1927310418-2097440617-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-268514846-1927310418-2097440617-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\UserPC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pandasecuritytb.xml [2015-11-08]
FF Extension: No Name - C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\extensions\browserprotect@browserprotect.com.xpi [not found]
FF Extension: NoScript - C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-01-08]
FF Extension: Adblock Plus - C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=523482&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-27]
CHR Extension: (Google Drive) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-03]
CHR Extension: (YouTube) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google Search) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Deal Flow) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdmlkgfcploenkbkhgoibipkpkmbnoh [2015-05-27]
CHR Extension: (Google Sheets) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (nolijncfnkgaikbjbdaogikpmpbdcdef) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-04-01]
CHR Extension: (Gmail) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27]
CHR HKLM-x32\...\Chrome\Extension: [fdhbkaahephniejapepaiggngjnedpci] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-09] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-04-09] (Avast Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-07-13] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-08-02] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [272024 2007-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\drivers\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\drivers\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-09] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-09] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-10-22] (BitRaider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-25] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-28] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2015-10-27] (SteelSeries ApS)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-09] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [32240 2007-09-19] (Cyberlink Corp.)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 21:38 - 2016-01-29 21:38 - 00018352 _____ C:\Users\UserPC\Desktop\FRST.txt
2016-01-29 21:37 - 2016-01-29 21:38 - 00000000 ____D C:\FRST
2016-01-29 21:35 - 2016-01-29 21:35 - 02370560 _____ (Farbar) C:\Users\UserPC\Desktop\FRST64.exe
2016-01-29 21:28 - 2016-01-29 21:28 - 00001056 _____ C:\Users\UserPC\Desktop\JRT.txt
2016-01-29 21:25 - 2016-01-29 21:25 - 01609032 _____ (Malwarebytes) C:\Users\UserPC\Desktop\JRT.exe
2016-01-29 21:21 - 2016-01-29 21:21 - 00008455 _____ C:\Users\UserPC\Desktop\AdwCleaner[C1].txt
2016-01-29 21:14 - 2016-01-29 21:17 - 00000000 ____D C:\AdwCleaner
2016-01-29 18:53 - 2016-01-29 18:53 - 00000000 ___RD C:\Users\UserPC\Documents\Notes
2016-01-21 05:16 - 2016-01-21 05:17 - 02975616 _____ C:\Windows\Minidump\012116-29796-01.dmp
2016-01-15 21:54 - 2016-01-15 22:35 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-14 22:09 - 2016-01-14 22:09 - 00000000 ____D C:\Users\UserPC\AppData\Roaming\Sun
2016-01-14 22:09 - 2016-01-14 22:09 - 00000000 ____D C:\Users\UserPC\.oracle_jre_usage
2016-01-13 05:31 - 2015-12-10 22:38 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 05:31 - 2015-12-10 21:55 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 05:31 - 2015-12-10 21:50 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 05:31 - 2015-12-10 20:43 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 05:30 - 2015-12-10 22:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 05:30 - 2015-12-10 21:45 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 05:30 - 2015-12-10 21:21 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 05:30 - 2015-12-10 21:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 05:30 - 2015-12-10 21:09 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 05:30 - 2015-12-10 21:09 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 05:30 - 2015-12-10 21:03 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 05:30 - 2015-12-10 20:59 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 05:30 - 2015-12-10 20:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 05:30 - 2015-12-10 20:38 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 05:30 - 2015-12-10 20:37 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 05:30 - 2015-12-10 20:35 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 05:30 - 2015-12-10 20:26 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 05:30 - 2015-12-10 20:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 05:30 - 2015-12-10 20:12 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 05:30 - 2015-12-10 20:08 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 05:30 - 2015-12-10 20:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 05:27 - 2015-12-02 09:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 05:26 - 2015-12-30 13:32 - 07453016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 05:26 - 2015-12-30 13:32 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 05:26 - 2015-12-30 13:32 - 01499912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 05:26 - 2015-12-09 18:40 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 05:26 - 2015-12-07 04:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 01798480 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 05:26 - 2015-12-04 23:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 05:26 - 2015-12-04 23:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 05:26 - 2015-12-04 09:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 05:26 - 2015-12-03 13:42 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-13 05:26 - 2015-12-03 13:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-01-13 05:26 - 2015-12-03 13:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 05:26 - 2015-12-03 13:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 05:26 - 2015-12-03 13:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 05:26 - 2015-12-03 12:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-01-13 05:26 - 2015-12-03 12:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 05:26 - 2015-12-03 12:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 05:26 - 2015-12-03 12:28 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 05:26 - 2015-12-03 12:28 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 05:26 - 2015-12-03 12:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 05:26 - 2015-12-03 12:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 05:26 - 2015-12-03 12:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 05:26 - 2015-12-03 12:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 05:26 - 2015-12-03 12:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 05:26 - 2015-12-03 11:58 - 00378880 ____C (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 05:26 - 2015-12-03 11:51 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-01-13 05:26 - 2015-12-03 11:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 05:26 - 2015-12-03 11:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 05:26 - 2015-12-03 11:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 05:26 - 2015-12-03 11:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 05:26 - 2015-12-03 11:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 05:26 - 2015-12-03 11:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 05:26 - 2015-12-03 11:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 05:26 - 2015-12-03 11:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-01-13 05:26 - 2015-12-03 11:13 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 05:26 - 2015-12-03 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 05:26 - 2015-12-03 11:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 05:26 - 2015-12-03 11:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 05:26 - 2015-12-03 10:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 05:26 - 2015-12-03 10:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 05:26 - 2015-12-03 10:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 05:26 - 2015-12-02 09:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 01380864 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 00705024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 05:26 - 2015-11-17 15:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 05:25 - 2015-12-08 13:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 05:25 - 2015-12-08 13:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-08 09:42 - 2016-01-08 09:42 - 00302568 _____ C:\Windows\Minidump\010816-16984-01.dmp
2016-01-06 21:43 - 2016-01-29 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 21:25 - 2015-05-29 18:21 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1001
2016-01-29 21:20 - 2014-07-11 20:19 - 00000000 __RDO C:\Users\UserPC\OneDrive
2016-01-29 21:20 - 2014-04-17 19:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-29 21:19 - 2014-04-15 10:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-29 21:19 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-29 21:19 - 2013-08-22 07:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-29 21:18 - 2014-04-15 09:55 - 00000000 ____D C:\Users\UserPC
2016-01-29 20:39 - 2015-06-30 18:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 17:58 - 2015-06-10 07:16 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FD6AD648-4037-4746-AD7C-70BF5DAB6AAA}
2016-01-28 08:37 - 2015-09-10 16:44 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-28 08:37 - 2014-06-26 07:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-28 08:35 - 2015-05-08 16:44 - 941161025 _____ C:\Windows\MEMORY.DMP
2016-01-28 08:35 - 2014-06-28 05:51 - 00000000 ____D C:\Windows\Minidump
2016-01-26 18:08 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-25 10:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2016-01-22 11:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\LiveKernelReports
2016-01-21 05:42 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2016-01-20 02:39 - 2015-06-30 18:12 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-15 22:36 - 2015-07-28 11:40 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-15 22:36 - 2015-03-16 01:59 - 00001848 _____ C:\Users\UserPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-01-15 22:36 - 2014-04-15 11:52 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-01-15 22:36 - 2014-04-15 09:56 - 00001418 _____ C:\Users\UserPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-15 22:35 - 2015-12-14 20:50 - 00000969 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-15 22:35 - 2015-11-03 12:56 - 00001446 _____ C:\Users\Public\Desktop\TS4 Mod Manager.lnk
2016-01-15 22:35 - 2015-09-13 10:04 - 00000807 _____ C:\Users\UserPC\Desktop\World of Warships.lnk
2016-01-15 22:35 - 2015-07-28 11:40 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-15 22:35 - 2015-06-12 20:37 - 00001217 _____ C:\Users\UserPC\Desktop\Uplay.lnk
2016-01-15 22:35 - 2015-05-07 19:26 - 00001456 _____ C:\Users\Public\Desktop\WarThunder.lnk
2016-01-15 22:35 - 2015-04-19 10:55 - 00000814 _____ C:\Users\UserPC\Desktop\World of Warplanes.lnk
2016-01-15 22:35 - 2014-11-24 14:51 - 00002143 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-01-15 22:35 - 2014-11-24 14:32 - 00001334 _____ C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2016-01-15 22:35 - 2014-11-21 20:23 - 00001936 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-15 22:35 - 2014-09-03 13:31 - 00001356 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2016-01-15 22:35 - 2014-08-24 12:32 - 00001966 _____ C:\Users\UserPC\Desktop\Manage media on your device - Shortcut.lnk
2016-01-15 22:35 - 2014-05-08 06:51 - 00000985 _____ C:\Users\Public\Desktop\Origin.lnk
2016-01-15 22:35 - 2014-05-01 21:27 - 00001463 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2016-01-15 22:35 - 2014-04-27 09:10 - 00001168 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-01-15 22:35 - 2014-04-16 17:02 - 00001263 _____ C:\Users\UserPC\Desktop\The Elder Scrolls Online.lnk
2016-01-15 22:35 - 2014-04-15 11:55 - 00001295 _____ C:\Users\Public\Desktop\CyberLink Power2Go.lnk
2016-01-15 22:35 - 2014-04-15 11:53 - 00002691 _____ C:\Users\UserPC\Desktop\Microsoft Office Word 2007.lnk
2016-01-15 22:35 - 2014-04-15 11:53 - 00002691 _____ C:\Users\UserPC\Desktop\Microsoft Office Outlook 2007.lnk
2016-01-15 22:35 - 2014-04-15 11:53 - 00002653 _____ C:\Users\UserPC\Desktop\Microsoft Office Excel 2007.lnk
2016-01-15 22:35 - 2014-04-15 11:53 - 00002643 _____ C:\Users\UserPC\Desktop\Microsoft Office PowerPoint 2007.lnk
2016-01-15 22:35 - 2014-04-15 11:53 - 00002609 _____ C:\Users\UserPC\Desktop\Microsoft Office Publisher 2007.lnk
2016-01-15 22:35 - 2014-04-15 11:53 - 00002061 _____ C:\Users\UserPC\Desktop\CyberLink PowerDVD.lnk
2016-01-15 22:35 - 2014-04-15 11:52 - 00002033 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-01-15 22:35 - 2014-04-15 11:50 - 00001774 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-01-15 22:35 - 2014-04-15 11:50 - 00000832 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-15 22:35 - 2014-04-15 10:10 - 00001357 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-01-15 22:35 - 2014-04-15 10:04 - 00000706 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-01-15 22:33 - 2015-05-29 18:15 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-01-15 22:33 - 2013-08-22 08:44 - 00481232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-15 22:15 - 2015-05-29 18:13 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-15 22:14 - 2015-05-29 18:15 - 00000000 ____D C:\Users\UserPC\AppData\Roaming\Panda Security
2016-01-15 21:54 - 2014-06-26 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-15 21:54 - 2014-06-26 07:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-14 22:09 - 2014-04-16 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-14 22:08 - 2014-04-16 18:27 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-14 22:08 - 2014-04-16 18:27 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-14 08:12 - 2014-04-15 10:01 - 00881976 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-14 08:06 - 2014-04-15 10:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 08:06 - 2014-04-15 10:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 21:45 - 2014-12-12 17:05 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 21:45 - 2014-07-11 17:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 06:20 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 06:19 - 2014-04-15 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 06:16 - 2014-04-15 10:42 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 06:12 - 2014-04-15 10:42 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-11 20:39 - 2015-07-28 11:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-11 19:02 - 2014-11-21 20:35 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-08 13:43 - 2014-04-17 09:59 - 00000000 ____D C:\Users\UserPC\AppData\Roaming\Awesomium
2016-01-05 14:04 - 2015-11-11 18:00 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-05 14:04 - 2015-11-11 18:00 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-03-31 02:14 - 2015-05-28 21:36 - 0000385 _____ () C:\Users\UserPC\AppData\Roaming\48y6GZ3qegcz5WI92Pvk1V
2015-03-31 02:14 - 2015-03-31 02:14 - 0004387 _____ () C:\Users\UserPC\AppData\Roaming\5gf8uC8lq7UzA02OsRw9uX0A
2015-03-31 02:14 - 2015-03-31 02:14 - 0004387 _____ () C:\Users\UserPC\AppData\Roaming\VFJyS2RbTsDA
2014-08-27 07:53 - 2014-08-27 07:53 - 0000047 _____ () C:\Users\UserPC\AppData\Roaming\WB.CFG
2015-02-06 12:04 - 2015-02-06 12:04 - 0000017 _____ () C:\Users\UserPC\AppData\Local\resmon.resmoncfg
2014-04-15 10:05 - 2014-04-15 10:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\UserPC\AppData\Local\Temp\sqlite3.dll
C:\Users\UserPC\AppData\Local\Temp\{63579BDD-ACC8-4176-9CB0-B880D436F719}.exe
C:\Users\UserPC\AppData\Local\Temp\{72B9525F-8A6A-4752-82CD-5414D16F0E36}.exe
C:\Users\UserPC\AppData\Local\Temp\{88004330-7EFD-45C6-8101-5FED53E4EC24}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-28 09:19

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by UserPC (2016-01-29 21:38:59)
Running from C:\Users\UserPC\Desktop
Windows 8.1 Pro (X64) (2014-04-15 15:55:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-268514846-1927310418-2097440617-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-268514846-1927310418-2097440617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-268514846-1927310418-2097440617-1003 - Limited - Enabled)
UserPC (S-1-5-21-268514846-1927310418-2097440617-1001 - Administrator - Enabled) => C:\Users\UserPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
7zip Packages (HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\7zip Packages) (Version:  - ) <==== ATTENTION
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1001 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.9 - Electronic Arts)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
f.lux (HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\Flux) (Version:  - )
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 4 (HKLM-x32\...\Steam App 298110) (Version:  - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PowerDVD (x32 Version: 7.3.3319a.0 - CyberLink Corporation) Hidden
PowerDVD Ultra (HKLM-x32\...\InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.3.3319a.0 - CyberLink Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Savage Lands (HKLM-x32\...\Steam App 307880) (Version:  - Signal Studios)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{628A041E-F44B-4F65-B651-C2667BDD123D}) (Version: 2.2.3.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Settlers: Rise of an Empire Gold Edition   (HKLM-x32\...\Steam App 19930) (Version:  - Blue Byte)
The Sims 4 Mod Manager version 2.2.0 (HKLM-x32\...\The Sims 4 Mod Manager_is1) (Version: 2.2.0 - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Unity Web Player (HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
War Thunder Launcher 1.0.1.522 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
World of Warplanes (HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04EB43B6-CAD6-4739-A55E-4197AB5A1817} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
Task: {0EFA27B3-5B3C-491B-99BB-6A8930552B0B} - \Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1005 -> No File <==== ATTENTION
Task: {23B111F7-A1A1-4553-9C7A-97E14DACE3EC} - \Palikan momo -> No File <==== ATTENTION
Task: {2A0FE9D8-32CF-4AB8-A189-7ADF231F0469} - \User_Feed_Synchronization-{1EEE0B94-34E9-44D2-A059-09021DE08153} -> No File <==== ATTENTION
Task: {440C68C8-BF82-40A9-8D75-E0E7796B5B3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {5BFE382B-7F65-423D-9AA1-83DED5DFF960} - \{61053EC5-86B2-4557-BED8-FF6A77395818} -> No File <==== ATTENTION
Task: {97241F0E-7D00-41EF-81F6-CD0103379EA8} - \Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1004 -> No File <==== ATTENTION
Task: {B2E730E1-4AD5-4044-B185-A858DAE8EDCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {B9E4DDF6-277A-4824-8ADB-C0A66D0140E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BFDFB120-04D6-4793-953B-7F01301D2531} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-09] (Avast Software s.r.o.)
Task: {C00817A1-1256-44D7-84E1-D0E68DD9C78C} - \ProfessionalPCCleaner_Popup -> No File <==== ATTENTION
Task: {DDB88859-6336-4094-9638-1FA66D5CDBC6} - \ProfessionalPCCleaner_Start -> No File <==== ATTENTION
Task: {F81A1548-B374-4639-8CCF-FFE3F98FF3B5} - \{FEFF5517-82FC-466F-B774-8B78D7C580B6} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-29 12:32 - 2015-08-02 18:54 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-15 11:53 - 2007-05-14 10:54 - 00272024 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-04-09 14:50 - 2015-04-09 14:50 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-09 14:50 - 2015-04-09 14:50 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-29 07:50 - 2016-01-29 07:50 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012900\algo.dll
2015-04-09 14:50 - 2015-04-09 14:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-15 10:01 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\gogorithm.com -> hxxp://cr.gogorithm.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-08-09 19:43 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-268514846-1927310418-2097440617-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\UserPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 199.15.192.131 - 199.15.192.132
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "LanguageShortcut"
HKLM\...\StartupApproved\Run32: => "RemoteControl"
HKU\S-1-5-21-268514846-1927310418-2097440617-1001\...\StartupApproved\Run: => "Power2GoExpress"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9A4EDFB4-318E-4453-B592-9BD73E545EAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{09330ECC-56EA-4246-9B64-A5FF55C517D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8BBDE55E-3814-4604-82C6-02170584CC7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5E4F373B-81C8-49B5-A9BD-D44BBE13A49D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C1137C91-911D-47FD-B237-902619F76B00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F980CA46-60E2-4C2A-84CA-84C513927639}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2697034A-C27F-4364-A11B-56EB7E980DDA}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD\PowerDVD.EXE
FirewallRules: [{CFBAFBD8-0192-4213-8BA4-C88414A2F77E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2F20F4A7-9834-4BB3-B938-A53E4C335949}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{259879A1-56BD-48E7-8C07-955369D15A2A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{39E1F3C3-3597-4AC3-AB8C-9ED3848A601D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [TCP Query User{1344E592-B364-47CB-AC24-61AFF3BF8FB1}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{352E0CAA-09BC-458A-9ED5-9BF87B87A0D3}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{0B6CD1A5-F9B1-4B7D-9B9B-D543CAF5A1A6}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{42442ADF-742C-44C2-90B4-DB6D4DD02803}] => (Block) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{91343A11-FCC3-4499-99BC-8561150EF23D}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{7586E85B-C3B3-4EFF-9C7E-32EA56FC2532}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3EECD333-08DC-4686-9E94-8D9F577D7F60}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3B92C169-38D3-4297-9539-A1BEC6AE33CA}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0BDBDCA5-B1F5-435D-B077-9B232637F786}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{6D55AB1E-47D0-4CFF-88D6-4C643E5E4EB6}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [TCP Query User{055EA001-80DE-4C23-97AC-B093E4CEF796}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{6D9A3DCB-42D5-482C-9E88-043F8EBDEC4F}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe
FirewallRules: [{01BC53A7-BCCF-42B1-99CC-15F2366A6888}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{37B8D10F-18DB-4B4F-A458-32AF863F6665}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FB79CFD9-AD17-44A8-8A0E-50D623D962D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{2E419254-0D6C-4215-85A2-AD83492B82D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [TCP Query User{86ACD5A5-0767-42B6-BDBA-1B5A4856F76C}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [UDP Query User{6A29707F-C1A0-4C97-8994-BD4319F7E5A3}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [TCP Query User{452DA040-4F32-4748-9A88-AFAAA0E76F92}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe
FirewallRules: [UDP Query User{7311D887-93F2-4D4F-9793-1C3907E1523B}C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army 3\binaries\aa3game.exe
FirewallRules: [{7A388276-E2B6-4A05-9A8A-CDE418544D26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{21823B3E-6C10-4C4B-8652-7D38C82E191D}] => (Allow) C:\Users\UserPC\AppData\Local\Temp\nsw57CE.tmp\CnetInstaller-10533322.exe
FirewallRules: [{CC841A72-B15A-41E3-8A8F-EDBEFF8302A4}] => (Allow) C:\Users\UserPC\AppData\Local\Temp\nsw57CE.tmp\CnetInstaller-10533322.exe
FirewallRules: [TCP Query User{215A333B-3161-4674-845C-6E161C81775F}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{0CB8EA1A-854E-46A9-A39E-8F3680773968}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [{24F71A31-6EE5-48DD-861D-A837A4B7E082}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{77D8D560-C74F-4559-8D6A-ECFCA9C41295}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{4B25171A-4A8A-4759-86F3-02094E2C45E6}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{9E42CA22-0B71-4EEE-878F-EB3F34A7941D}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{2D640CCF-6750-4773-BE7A-334D75A35759}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{B5024FB3-FB52-4B61-99AC-7230AF485674}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{745E58A2-43F2-478D-9920-2806CADAB699}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{47B5089B-0B97-4168-9D68-1E78359201E4}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{C41EDA6A-0725-4728-BB59-2CCEFE3E9EC0}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{A900B839-4035-4EB4-92A8-4C411F8B646D}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{0C59CDF5-24E3-413D-9F67-5C8CC5CEF356}] => (Allow) LPort=80
FirewallRules: [{EA32DBE6-370D-4D16-A87A-C7E2594D016F}] => (Allow) LPort=443
FirewallRules: [{D9AD30F6-FE8A-4974-91D8-320E0B83A183}] => (Allow) LPort=20010
FirewallRules: [{CB621EFF-EB6B-469B-97FC-FE6424FA46F5}] => (Allow) LPort=3478
FirewallRules: [{FE942EEA-F55F-4A73-B95B-A73CCB5CEC0B}] => (Allow) LPort=7850
FirewallRules: [{5FB066BA-7ED5-4D4B-98A6-DA46AD1957AE}] => (Allow) LPort=7852
FirewallRules: [{4E62D18D-D85C-4BF2-B18B-213846E5D2EF}] => (Allow) LPort=7853
FirewallRules: [{7F84B103-6A9B-446B-99F2-0C2A23AFFD8C}] => (Allow) LPort=27022
FirewallRules: [{FF5C6D6D-249E-4B08-A978-256C04C8F844}] => (Allow) LPort=6881
FirewallRules: [{0DBC3DB5-3205-4C26-997B-B5472D033F33}] => (Allow) LPort=33333
FirewallRules: [{071D5246-8DAC-457B-BF4C-959B38E2DAC9}] => (Allow) LPort=20443
FirewallRules: [{0236382F-BB39-470F-A238-6C0FFE3044F6}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{C3467F28-D13D-4AAB-A9FF-A39FCB9AC9D7}C:\warthunder\aces.exe] => (Block) C:\warthunder\aces.exe
FirewallRules: [UDP Query User{C4C5ED8F-C086-4AA5-9278-FB75B2333B47}C:\warthunder\aces.exe] => (Block) C:\warthunder\aces.exe
FirewallRules: [{774CDD2C-C581-45B7-943E-3A19E776C3DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E1CAF027-3EA8-4FD1-BE4B-5DE3ED548C09}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{E4D1068A-FCD4-4738-A43D-91D0001BBE01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{B3075083-B42E-43FB-86D6-C6BD39726E4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{2DC75A5B-BCDA-4B18-BEC2-96FBB0485EBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{33BED983-F192-4BCA-9586-0E4C1B7CFA33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{831FF236-0783-4229-8C68-947C26C1AAFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Settlers 6 Gold\Play Settlers 6.exe
FirewallRules: [{3B36AC5C-16BA-46B3-86EE-2D3DD5AB6584}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Settlers 6 Gold\Play Settlers 6.exe
FirewallRules: [{89845EAE-9581-49DB-9DFC-D7EA8FDF4F15}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Settlers 6 Gold\Play Settlers 6 - The Eastern Realm.exe
FirewallRules: [{BCF6A6E8-1C76-4791-93FC-C859819E642B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Settlers 6 Gold\Play Settlers 6 - The Eastern Realm.exe
FirewallRules: [{95BE3621-46C9-4097-BBFA-11AE80C6E45C}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{9E850893-7F93-4334-9F8D-579A695F1111}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{20B33FA3-24A7-468D-B00E-14C93427F753}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{65553E70-9158-4312-976E-EC8EAFC3826C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{D4FAA5BD-289D-4342-B49D-3DAD250D8217}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{09E90C0B-B3A9-466F-9D8B-8DB3CF41C68F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AFA1A8F1-6269-433C-B0B5-A9A4507FD4D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5805A6F7-493C-48B8-8D63-C44E457CBC27}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{66F0688C-4A28-45E1-A7DA-EA2A685FA93E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{0F38A540-AA1F-49BF-A34A-A9B218361559}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{B4E32A1B-ACFE-4CBC-A2E7-14E056C55623}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{31C157BE-D2A2-4C91-BC28-941969070090}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{0D8C3B12-C6A1-48D5-B021-85872F8CFE93}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{51017665-AC42-4FA7-A2AB-5DECBD0B9B39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{3C25EFF0-07BA-4E3C-B5DF-ED1E4A2F7CAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{8DF1A41F-C74B-4DCB-BE36-AE4F30E4CF51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Total War Rome II\launcher\launcher.exe
FirewallRules: [{6A851895-60DB-4100-986E-2F4F9BE7007B}] => (Allow) C:\Users\UserPC\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{0184104D-B47F-4987-BD51-D8BB1238B828}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{619A74B1-E328-4503-86C8-97662DADDC5F}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{F90A0FF8-5041-4E5F-8906-70113137A1F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E22656BD-F7D9-4E6D-A0FD-E2BEE27F8F2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79211497-BAA3-4A43-B9A9-13423597EE5D}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{759E87AF-4044-4EEF-AD15-852DBE47B30B}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{E54F810D-21D2-4A6C-84EC-72BC41F3596E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{6910DE6F-BAAC-4078-81EE-93E725287250}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{09A91C88-89AF-47AD-AD5E-72FB2B649981}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{00D1B082-6754-485E-A924-3449E86538A7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe

==================== Restore Points =========================

06-01-2016 14:23:55 Scheduled Checkpoint
13-01-2016 06:10:47 Windows Update
21-01-2016 05:41:50 Scheduled Checkpoint
29-01-2016 21:26:24 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2016 09:26:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/28/2016 08:30:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.19.0, time stamp: 0x55e84649
Faulting module name: ntdll.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4
Exception code: 0xc0000005
Fault offset: 0x00041db6
Faulting process id: 0x78c
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (01/24/2016 12:07:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/24/2016 12:07:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20dc

Start Time: 01d156d1f894bc96

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: 42df325c-c2c5-11e5-831d-74d43580dc4d

Faulting package full name: Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (01/24/2016 12:06:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: USER)
Description: App Microsoft.BingWeather_3.0.4.337_x64__8wekyb3d8bbwe+App did not launch within its allotted time.

Error: (01/23/2016 03:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: ntdll.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4
Exception code: 0x80000002
Fault offset: 0x0007e478
Faulting process id: 0x202c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (01/23/2016 03:18:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: jscript9.dll, version: 11.0.9600.18161, time stamp: 0x566a3825
Exception code: 0xc0000005
Fault offset: 0x00013457
Faulting process id: 0x2680
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (01/22/2016 11:57:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: Flash.ocx, version: 20.0.0.272, time stamp: 0x56870c97
Exception code: 0xc0000005
Fault offset: 0x00787fb5
Faulting process id: 0x1d18
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (01/22/2016 10:59:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 540

Start Time: 01d155359270efda

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 865afe37-c129-11e5-831d-74d43580dc4d

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (01/21/2016 09:38:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: Flash.ocx, version: 20.0.0.272, time stamp: 0x56870c97
Exception code: 0xc0000005
Fault offset: 0x007d7abe
Faulting process id: 0x1458
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

System errors:
=============
Error: (01/29/2016 09:26:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 09:26:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 09:18:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/29/2016 09:17:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/29/2016 09:17:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 09:17:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 09:17:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/29/2016 09:17:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 09:17:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 09:17:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2014-09-11 07:35:03.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8078.94 MB
Available physical RAM: 6179.08 MB
Total Virtual: 16270.94 MB
Available Virtual: 14343.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:287.2 GB) NTFS
Drive i: (Sims3EP09) (CDROM) (Total:5.21 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#5 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 January 2016 - 11:06 PM

Hello,

my name is david.

 

I have never zipped a file before, I only have 7zip and it says I am not permited to upload this kind of file when attaching to reply.

 

syssum.7z

 

same with the main file on system summary will not allow me to attach to my reply

 

syssum.nfo



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 30 January 2016 - 09:02 AM

Hi David, nice to meet you.

Let's not worry about the System Summary file just yet but thanks for trying.

We removed quite a bit with the first steps but we have more to go. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51308;https=127.0.0.1:51308
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
FF Plugin HKU\S-1-5-21-268514846-1927310418-2097440617-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Extension: No Name - C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\extensions\browserprotect@browserprotect.com.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
CHR Extension: (Deal Flow) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdmlkgfcploenkbkhgoibipkpkmbnoh [2015-05-27]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
2015-03-31 02:14 - 2015-05-28 21:36 - 0000385 _____ () C:\Users\UserPC\AppData\Roaming\48y6GZ3qegcz5WI92Pvk1V
2015-03-31 02:14 - 2015-03-31 02:14 - 0004387 _____ () C:\Users\UserPC\AppData\Roaming\5gf8uC8lq7UzA02OsRw9uX0A
2015-03-31 02:14 - 2015-03-31 02:14 - 0004387 _____ () C:\Users\UserPC\AppData\Roaming\VFJyS2RbTsDA
C:\Users\UserPC\AppData\Local\Temp\{63579BDD-ACC8-4176-9CB0-B880D436F719}.exe
C:\Users\UserPC\AppData\Local\Temp\{72B9525F-8A6A-4752-82CD-5414D16F0E36}.exe
C:\Users\UserPC\AppData\Local\Temp\{88004330-7EFD-45C6-8101-5FED53E4EC24}.exe
Task: {0EFA27B3-5B3C-491B-99BB-6A8930552B0B} - \Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1005 -> No File <==== ATTENTION
Task: {23B111F7-A1A1-4553-9C7A-97E14DACE3EC} - \Palikan momo -> No File <==== ATTENTION
Task: {2A0FE9D8-32CF-4AB8-A189-7ADF231F0469} - \User_Feed_Synchronization-{1EEE0B94-34E9-44D2-A059-09021DE08153} -> No File <==== ATTENTION
Task: {5BFE382B-7F65-423D-9AA1-83DED5DFF960} - \{61053EC5-86B2-4557-BED8-FF6A77395818} -> No File <==== ATTENTION
Task: {97241F0E-7D00-41EF-81F6-CD0103379EA8} - \Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1004 -> No File <==== ATTENTION
Task: {C00817A1-1256-44D7-84E1-D0E68DD9C78C} - \ProfessionalPCCleaner_Popup -> No File <==== ATTENTION
Task: {DDB88859-6336-4094-9638-1FA66D5CDBC6} - \ProfessionalPCCleaner_Start -> No File <==== ATTENTION
Task: {F81A1548-B374-4639-8CCF-FFE3F98FF3B5} - \{FEFF5517-82FC-466F-B774-8B78D7C580B6} -> No File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 30 January 2016 - 07:28 PM

When I try to run "fix" in farbar I get a nofixlixt.txt found, It did save the two txt files that were created to my desktop as FRST and addition.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 30 January 2016 - 07:34 PM

The Fixlist has to be saved in the same location as FRST. Are they both on the Desktop and did you make sure the file is called fixlist.txt?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 30 January 2016 - 08:16 PM

they are both on the desktop but it saved the first file as FRST.txt and addition.txt  I though about the name of the FRST but I did not want to simply rename it with out asking?

 

 

after renaming FRST to Fixlist I get a message that says " it looks like you don't know what to do, to prevent damage frst will shut down"


Edited by frost1977, 30 January 2016 - 08:23 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 30 January 2016 - 08:28 PM

Delete the existing Fixlist from your desktop. Download [attachment=176172:Fixlist.txt] to your Desktop. Launch FRST.exe then click Fix. It should work.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 30 January 2016 - 08:39 PM

an automatic reboot was trigger when I clicked OK ofter the scan.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by UserPC (2016-01-30 19:36:24) Run:1
Running from C:\Users\UserPC\Desktop
Loaded Profiles: UserPC (Available Profiles: UserPC & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51308;https=127.0.0.1:51308
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL =
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
FF Plugin HKU\S-1-5-21-268514846-1927310418-2097440617-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Extension: No Name - C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\extensions\browserprotect@browserprotect.com.xpi [not found]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
CHR Extension: (Deal Flow) - C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdmlkgfcploenkbkhgoibipkpkmbnoh [2015-05-27]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
2015-03-31 02:14 - 2015-05-28 21:36 - 0000385 _____ () C:\Users\UserPC\AppData\Roaming\48y6GZ3qegcz5WI92Pvk1V
2015-03-31 02:14 - 2015-03-31 02:14 - 0004387 _____ () C:\Users\UserPC\AppData\Roaming\5gf8uC8lq7UzA02OsRw9uX0A
2015-03-31 02:14 - 2015-03-31 02:14 - 0004387 _____ () C:\Users\UserPC\AppData\Roaming\VFJyS2RbTsDA
C:\Users\UserPC\AppData\Local\Temp\{63579BDD-ACC8-4176-9CB0-B880D436F719}.exe
C:\Users\UserPC\AppData\Local\Temp\{72B9525F-8A6A-4752-82CD-5414D16F0E36}.exe
C:\Users\UserPC\AppData\Local\Temp\{88004330-7EFD-45C6-8101-5FED53E4EC24}.exe
Task: {0EFA27B3-5B3C-491B-99BB-6A8930552B0B} - \Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1005 -> No File <==== ATTENTION
Task: {23B111F7-A1A1-4553-9C7A-97E14DACE3EC} - \Palikan momo -> No File <==== ATTENTION
Task: {2A0FE9D8-32CF-4AB8-A189-7ADF231F0469} - \User_Feed_Synchronization-{1EEE0B94-34E9-44D2-A059-09021DE08153} -> No File <==== ATTENTION
Task: {5BFE382B-7F65-423D-9AA1-83DED5DFF960} - \{61053EC5-86B2-4557-BED8-FF6A77395818} -> No File <==== ATTENTION
Task: {97241F0E-7D00-41EF-81F6-CD0103379EA8} - \Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1004 -> No File <==== ATTENTION
Task: {C00817A1-1256-44D7-84E1-D0E68DD9C78C} - \ProfessionalPCCleaner_Popup -> No File <==== ATTENTION
Task: {DDB88859-6336-4094-9638-1FA66D5CDBC6} - \ProfessionalPCCleaner_Start -> No File <==== ATTENTION
Task: {F81A1548-B374-4639-8CCF-FFE3F98FF3B5} - \{FEFF5517-82FC-466F-B774-8B78D7C580B6} -> No File <==== ATTENTION
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6586d803-df30-46d3-a89a-4136c8571d45}" => key removed successfully
HKCR\CLSID\{6586d803-df30-46d3-a89a-4136c8571d45} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}" => key removed successfully
HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key not found.
"HKU\S-1-5-21-268514846-1927310418-2097440617-1001\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => key removed successfully
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll => not found.
C:\Users\UserPC\AppData\Roaming\Mozilla\Firefox\Profiles\98x5ntdr.default-1447560529655\extensions\browserprotect@browserprotect.com.xpi => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value removed successfully
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js => moved successfully
C:\Users\UserPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\emdmlkgfcploenkbkhgoibipkpkmbnoh => moved successfully
BRDriver64 => service removed successfully
gdrv => service removed successfully
C:\Users\UserPC\AppData\Roaming\48y6GZ3qegcz5WI92Pvk1V => moved successfully
C:\Users\UserPC\AppData\Roaming\5gf8uC8lq7UzA02OsRw9uX0A => moved successfully
C:\Users\UserPC\AppData\Roaming\VFJyS2RbTsDA => moved successfully
C:\Users\UserPC\AppData\Local\Temp\{63579BDD-ACC8-4176-9CB0-B880D436F719}.exe => moved successfully
C:\Users\UserPC\AppData\Local\Temp\{72B9525F-8A6A-4752-82CD-5414D16F0E36}.exe => moved successfully
C:\Users\UserPC\AppData\Local\Temp\{88004330-7EFD-45C6-8101-5FED53E4EC24}.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EFA27B3-5B3C-491B-99BB-6A8930552B0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EFA27B3-5B3C-491B-99BB-6A8930552B0B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1005" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23B111F7-A1A1-4553-9C7A-97E14DACE3EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23B111F7-A1A1-4553-9C7A-97E14DACE3EC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Palikan momo => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A0FE9D8-32CF-4AB8-A189-7ADF231F0469}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A0FE9D8-32CF-4AB8-A189-7ADF231F0469}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{1EEE0B94-34E9-44D2-A059-09021DE08153}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BFE382B-7F65-423D-9AA1-83DED5DFF960}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BFE382B-7F65-423D-9AA1-83DED5DFF960}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{61053EC5-86B2-4557-BED8-FF6A77395818}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97241F0E-7D00-41EF-81F6-CD0103379EA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97241F0E-7D00-41EF-81F6-CD0103379EA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-268514846-1927310418-2097440617-1004" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C00817A1-1256-44D7-84E1-D0E68DD9C78C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C00817A1-1256-44D7-84E1-D0E68DD9C78C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Popup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDB88859-6336-4094-9638-1FA66D5CDBC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB88859-6336-4094-9638-1FA66D5CDBC6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProfessionalPCCleaner_Start => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F81A1548-B374-4639-8CCF-FFE3F98FF3B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F81A1548-B374-4639-8CCF-FFE3F98FF3B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FEFF5517-82FC-466F-B774-8B78D7C580B6}" => key removed successfully

The system needed a reboot.

==== End of Fixlog 19:36:47 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 30 January 2016 - 08:45 PM

Thanks, how is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 31 January 2016 - 01:14 PM

so far every thing seems to be clean not getting any redirects so far with firefox just running some random searchs.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,713 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:27 AM

Posted 31 January 2016 - 03:44 PM

Excellent, please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 frost1977

frost1977
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 31 January 2016 - 05:42 PM

first scan,  my internet crash for about 1 min at about 95% my ISP-dsl cuts out & is slow at times will post the screen317 as soon as it runs

 

 

C:\FRST\Quarantine\C\Users\UserPC\AppData\Local\Temp\{63579BDD-ACC8-4176-9CB0-B880D436F719}.exe.xBAD a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted
C:\FRST\Quarantine\C\Users\UserPC\AppData\Local\Temp\{72B9525F-8A6A-4752-82CD-5414D16F0E36}.exe.xBAD a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted
C:\FRST\Quarantine\C\Users\UserPC\AppData\Local\Temp\{88004330-7EFD-45C6-8101-5FED53E4EC24}.exe.xBAD a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted
C:\Users\UserPC\AppData\Local\Microsoft\Windows\INetCache\IE\4QASQJ0J\zipinstall.exe a variant of Win32/InstallCore.ADQ.gen potentially unwanted application cleaned by deleting
C:\Users\UserPC\AppData\Local\Microsoft\Windows\INetCache\Low\IE\JTQWHC8V\message[1].htm HTML/FakeAlert.AK trojan cleaned by deleting
C:\Users\UserPC\AppData\Local\Temp\in0BD63D63\17DCE485_stp\icmac.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting
C:\Users\UserPC\AppData\Local\Temp\in0BD63D63\7176D8A0_stp\RAM.dll a variant of Win32/InstallCore.ACL potentially unwanted application cleaned by deleting
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users