Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen with Cursor. Virus is Zeroaccess


  • This topic is locked This topic is locked
23 replies to this topic

#1 primewatcher

primewatcher

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 29 January 2016 - 10:53 AM

My problem started a couple of days ago. The screen went black and I after browsing through multiple websites and forums, I was able to conclude that I had the Zeroaccess virus. I performed a FRST.exe scan. Is there any way to fix this or should I buy a new computer? If anyone can help that would be great. The FRST log is below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by SYSTEM on MININT-NBGBMQ8 (30-01-2016 02:38:41)
Running from f:\
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [fst_au_27] => "C:\Program Files (x86)\fst_au_27\fst_au_27.exe"
HKLM-x32\...\Run: [fst_au_50] => [X]
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [network_smb_linkbucks2] => "C:\Users\Willi\AppData\Local\Temp\BI_RunOnce.exe" /initurl hxxp://d20t5nkkmqeceu.cloudfront.net/init/fL27YrBw/:uid:? /affid "-" /id "0" /name " " /uniqid fL27YrBw /uuid 00000000-0000-0000-0000-6CF049 (the data entry has 68 more characters). <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\UpdatusUser\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\UpdatusUser\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Google Update] => "C:\Users\Willi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\UpdatusUser\...\Run: [LxrAutorun] => C:\Users\UpdatusUser\AppData\Local\Lexar Media\LxrAutorun.exe
HKU\UpdatusUser\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\UpdatusUser\...\Run: [PC Suite Tray] => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\UpdatusUser\...\Run: [InstallIQUpdater] => "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
HKU\UpdatusUser\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
HKU\UpdatusUser\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-02] (AVG Secure Search)
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
HKU\Willi\...\Run: [uTorrent] => C:\Users\Willi\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\Willi\...\Run: [{26808ED3-AAE3-4023-FC58-3F3AFF664503}] => C:\Users\Willi\AppData\Roaming\Xalytu\reaxy.exe [295596 2016-01-29] ()
HKU\Willi\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-05] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3878400 2015-12-28] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [521728 2015-12-28] (AVG Technologies CZ, s.r.o.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1383424 2015-12-28] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20057088 2015-12-29] (NVIDIA Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5159424 2015-12-29] ()
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [X]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [X]
S2 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll" /prefetch:1
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S2 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"
S2 vToolbarUpdater19.2.0; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\ToolbarUpdater.exe" [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-26] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-07-08] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.011\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-03] (ThreatTrack Security)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-07-08] ()
S2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-29] (Lexar Media, Inc.)
S0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-05] (NoteBurn Software)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-23] (TuneClone Software)
S0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2010-11-05] (Acronis)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 BS2957810525; \??\C:\Users\Willi\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 02:11 - 2016-01-30 02:38 - 00000000 ____D C:\FRST
2016-01-29 23:30 - 2016-01-30 01:38 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-01-29 03:06 - 2016-01-29 03:06 - 00271240 _____ C:\Windows\Minidump\012916-22760-01.dmp
2016-01-29 02:14 - 2016-01-29 02:14 - 02979296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG.exe
2016-01-29 02:06 - 2016-01-29 02:07 - 14243008 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\mseinstall.exe
2016-01-29 02:03 - 2016-01-29 02:03 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Willi\Downloads\tdsskiller.exe
2016-01-29 02:00 - 2016-01-29 02:01 - 22908888 _____ (Malwarebytes ) C:\Users\Willi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Xalytu
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Wolil
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Unal
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Neuk
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Izex
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Daudat
2016-01-27 00:40 - 2016-01-27 00:40 - 09723600 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\WindowsUpdateAgent-7.6-x86.exe
2016-01-27 00:37 - 2016-01-27 00:37 - 02026382 _____ C:\Users\Willi\Downloads\wsusoffline1032.zip
2016-01-27 00:30 - 2016-01-27 00:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\MicrosoftFixit.wu.RNP.Run.exe
2016-01-27 00:11 - 2016-01-27 00:11 - 00302011 _____ C:\Users\Willi\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-26 23:25 - 2016-01-26 23:25 - 00270248 _____ C:\Windows\Minidump\012716-92352-01.dmp
2016-01-26 23:23 - 2016-01-29 03:13 - 01089072 _____ C:\Windows\ntbtlog.txt
2016-01-26 23:20 - 2016-01-26 23:20 - 00003228 _____ C:\Windows\System32\Tasks\{BAFF12E7-F654-4B74-83C6-EDFF0DE21A69}
2016-01-26 23:20 - 2016-01-26 23:20 - 00003228 _____ C:\Windows\System32\Tasks\{8DF0DABB-28C5-4F11-865C-623AD96ED4DC}
2016-01-26 23:20 - 2016-01-26 23:20 - 00003228 _____ C:\Windows\System32\Tasks\{57FAA59F-0CB9-496A-B7DB-0690966F51CA}
2016-01-26 23:15 - 2016-01-26 23:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2016-01-26 23:08 - 2016-01-26 23:08 - 00359656 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\msicuu2.exe
2016-01-26 23:06 - 2013-09-03 18:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiutil.sys
2016-01-26 22:36 - 2016-01-29 02:03 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\uTorrent
2016-01-26 21:59 - 2016-01-29 01:00 - 00000390 _____ C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685.job
2016-01-26 21:59 - 2016-01-26 22:42 - 00003196 _____ C:\Windows\System32\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685
2016-01-26 21:58 - 2016-01-26 21:58 - 00000000 ____D C:\Users\Willi\AppData\Local\Registry_Cleaner_Pro
2016-01-26 20:49 - 2016-01-26 20:49 - 00000000 ____D C:\Users\Willi\AppData\Local\Registry Cleaner Pro
2016-01-26 20:47 - 2016-01-26 20:47 - 00003520 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-01-26 20:34 - 2016-01-26 20:34 - 00003344 _____ C:\Windows\System32\Tasks\PC Cleaner Pro Update Job
2016-01-26 20:34 - 2016-01-26 20:34 - 00003226 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
2016-01-26 20:34 - 2016-01-26 20:34 - 00000750 _____ C:\Users\Public\Desktop\PC Cleaner Pro.lnk
2016-01-26 20:34 - 2016-01-18 01:26 - 05310360 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
2016-01-26 16:26 - 2016-01-26 23:06 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
2016-01-26 16:25 - 2016-01-29 02:12 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-25 22:43 - 2016-01-25 22:43 - 00262144 _____ C:\Windows\Minidump\012616-64210-01.dmp
2016-01-25 21:45 - 2016-01-25 21:45 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG_Protection_Free_698 (1).exe
2016-01-25 20:45 - 2016-01-27 16:52 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Soqyu
2016-01-25 20:45 - 2016-01-25 20:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ymykav
2016-01-25 20:45 - 2016-01-25 20:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Tyahix
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Puopy
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ontu
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ebniyf
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Zeitc
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Zeis
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ukybax
2016-01-25 20:32 - 2016-01-25 20:32 - 00271240 _____ C:\Windows\Minidump\012616-24616-01.dmp
2016-01-25 19:11 - 2016-01-25 21:44 - 00000000 ____D C:\Users\Willi\Downloads\Icon Folder
2016-01-25 17:41 - 2016-01-25 17:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Myke
2016-01-25 17:41 - 2016-01-25 17:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Iduxs
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Miykuf
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Boqigy
2016-01-25 03:56 - 2016-01-25 03:56 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\Monomi Park
2016-01-19 20:52 - 2016-01-19 20:52 - 08338221 _____ C:\Users\Willi\Downloads\axj0jqn_460sv.mp4
2016-01-18 01:11 - 2016-01-29 03:06 - 304010120 _____ C:\Windows\MEMORY.DMP
2016-01-16 19:56 - 2016-01-16 19:56 - 00324404 _____ C:\Users\Willi\Downloads\62734170067282909.pdf
2016-01-16 19:55 - 2016-01-16 19:55 - 00324342 _____ C:\Users\Willi\Downloads\62734170067282917.pdf
2016-01-15 05:53 - 2016-01-15 05:54 - 00000000 _____ C:\Users\Willi\AppData\Local\{4E54C26F-C9B5-44D6-9469-E2C9BC723966}
2016-01-11 23:25 - 2016-01-11 23:25 - 01311770 _____ C:\Users\Willi\Downloads\W3ZMEv10.zip
2016-01-09 07:06 - 2016-01-09 07:07 - 00000000 ____D C:\Users\Willi\Downloads\[HorribleSubs] Assassination Classroom (01-22) [720p] (Batch)
2016-01-06 16:33 - 2016-01-06 16:33 - 00000108 _____ C:\ProgramData\i38baecjbfd.dat
2016-01-04 19:36 - 2016-01-04 19:37 - 00000000 ____D C:\Program Files (x86)\Safari
2016-01-04 19:31 - 2016-01-04 19:31 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup (1).exe
2016-01-04 19:10 - 2016-01-04 19:10 - 00716405 _____ C:\Users\Willi\Downloads\Coles eGift Card.webarchive
2016-01-04 19:07 - 2016-01-04 19:08 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup.exe
2016-01-04 16:33 - 2016-01-04 16:33 - 00010288 ____N C:\bootsqm.dat
2016-01-02 08:01 - 2016-01-02 08:01 - 00000000 ____D C:\Users\Willi\Downloads\vlc-skins
2016-01-02 07:59 - 2016-01-02 07:59 - 38802013 _____ C:\Users\Willi\Downloads\vlc-skins.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-29 02:15 - 2011-05-20 02:27 - 00000000 ____D C:\Users\Willi\AppData\Roaming\uTorrent
2016-01-29 02:15 - 2009-07-13 20:45 - 00025536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-29 02:15 - 2009-07-13 20:45 - 00025536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-29 02:12 - 2015-12-28 16:06 - 00000003 _____ C:\ProgramData\baecjbfd38.nls
2016-01-29 02:12 - 2010-10-22 21:15 - 00000000 ____D C:\users\Willi
2016-01-29 02:02 - 2011-10-26 00:25 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-01-29 01:58 - 2012-04-01 13:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 01:32 - 2014-01-05 06:58 - 00001296 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2016-01-29 01:32 - 2013-06-07 16:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-01-29 01:32 - 2013-06-02 13:29 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-01-29 01:32 - 2010-10-26 00:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 01:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-29 01:24 - 2010-10-26 00:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 23:21 - 2012-01-16 17:55 - 00776192 ____T (Microsoft Corporation) C:\Windows\System32\vds.exe
2016-01-28 21:05 - 2010-11-03 21:29 - 00000370 _____ C:\Windows\Tasks\GlaryUpdate.job
2016-01-28 21:05 - 2009-07-13 15:52 - 00282112 ____T (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
2016-01-28 11:58 - 2012-01-16 17:54 - 03766272 ____T (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2016-01-28 01:42 - 2012-08-15 13:33 - 00801280 ____T (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2016-01-27 20:49 - 2012-02-11 18:29 - 00000000 ____D C:\ProgramData\InstallMate
2016-01-27 19:49 - 2010-10-22 21:34 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18161333-E3D5-452A-BA59-56D3A5BA1C7C}
2016-01-27 16:52 - 2015-12-08 03:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 16:52 - 2015-08-12 04:11 - 00000000 ____D C:\081eae46e41ea8cc6d
2016-01-27 16:52 - 2015-01-07 20:54 - 00000000 ____D C:\Windows\Bejeweled 3
2016-01-27 16:52 - 2014-12-21 15:24 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA
2016-01-27 16:52 - 2014-05-30 04:26 - 00000000 ____D C:\Users\Willi\Documents\Warcraft- Frozen Throne
2016-01-27 16:52 - 2014-04-27 23:13 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-01-27 16:52 - 2012-11-18 05:55 - 00000000 ____D C:\users\UpdatusUser
2016-01-27 16:52 - 2011-07-20 02:53 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-01-27 16:52 - 2011-03-24 23:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Mozilla
2016-01-27 16:52 - 2010-11-03 21:28 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2016-01-27 16:52 - 2010-10-28 12:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-27 16:52 - 2010-10-22 21:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-27 16:52 - 2010-10-22 21:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-27 16:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-01-27 16:51 - 2012-03-10 00:20 - 00000000 ____D C:\Program Files\DivX
2016-01-27 16:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-01-27 16:50 - 2011-11-25 16:56 - 00000000 ____D C:\Users\Willi\AppData\Roaming\.minecraft
2016-01-27 16:50 - 2010-10-26 00:23 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Macromedia
2016-01-27 16:49 - 2012-03-10 00:19 - 00000000 ____D C:\ProgramData\DivX
2016-01-27 16:49 - 2011-07-20 02:53 - 00000000 ____D C:\ProgramData\HP
2016-01-27 16:48 - 2013-09-10 13:51 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-01-27 16:48 - 2013-01-17 16:43 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-01-27 16:48 - 2011-07-20 02:52 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-27 16:48 - 2010-10-22 21:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-27 16:48 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-27 12:44 - 2015-04-20 20:01 - 00000000 ____D C:\Users\Willi\AppData\Roaming\vlc
2016-01-27 00:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2016-01-27 00:16 - 2010-11-11 23:38 - 00000000 ____D C:\Users\Willi\AppData\Local\ElevatedDiagnostics
2016-01-26 23:25 - 2012-05-22 19:35 - 00000000 ____D C:\Windows\Minidump
2016-01-26 23:15 - 2012-01-05 21:31 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-01-26 23:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-26 22:34 - 2010-10-22 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-26 21:32 - 2011-11-25 15:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2016-01-26 20:50 - 2014-03-06 21:58 - 00000000 ____D C:\Users\Willi\Documents\Thief
2016-01-26 20:50 - 2013-10-15 02:57 - 00000000 ____D C:\Users\Willi\Documents\TuneClone
2016-01-26 20:50 - 2011-07-20 02:53 - 00000000 ____D C:\Users\Willi\AppData\Roaming\HpUpdate
2016-01-26 20:37 - 2014-12-21 15:25 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA Corporation
2016-01-26 17:12 - 2013-08-24 20:54 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Olna
2016-01-26 15:29 - 2015-04-05 05:58 - 00000000 ___SD C:\Windows\System32\GWX
2016-01-26 02:17 - 2010-10-24 22:35 - 00133048 _____ C:\Users\Willi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 02:16 - 2009-07-13 20:45 - 00467976 _____ C:\Windows\System32\FNTCACHE.DAT
2016-01-26 00:17 - 2013-10-11 07:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-26 00:04 - 2013-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-01-26 00:02 - 2010-10-22 21:24 - 00000000 ____D C:\ProgramData\InstallShield
2016-01-25 22:36 - 2012-03-30 21:29 - 00000000 ____D C:\Users\Willi\AppData\Local\Ubisoft Game Launcher
2016-01-25 22:25 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-25 22:04 - 2013-01-17 18:51 - 00000000 ____D C:\Users\Willi\Documents\Electronic Arts
2016-01-25 21:59 - 2011-03-25 15:50 - 00000000 ____D C:\ProgramData\Tarma Installer
2016-01-25 21:56 - 2011-03-25 20:55 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-25 20:39 - 2012-10-10 18:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2016-01-25 20:35 - 2015-04-15 21:37 - 00002564 _____ C:\Windows\System32\CFG2957810525
2016-01-22 16:48 - 2012-02-20 12:57 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Media Player Classic
2016-01-22 07:56 - 2012-03-19 00:38 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-20 17:58 - 2014-11-26 21:58 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-20 17:58 - 2012-04-01 13:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 17:58 - 2012-04-01 13:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 17:58 - 2011-08-29 22:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-18 17:26 - 2009-07-13 21:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-18 01:33 - 2015-11-11 02:23 - 00000000 ____D C:\8743d51bd6c6c7c48d4b92ccf55c252a
2016-01-18 01:33 - 2015-05-13 03:07 - 00000000 ____D C:\196f01c63f8a34c8ee60
2016-01-18 01:33 - 2015-04-29 02:08 - 00000000 ____D C:\Users\Willi\AppData\Roaming\tor
2016-01-18 01:33 - 2015-02-11 08:21 - 00000000 ____D C:\7f2f401ed84fb5678026a9255954b6bd
2016-01-18 01:33 - 2014-12-04 20:20 - 00000000 ____D C:\Program Files\CCleaner
2016-01-18 01:33 - 2013-10-07 16:48 - 00000000 ____D C:\Program Files\Calibre2
2016-01-17 19:41 - 2015-09-04 18:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-17 07:26 - 2015-09-06 03:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 05:51 - 2010-10-22 17:38 - 00000000 ____D C:\Windows\softwaredistribution.old
2016-01-04 19:37 - 2011-07-28 03:30 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Apple Computer
2016-01-04 19:37 - 2011-07-28 03:30 - 00000000 ____D C:\Users\Willi\AppData\Local\Apple Computer
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1434546154-2345726292-1624916509-1000\$ba2fe8aac1eb2841592d7fb9a37126ba
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ba2fe8aac1eb2841592d7fb9a37126ba
 
Files to move or delete:
====================
C:\ProgramData\aai19475cm.dat
C:\ProgramData\i38baecjbfd.dat
C:\ProgramData\iim19477bov.dat
C:\ProgramData\pclunst.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-08 18:34] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\SysWOW64\User32.dll
[2015-12-08 18:34] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 3835.48 MB
Available physical RAM: 3159.75 MB
Total Virtual: 3833.63 MB
Available Virtual: 3148.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:270.82 GB) NTFS
Drive f: (USB) (Removable) (Total:7.21 GB) (Free:7.21 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EAD4F996)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)
 
 
LastRegBack: 2015-12-19 05:03
 
==================== End of FRST.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 29 January 2016 - 11:50 AM

Hi primewatcher,
 
The problem for the black screen is that you are missing critical system files. Please do this for me:
 
On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive (if you already have FRST64.exe saved on the USB then skip this step).
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • In the search box, type svchost.exe;User32.dll
  • Press Search File(s) button.
  • It will make a log (Search.txt) on the flash drive. Please copy and paste it to your reply.

--------------

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Search.txt log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 29 January 2016 - 05:53 PM

Here is the search.txt log.

Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by SYSTEM (2016-01-30 09:27:15)
Running from f:\
Boot Mode: Recovery
 
================== Search Files: "svchost.exe;User32.dll
" =============
 
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 15:19][2016-01-29 02:11] 0021248 ____N (Microsoft Corporation) 840EF63D477B1BC092C5D33099579376
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_36077453d1a24eea\user32.dll
[2015-12-08 18:34][2015-11-10 10:35] 0833024 ____A (Microsoft Corporation) D0A3A0DBF77EE35CE97E55DE92014E05
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_3579d47ab8884c9d\user32.dll
[2015-12-08 18:34][2015-11-10 10:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2012-01-16 17:55][2010-11-20 04:08] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
 
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2009-07-13 15:24][2009-07-13 17:11] 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[2015-12-08 18:34][2015-11-10 10:59] 1009152 ____A (Microsoft Corporation) E42CB2576D5C8456C60988B1C908F41A
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[2015-12-08 18:34][2015-11-10 10:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[2012-01-16 17:55][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B
 
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____N (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\Temp\T2957810525\minerd\svchost.exe
[2016-01-22 07:54][2016-01-29 01:32] 0584704 ____N () 200CE57E37C56A3208E1839E93DBF661
 
C:\Windows\SysWOW64\user32.dll
[2015-12-08 18:34][2015-11-10 10:37] 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722
 
C:\Windows\System32\user32.dll
[2015-12-08 18:34][2015-11-10 10:55] 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_10.0.10240.16384_none_d538ddf00809c9d6\user32.dll
[2015-07-10 02:30][2015-07-10 02:30] 1366168 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.10240.16384_none_bdbbcb4f9ffb0889\svchost.exe
[2015-07-10 02:30][2015-07-10 02:30] 0039856 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\svchost.exe
[2015-07-10 02:30][2015-07-10 02:30] 0039856 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\user32.dll
[2015-07-10 02:30][2015-07-10 02:30] 1366168 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
X:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
X:\Windows\System32\svchost.exe
[2009-07-13 15:31][2009-07-13 17:39] 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
X:\Windows\System32\user32.dll
[2009-07-13 15:38][2009-07-13 17:41] 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6
 
====== End of Search ======


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 30 January 2016 - 07:52 AM

Hi primewatcher,
 
There is no clean copy of your 32 bit version of svchost, so we will download a known clean version to use instead. Please download this file and move it to the root of your USB drive which you have been using for FRST. Then follow the steps below:
 
Running a fix Using Farbar's Recovery Scan Tool in the Recovery Environment:

  • From your clean computer, press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM-x32\...\Run: [fst_au_27] => "C:\Program Files (x86)\fst_au_27\fst_au_27.exe"
HKLM-x32\...\Run: [fst_au_50] => [X]
C:\Program Files (x86)\fst_au_27
HKLM-x32\...\RunOnce: [network_smb_linkbucks2] => "C:\Users\Willi\AppData\Local\Temp\BI_RunOnce.exe" /initurl hxxp://d20t5nkkmqeceu.cloudfront.net/init/fL27YrBw/:uid:? /affid "-" /id "0" /name " " /uniqid fL27YrBw /uuid 00000000-0000-0000-0000-6CF049 (the data entry has 68 more characters). <===== ATTENTION
C:\Users\Willi\AppData\Local\Temp\BI_RunOnce.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\Willi\...\Run: [{26808ED3-AAE3-4023-FC58-3F3AFF664503}] => C:\Users\Willi\AppData\Roaming\Xalytu\reaxy.exe [295596 2016-01-29] ()
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Xalytu
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Wolil
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Unal
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Neuk
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Izex
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Daudat
2016-01-25 20:45 - 2016-01-27 16:52 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Soqyu
2016-01-25 20:45 - 2016-01-25 20:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ymykav
2016-01-25 20:45 - 2016-01-25 20:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Tyahix
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Puopy
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ontu
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ebniyf
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Zeitc
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Zeis
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ukybax
2016-01-25 17:41 - 2016-01-25 17:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Myke
2016-01-25 17:41 - 2016-01-25 17:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Iduxs
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Miykuf
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Boqigy
C:\$Recycle.Bin\S-1-5-21-1434546154-2345726292-1624916509-1000\$ba2fe8aac1eb2841592d7fb9a37126ba
C:\$Recycle.Bin\S-1-5-18\$ba2fe8aac1eb2841592d7fb9a37126ba
C:\Windows\Temp\T2957810525\
Replace: X:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe
Replace: F:\svchost.exe C:\Windows\SysWOW64\svchost.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\System32\User32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\user32.dll
  • Insert the USB device into your infected computer
  • Follow the process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recovery Scan Tool.

On a clean machine, please download Farbar Recovery Scan Tool and save it to the USB (feel free to use the frst download from my last instructions, if you still have it on the USB).
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========
 
On the System Recovery Options menu you will get the following options:
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
Select Command Prompt
 
==========
 
Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

Try and reboot the computer normally. Let me know what happens.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 30 January 2016 - 08:24 AM

This is the fixlog that is on the usb. I rebooted normally like you told me but instead of a black screen with a cursor, It reboots automatically after the windows loading screen and continues that in a loop.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by SYSTEM (2016-01-31 00:15:15) Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [fst_au_27] => "C:\Program Files (x86)\fst_au_27\fst_au_27.exe"
HKLM-x32\...\Run: [fst_au_50] => [X]
C:\Program Files (x86)\fst_au_27
HKLM-x32\...\RunOnce: [network_smb_linkbucks2] => "C:\Users\Willi\AppData\Local\Temp\BI_RunOnce.exe" /initurl hxxp://d20t5nkkmqeceu.cloudfront.net/init/fL27YrBw/:uid:? /affid "-" /id "0" /name " " /uniqid fL27YrBw /uuid 00000000-0000-0000-0000-6CF049 (the data entry has 68 more characters). <===== ATTENTION
C:\Users\Willi\AppData\Local\Temp\BI_RunOnce.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\Willi\...\Run: [{26808ED3-AAE3-4023-FC58-3F3AFF664503}] => C:\Users\Willi\AppData\Roaming\Xalytu\reaxy.exe [295596 2016-01-29] ()
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Xalytu
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Wolil
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Unal
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Neuk
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Izex
2016-01-29 00:59 - 2016-01-29 00:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Daudat
2016-01-25 20:45 - 2016-01-27 16:52 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Soqyu
2016-01-25 20:45 - 2016-01-25 20:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ymykav
2016-01-25 20:45 - 2016-01-25 20:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Tyahix
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Puopy
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ontu
2016-01-25 20:43 - 2016-01-25 20:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ebniyf
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Zeitc
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Zeis
2016-01-25 20:41 - 2016-01-25 20:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Ukybax
2016-01-25 17:41 - 2016-01-25 17:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Myke
2016-01-25 17:41 - 2016-01-25 17:41 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Iduxs
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Miykuf
2016-01-25 17:38 - 2016-01-25 17:38 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Boqigy
C:\$Recycle.Bin\S-1-5-21-1434546154-2345726292-1624916509-1000\$ba2fe8aac1eb2841592d7fb9a37126ba
C:\$Recycle.Bin\S-1-5-18\$ba2fe8aac1eb2841592d7fb9a37126ba
C:\Windows\Temp\T2957810525\
Replace: X:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe
Replace: F:\svchost.exe C:\Windows\SysWOW64\svchost.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\System32\User32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\Windows\SysWOW64\user32.dll
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_au_27 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_au_50 => value removed successfully
"C:\Program Files (x86)\fst_au_27" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\network_smb_linkbucks2 => value removed successfully
"C:\Users\Willi\AppData\Local\Temp\BI_RunOnce.exe" => not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKU\Willi\Software\Microsoft\Windows\CurrentVersion\Run\\{26808ED3-AAE3-4023-FC58-3F3AFF664503} => value removed successfully
C:\Users\Willi\AppData\Roaming\Xalytu => moved successfully
C:\Users\Willi\AppData\Roaming\Wolil => moved successfully
C:\Users\Willi\AppData\Roaming\Unal => moved successfully
C:\Users\Willi\AppData\Roaming\Neuk => moved successfully
C:\Users\Willi\AppData\Roaming\Izex => moved successfully
C:\Users\Willi\AppData\Roaming\Daudat => moved successfully
C:\Users\Willi\AppData\Roaming\Soqyu => moved successfully
C:\Users\Willi\AppData\Roaming\Ymykav => moved successfully
C:\Users\Willi\AppData\Roaming\Tyahix => moved successfully
C:\Users\Willi\AppData\Roaming\Puopy => moved successfully
C:\Users\Willi\AppData\Roaming\Ontu => moved successfully
C:\Users\Willi\AppData\Roaming\Ebniyf => moved successfully
C:\Users\Willi\AppData\Roaming\Zeitc => moved successfully
C:\Users\Willi\AppData\Roaming\Zeis => moved successfully
C:\Users\Willi\AppData\Roaming\Ukybax => moved successfully
C:\Users\Willi\AppData\Roaming\Myke => moved successfully
C:\Users\Willi\AppData\Roaming\Iduxs => moved successfully
C:\Users\Willi\AppData\Roaming\Miykuf => moved successfully
C:\Users\Willi\AppData\Roaming\Boqigy => moved successfully
C:\$Recycle.Bin\S-1-5-21-1434546154-2345726292-1624916509-1000\$ba2fe8aac1eb2841592d7fb9a37126ba => moved successfully
C:\$Recycle.Bin\S-1-5-18\$ba2fe8aac1eb2841592d7fb9a37126ba => moved successfully
C:\Windows\Temp\T2957810525 => moved successfully
C:\Windows\System32\svchost.exe => moved successfully
X:\Windows\System32\svchost.exe copied successfully to C:\Windows\System32\svchost.exe
"C:\Windows\SysWOW64\svchost.exe" => not found
F:\svchost.exe copied successfully to C:\Windows\SysWOW64\svchost.exe
C:\Windows\System32\User32.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll copied successfully to C:\Windows\System32\User32.dll
C:\Windows\SysWOW64\user32.dll => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll copied successfully to C:\Windows\SysWOW64\user32.dll
 
==== End of Fixlog 00:15:17 ====


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 30 January 2016 - 08:36 AM

Hi primewatcher,
 
The fix worked properly, but let's see what a new log will show:
Please boot into the Recovery Environment and run FRST64. Then press scan and open the FRST.txt log it creates on your clean computer, and copy it into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 30 January 2016 - 08:52 AM

Here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by SYSTEM on MININT-UQQGMUD (31-01-2016 00:48:43)
Running from f:\
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\UpdatusUser\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\UpdatusUser\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Google Update] => "C:\Users\Willi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\UpdatusUser\...\Run: [LxrAutorun] => C:\Users\UpdatusUser\AppData\Local\Lexar Media\LxrAutorun.exe
HKU\UpdatusUser\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\UpdatusUser\...\Run: [PC Suite Tray] => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\UpdatusUser\...\Run: [InstallIQUpdater] => "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
HKU\UpdatusUser\...\Run: [Comrade.exe] => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
HKU\UpdatusUser\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-02] (AVG Secure Search)
HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
HKU\Willi\...\Run: [uTorrent] => C:\Users\Willi\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\Willi\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-05] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3878400 2015-12-28] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [521728 2015-12-28] (AVG Technologies CZ, s.r.o.)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1383424 2015-12-28] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20057088 2015-12-29] (NVIDIA Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5159424 2015-12-29] ()
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [X]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [X]
S2 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll" /prefetch:1
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S2 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"
S2 vToolbarUpdater19.2.0; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\ToolbarUpdater.exe" [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-26] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-07-08] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-12] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-12] (AVG Technologies CZ, s.r.o.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.011\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-03] (ThreatTrack Security)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-07-08] ()
S2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-29] (Lexar Media, Inc.)
S0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-05] (NoteBurn Software)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-23] (TuneClone Software)
S0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2010-11-05] (Acronis)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 BS2957810525; \??\C:\Users\Willi\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 00:15 - 2016-01-31 00:11 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2016-01-30 02:11 - 2016-01-31 00:48 - 00000000 ____D C:\FRST
2016-01-29 23:30 - 2016-01-30 01:38 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-01-29 03:06 - 2016-01-29 03:06 - 00271240 _____ C:\Windows\Minidump\012916-22760-01.dmp
2016-01-29 02:14 - 2016-01-29 02:14 - 02979296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG.exe
2016-01-29 02:06 - 2016-01-29 02:07 - 14243008 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\mseinstall.exe
2016-01-29 02:03 - 2016-01-29 02:03 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Willi\Downloads\tdsskiller.exe
2016-01-29 02:00 - 2016-01-29 02:01 - 22908888 _____ (Malwarebytes ) C:\Users\Willi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-27 00:40 - 2016-01-27 00:40 - 09723600 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\WindowsUpdateAgent-7.6-x86.exe
2016-01-27 00:37 - 2016-01-27 00:37 - 02026382 _____ C:\Users\Willi\Downloads\wsusoffline1032.zip
2016-01-27 00:30 - 2016-01-27 00:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\MicrosoftFixit.wu.RNP.Run.exe
2016-01-27 00:11 - 2016-01-27 00:11 - 00302011 _____ C:\Users\Willi\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-26 23:25 - 2016-01-26 23:25 - 00270248 _____ C:\Windows\Minidump\012716-92352-01.dmp
2016-01-26 23:23 - 2016-01-29 03:13 - 01089072 _____ C:\Windows\ntbtlog.txt
2016-01-26 23:20 - 2016-01-26 23:20 - 00003228 _____ C:\Windows\System32\Tasks\{BAFF12E7-F654-4B74-83C6-EDFF0DE21A69}
2016-01-26 23:20 - 2016-01-26 23:20 - 00003228 _____ C:\Windows\System32\Tasks\{8DF0DABB-28C5-4F11-865C-623AD96ED4DC}
2016-01-26 23:20 - 2016-01-26 23:20 - 00003228 _____ C:\Windows\System32\Tasks\{57FAA59F-0CB9-496A-B7DB-0690966F51CA}
2016-01-26 23:15 - 2016-01-26 23:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2016-01-26 23:08 - 2016-01-26 23:08 - 00359656 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\msicuu2.exe
2016-01-26 23:06 - 2013-09-03 18:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\System32\Drivers\gfiutil.sys
2016-01-26 22:36 - 2016-01-29 02:03 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\uTorrent
2016-01-26 21:59 - 2016-01-29 01:00 - 00000390 _____ C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685.job
2016-01-26 21:59 - 2016-01-26 22:42 - 00003196 _____ C:\Windows\System32\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685
2016-01-26 21:58 - 2016-01-26 21:58 - 00000000 ____D C:\Users\Willi\AppData\Local\Registry_Cleaner_Pro
2016-01-26 20:49 - 2016-01-26 20:49 - 00000000 ____D C:\Users\Willi\AppData\Local\Registry Cleaner Pro
2016-01-26 20:47 - 2016-01-26 20:47 - 00003520 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-01-26 20:34 - 2016-01-26 20:34 - 00003344 _____ C:\Windows\System32\Tasks\PC Cleaner Pro Update Job
2016-01-26 20:34 - 2016-01-26 20:34 - 00003226 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
2016-01-26 20:34 - 2016-01-26 20:34 - 00000750 _____ C:\Users\Public\Desktop\PC Cleaner Pro.lnk
2016-01-26 20:34 - 2016-01-18 01:26 - 05310360 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
2016-01-26 16:26 - 2016-01-26 23:06 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
2016-01-26 16:25 - 2016-01-29 02:12 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-25 22:43 - 2016-01-25 22:43 - 00262144 _____ C:\Windows\Minidump\012616-64210-01.dmp
2016-01-25 21:45 - 2016-01-25 21:45 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG_Protection_Free_698 (1).exe
2016-01-25 20:32 - 2016-01-25 20:32 - 00271240 _____ C:\Windows\Minidump\012616-24616-01.dmp
2016-01-25 19:11 - 2016-01-25 21:44 - 00000000 ____D C:\Users\Willi\Downloads\Icon Folder
2016-01-25 03:56 - 2016-01-25 03:56 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\Monomi Park
2016-01-19 20:52 - 2016-01-19 20:52 - 08338221 _____ C:\Users\Willi\Downloads\axj0jqn_460sv.mp4
2016-01-18 01:11 - 2016-01-29 03:06 - 304010120 _____ C:\Windows\MEMORY.DMP
2016-01-16 19:56 - 2016-01-16 19:56 - 00324404 _____ C:\Users\Willi\Downloads\62734170067282909.pdf
2016-01-16 19:55 - 2016-01-16 19:55 - 00324342 _____ C:\Users\Willi\Downloads\62734170067282917.pdf
2016-01-15 05:53 - 2016-01-15 05:54 - 00000000 _____ C:\Users\Willi\AppData\Local\{4E54C26F-C9B5-44D6-9469-E2C9BC723966}
2016-01-11 23:25 - 2016-01-11 23:25 - 01311770 _____ C:\Users\Willi\Downloads\W3ZMEv10.zip
2016-01-09 07:06 - 2016-01-09 07:07 - 00000000 ____D C:\Users\Willi\Downloads\[HorribleSubs] Assassination Classroom (01-22) [720p] (Batch)
2016-01-06 16:33 - 2016-01-06 16:33 - 00000108 _____ C:\ProgramData\i38baecjbfd.dat
2016-01-04 19:36 - 2016-01-04 19:37 - 00000000 ____D C:\Program Files (x86)\Safari
2016-01-04 19:31 - 2016-01-04 19:31 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup (1).exe
2016-01-04 19:10 - 2016-01-04 19:10 - 00716405 _____ C:\Users\Willi\Downloads\Coles eGift Card.webarchive
2016-01-04 19:07 - 2016-01-04 19:08 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup.exe
2016-01-04 16:33 - 2016-01-04 16:33 - 00010288 ____N C:\bootsqm.dat
2016-01-02 08:01 - 2016-01-02 08:01 - 00000000 ____D C:\Users\Willi\Downloads\vlc-skins
2016-01-02 07:59 - 2016-01-02 07:59 - 38802013 _____ C:\Users\Willi\Downloads\vlc-skins.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 22:27 - 2012-01-16 17:55 - 00533504 _____ (Microsoft Corporation) C:\Windows\System32\vds.exe
2016-01-30 22:26 - 2012-01-16 17:54 - 03524608 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2016-01-30 22:26 - 2009-07-13 15:52 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
2016-01-29 02:15 - 2011-05-20 02:27 - 00000000 ____D C:\Users\Willi\AppData\Roaming\uTorrent
2016-01-29 02:15 - 2009-07-13 20:45 - 00025536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-29 02:15 - 2009-07-13 20:45 - 00025536 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-29 02:12 - 2015-12-28 16:06 - 00000003 _____ C:\ProgramData\baecjbfd38.nls
2016-01-29 02:12 - 2010-10-22 21:15 - 00000000 ____D C:\users\Willi
2016-01-29 02:02 - 2011-10-26 00:25 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-01-29 01:58 - 2012-04-01 13:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 01:32 - 2014-01-05 06:58 - 00001296 _____ C:\Windows\Tasks\Torntv V6.0-updater.job
2016-01-29 01:32 - 2013-06-07 16:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-01-29 01:32 - 2013-06-02 13:29 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-01-29 01:32 - 2010-10-26 00:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 01:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-29 01:24 - 2010-10-26 00:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 21:05 - 2010-11-03 21:29 - 00000370 _____ C:\Windows\Tasks\GlaryUpdate.job
2016-01-28 01:42 - 2012-08-15 13:33 - 00801280 ____T (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2016-01-27 20:49 - 2012-02-11 18:29 - 00000000 ____D C:\ProgramData\InstallMate
2016-01-27 19:49 - 2010-10-22 21:34 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18161333-E3D5-452A-BA59-56D3A5BA1C7C}
2016-01-27 16:52 - 2015-12-08 03:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 16:52 - 2015-08-12 04:11 - 00000000 ____D C:\081eae46e41ea8cc6d
2016-01-27 16:52 - 2015-01-07 20:54 - 00000000 ____D C:\Windows\Bejeweled 3
2016-01-27 16:52 - 2014-12-21 15:24 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA
2016-01-27 16:52 - 2014-05-30 04:26 - 00000000 ____D C:\Users\Willi\Documents\Warcraft- Frozen Throne
2016-01-27 16:52 - 2014-04-27 23:13 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-01-27 16:52 - 2012-11-18 05:55 - 00000000 ____D C:\users\UpdatusUser
2016-01-27 16:52 - 2011-07-20 02:53 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-01-27 16:52 - 2011-03-24 23:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Mozilla
2016-01-27 16:52 - 2010-11-03 21:28 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2016-01-27 16:52 - 2010-10-28 12:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-27 16:52 - 2010-10-22 21:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-27 16:52 - 2010-10-22 21:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-27 16:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2016-01-27 16:51 - 2012-03-10 00:20 - 00000000 ____D C:\Program Files\DivX
2016-01-27 16:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-01-27 16:50 - 2011-11-25 16:56 - 00000000 ____D C:\Users\Willi\AppData\Roaming\.minecraft
2016-01-27 16:50 - 2010-10-26 00:23 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Macromedia
2016-01-27 16:49 - 2012-03-10 00:19 - 00000000 ____D C:\ProgramData\DivX
2016-01-27 16:49 - 2011-07-20 02:53 - 00000000 ____D C:\ProgramData\HP
2016-01-27 16:48 - 2013-09-10 13:51 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-01-27 16:48 - 2013-01-17 16:43 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-01-27 16:48 - 2011-07-20 02:52 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-27 16:48 - 2010-10-22 21:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-27 16:48 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-27 12:44 - 2015-04-20 20:01 - 00000000 ____D C:\Users\Willi\AppData\Roaming\vlc
2016-01-27 00:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2016-01-27 00:16 - 2010-11-11 23:38 - 00000000 ____D C:\Users\Willi\AppData\Local\ElevatedDiagnostics
2016-01-26 23:25 - 2012-05-22 19:35 - 00000000 ____D C:\Windows\Minidump
2016-01-26 23:15 - 2012-01-05 21:31 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-01-26 23:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-26 22:34 - 2010-10-22 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-26 21:32 - 2011-11-25 15:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2016-01-26 20:50 - 2014-03-06 21:58 - 00000000 ____D C:\Users\Willi\Documents\Thief
2016-01-26 20:50 - 2013-10-15 02:57 - 00000000 ____D C:\Users\Willi\Documents\TuneClone
2016-01-26 20:50 - 2011-07-20 02:53 - 00000000 ____D C:\Users\Willi\AppData\Roaming\HpUpdate
2016-01-26 20:37 - 2014-12-21 15:25 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA Corporation
2016-01-26 17:12 - 2013-08-24 20:54 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Olna
2016-01-26 15:29 - 2015-04-05 05:58 - 00000000 ___SD C:\Windows\System32\GWX
2016-01-26 02:17 - 2010-10-24 22:35 - 00133048 _____ C:\Users\Willi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 02:16 - 2009-07-13 20:45 - 00467976 _____ C:\Windows\System32\FNTCACHE.DAT
2016-01-26 00:17 - 2013-10-11 07:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-26 00:04 - 2013-08-31 17:37 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-01-26 00:02 - 2010-10-22 21:24 - 00000000 ____D C:\ProgramData\InstallShield
2016-01-25 22:36 - 2012-03-30 21:29 - 00000000 ____D C:\Users\Willi\AppData\Local\Ubisoft Game Launcher
2016-01-25 22:25 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-25 22:04 - 2013-01-17 18:51 - 00000000 ____D C:\Users\Willi\Documents\Electronic Arts
2016-01-25 21:59 - 2011-03-25 15:50 - 00000000 ____D C:\ProgramData\Tarma Installer
2016-01-25 21:56 - 2011-03-25 20:55 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-25 20:39 - 2012-10-10 18:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2016-01-25 20:35 - 2015-04-15 21:37 - 00002564 _____ C:\Windows\System32\CFG2957810525
2016-01-22 16:48 - 2012-02-20 12:57 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Media Player Classic
2016-01-22 07:56 - 2012-03-19 00:38 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-20 17:58 - 2014-11-26 21:58 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-20 17:58 - 2012-04-01 13:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 17:58 - 2012-04-01 13:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 17:58 - 2011-08-29 22:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-18 17:26 - 2009-07-13 21:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-18 01:33 - 2015-11-11 02:23 - 00000000 ____D C:\8743d51bd6c6c7c48d4b92ccf55c252a
2016-01-18 01:33 - 2015-05-13 03:07 - 00000000 ____D C:\196f01c63f8a34c8ee60
2016-01-18 01:33 - 2015-04-29 02:08 - 00000000 ____D C:\Users\Willi\AppData\Roaming\tor
2016-01-18 01:33 - 2015-02-11 08:21 - 00000000 ____D C:\7f2f401ed84fb5678026a9255954b6bd
2016-01-18 01:33 - 2014-12-04 20:20 - 00000000 ____D C:\Program Files\CCleaner
2016-01-18 01:33 - 2013-10-07 16:48 - 00000000 ____D C:\Program Files\Calibre2
2016-01-17 19:41 - 2015-09-04 18:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-17 07:26 - 2015-09-06 03:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 05:51 - 2010-10-22 17:38 - 00000000 ____D C:\Windows\softwaredistribution.old
2016-01-04 19:37 - 2011-07-28 03:30 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Apple Computer
2016-01-04 19:37 - 2011-07-28 03:30 - 00000000 ____D C:\Users\Willi\AppData\Local\Apple Computer
 
Files to move or delete:
====================
C:\ProgramData\aai19475cm.dat
C:\ProgramData\i38baecjbfd.dat
C:\ProgramData\iim19477bov.dat
C:\ProgramData\pclunst.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 3835.48 MB
Available physical RAM: 3155.13 MB
Total Virtual: 3833.63 MB
Available Virtual: 3147.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:270.79 GB) NTFS
Drive f: (USB) (Removable) (Total:7.21 GB) (Free:7.21 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EAD4F996)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)
 
 
LastRegBack: 2015-12-19 05:03
 
==================== End of FRST.txt ============================


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 30 January 2016 - 10:40 AM

Hi primewatcher,
 
I want to see if we can boot into safe mode, please follow these instructions to do so.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 30 January 2016 - 04:39 PM

I couldn't make it into safe mode but my computer rebooted normally and I am able to access everything. I am in the process of backing up my files but I don't know which antivirus to run. Please advise.

#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 30 January 2016 - 05:14 PM

Hi primewatcher,
 
Let's get a new scan with FRST so we can clean up the system better:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 30 January 2016 - 11:28 PM

Here is both the FRST.txt and Addition.txt. The FRST is the first one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Willi (administrator) on WILLI-PC (31-01-2016 15:20:24)
Running from C:\Users\Willi\Downloads
Loaded Profiles: Willi (Available Profiles: Willi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BitTorrent Inc.) C:\Users\Willi\AppData\Roaming\uTorrent\uTorrent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(BitTorrent Inc.) C:\Users\Willi\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(BitTorrent Inc.) C:\Users\Willi\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-18] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\Run: [uTorrent] => C:\Users\Willi\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-04] (BitTorrent Inc.)
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\MountPoints2: {40b74e97-e250-11df-bfe2-6cf049dae786} - F:\Install.exe
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\MountPoints2: {4f41090e-9a3c-11e1-b11b-6cf049dae786} - I:\LaunchEAWG.exe
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\MountPoints2: {8cca2d7b-e892-11e0-821b-6cf049dae786} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-08-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
Tcpip\..\Interfaces\{8A10B4FD-CCC7-4496-A166-3537D0158613}: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp
URLSearchHook: HKLM-x32 - Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files (x86)\Brothersoft\tbBrot.dll No File
SearchScopes: HKLM-x32 -> {C7CB1613-9ACA-40DD-9E8A-39A554B3D471} URL = hxxp://www.toggle.com/en/index.php?rvs=hompag
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> DefaultScope {A2D47C69-7929-4e72-8F06-E010CA7EECE4} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {45D320D7-F13F-4a07-B5CD-76A6E91A932F} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={95A66B29-20CF-4C43-ABD4-ED9FB2FB4357}&mid=7a82322211994978a020966a16c0ea32-5a45b9b6cb09eb19ca02b2a4b211e388680a21e3&lang=en&ds=AVG&pr=fr&d=2012-10-11 13:38:17&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {A2D47C69-7929-4e72-8F06-E010CA7EECE4} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {C7CB1613-9ACA-40DD-9E8A-39A554B3D471} URL = 
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: BFlix Class -> {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} -> C:\Program Files (x86)\BFlix\BFlix.dll => No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll => No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\19.2.0.326\AVG Secure Search_toolbar.dll [2016-01-26] (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Norton Safe Web Lite BHO -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\coIEPlg.dll => No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File
Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKLM-x32 - No Name - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File
Toolbar: HKLM-x32 - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.2.0\ViProtocol.dll [2016-01-26] (AVG Secure Search)
 
FireFox:
========
FF ProfilePath: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9cgjk.default-1449576150533
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.2.0\\npsitesafety.dll [No File]
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-22] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-03-22] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1434546154-2345726292-1624916509-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Willi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-12-01] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1434546154-2345726292-1624916509-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2016-01-26]
FF Extension: . - C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9cgjk.default-1449576150533\extensions\{52687473-bd36-cf2d-bc39-541c7b7a1a42} [2016-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Users\Willi\Documents\Games\Fiddler2\FiddlerHook => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.9.0.230 => not found
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.17\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.17\coFFNST [2013-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-09] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Willi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Profile: C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [kpojpihgafjhbgkgaglhighomjceieff] - C:\Program Files (x86)\BFlix\BFlix.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [503296 2016-01-21] (Adobe Systems Incorporated) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [320000 2015-12-28] (Microsoft Corporation) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [275968 2015-12-28] (Microsoft Corporation) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3878400 2015-12-28] (AVG Technologies CZ, s.r.o.) [File not signed]
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [521728 2015-12-28] (AVG Technologies CZ, s.r.o.) [File not signed]
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [300032 2015-12-28] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [328704 2015-12-28] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [349696 2015-12-28] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [936448 2015-12-28] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [368128 2015-12-28] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [929792 2015-12-28] (Microsoft Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1383424 2015-12-29] (NVIDIA Corporation) [File not signed]
S4 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [379904 2015-12-28] (Google Inc.) [File not signed]
S4 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [379904 2015-12-28] (Google Inc.) [File not signed]
S2 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [1092096 2015-12-28] (Microsoft Corporation) [File not signed]
S2 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [355328 2015-12-28] (Microsoft Corporation) [File not signed]
R2 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [878592 2015-12-28] (Apple Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1748480 2016-01-31] (Malwarebytes) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1371136 2016-01-31] (Malwarebytes) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [31200256 2015-12-28] (Microsoft Corporation) [File not signed]
S2 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [379392 2015-12-28] (Mozilla Foundation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [382464 2015-12-28] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20057088 2015-12-30] (NVIDIA Corporation) [File not signed]
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5159424 2015-12-29] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [255488 2015-12-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [801280 2016-01-28] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3766272 2016-01-31] (Microsoft Corporation) [File not signed]
S2 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1072128 2016-01-26] (Valve Corporation) [File not signed]
R2 VSS; C:\Windows\system32\vssvc.exe [1840128 2015-12-28] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1488896 2015-12-28] (Microsoft Corporation) [File not signed]
S2 wbengine; C:\Windows\system32\wbengine.exe [1747456 2015-12-28] (Microsoft Corporation) [File not signed]
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2525184 2015-12-30] (Microsoft Corporation) [File not signed]
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [443392 2015-12-28] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1766400 2015-12-30] (Microsoft Corporation) [File not signed]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [X]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe" [X]
S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll" /prefetch:1
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S2 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"
S2 vToolbarUpdater19.2.0; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.2.0\ToolbarUpdater.exe" [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-07-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.011\ccSetx64.sys [167048 2011-08-09] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-07-09] ()
R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-31] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2010-11-06] (Acronis)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 BS2957810525; \??\C:\Users\Willi\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 19:15 - 2016-01-31 19:11 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2016-01-31 15:20 - 2016-01-31 15:20 - 02370560 _____ (Farbar) C:\Users\Willi\Downloads\FRST64.exe
2016-01-31 15:20 - 2016-01-31 15:20 - 00030185 _____ C:\Users\Willi\Downloads\FRST.txt
2016-01-31 14:18 - 2016-01-31 14:21 - 01056768 _____ C:\Windows\system32\defltvase.sdb
2016-01-31 10:35 - 2016-01-31 10:35 - 00000000 ____D C:\e8d4ab0992e01c130e
2016-01-31 10:02 - 2016-01-31 10:03 - 20940872 _____ C:\Users\Willi\Downloads\RogueKiller.exe
2016-01-31 10:02 - 2016-01-31 10:02 - 01609032 _____ (Malwarebytes) C:\Users\Willi\Downloads\JRT.exe
2016-01-31 10:02 - 2016-01-31 10:02 - 01507840 _____ C:\Users\Willi\Downloads\adwcleaner_5.031.exe
2016-01-31 10:00 - 2016-01-31 10:00 - 02870984 _____ (ESET) C:\Users\Willi\Downloads\esetsmartinstaller_enu.exe
2016-01-31 09:42 - 2016-01-31 09:42 - 00000022 _____ C:\Users\Willi\Downloads\ESETPoweliksCleaner.exe_20160131.094216.3764.zip
2016-01-31 09:24 - 2016-01-31 09:24 - 00001055 _____ C:\Users\Willi\Documents\MBscan1.txt
2016-01-31 09:04 - 2016-01-31 09:04 - 00224968 _____ (ESET) C:\Users\Willi\Downloads\ESETPoweliksCleaner.exe
2016-01-31 09:03 - 2016-01-31 09:03 - 01258432 _____ (AVG Technologies CZ) C:\Users\Willi\Downloads\avg_remover_poweliks.exe
2016-01-31 08:51 - 2016-01-31 08:51 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Willi\Downloads\rkill.exe
2016-01-31 08:50 - 2016-01-31 08:50 - 05653508 _____ (Swearware) C:\Users\Willi\Downloads\ComboFix.exe
2016-01-31 08:45 - 2016-01-31 15:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-31 08:44 - 2016-01-31 10:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-31 08:44 - 2016-01-31 08:44 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-31 08:44 - 2016-01-31 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-31 08:44 - 2016-01-31 08:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-31 08:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-31 08:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-31 08:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-31 08:42 - 2016-01-31 08:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-31 08:35 - 2016-01-31 08:42 - 00448616 _____ C:\TDSSKiller.3.1.0.9_31.01.2016_08.35.35_log.txt
2016-01-31 08:34 - 2016-01-31 09:45 - 00000000 ____D C:\ProgramData\Avg
2016-01-31 08:33 - 2016-01-31 09:44 - 00000000 ____D C:\Users\Willi\AppData\Local\AvgSetupLog
2016-01-31 08:33 - 2016-01-31 08:33 - 00000000 ____D C:\Users\Willi\AppData\Local\Avg
2016-01-30 21:11 - 2016-01-31 15:20 - 00000000 ____D C:\FRST
2016-01-30 18:30 - 2016-01-30 20:38 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-01-29 22:06 - 2016-01-29 22:06 - 00271240 _____ C:\Windows\Minidump\012916-22760-01.dmp
2016-01-29 21:14 - 2016-01-29 21:14 - 02979296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG.exe
2016-01-29 21:06 - 2016-01-29 21:07 - 14243008 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\mseinstall.exe
2016-01-29 21:03 - 2016-01-29 21:03 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Willi\Downloads\tdsskiller.exe
2016-01-29 21:00 - 2016-01-29 21:01 - 22908888 _____ (Malwarebytes ) C:\Users\Willi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-27 19:40 - 2016-01-27 19:40 - 09723600 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\WindowsUpdateAgent-7.6-x86.exe
2016-01-27 19:37 - 2016-01-27 19:37 - 02026382 _____ C:\Users\Willi\Downloads\wsusoffline1032.zip
2016-01-27 19:30 - 2016-01-27 19:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\MicrosoftFixit.wu.RNP.Run.exe
2016-01-27 19:11 - 2016-01-27 19:11 - 00302011 _____ C:\Users\Willi\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-27 18:25 - 2016-01-27 18:25 - 00270248 _____ C:\Windows\Minidump\012716-92352-01.dmp
2016-01-27 18:23 - 2016-01-29 22:13 - 01089072 _____ C:\Windows\ntbtlog.txt
2016-01-27 18:20 - 2016-01-27 18:20 - 00003228 _____ C:\Windows\System32\Tasks\{BAFF12E7-F654-4B74-83C6-EDFF0DE21A69}
2016-01-27 18:20 - 2016-01-27 18:20 - 00003228 _____ C:\Windows\System32\Tasks\{8DF0DABB-28C5-4F11-865C-623AD96ED4DC}
2016-01-27 18:20 - 2016-01-27 18:20 - 00003228 _____ C:\Windows\System32\Tasks\{57FAA59F-0CB9-496A-B7DB-0690966F51CA}
2016-01-27 18:15 - 2016-01-27 18:15 - 00002813 _____ C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2016-01-27 18:15 - 2016-01-27 18:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2016-01-27 18:08 - 2016-01-27 18:08 - 00359656 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\msicuu2.exe
2016-01-27 18:06 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2016-01-27 17:36 - 2016-01-31 15:16 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\uTorrent
2016-01-27 16:59 - 2016-01-29 20:00 - 00000390 _____ C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685.job
2016-01-27 16:59 - 2016-01-27 17:42 - 00003196 _____ C:\Windows\System32\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685
2016-01-27 16:58 - 2016-01-27 16:58 - 00000000 ____D C:\Users\Willi\AppData\Local\Registry_Cleaner_Pro
2016-01-27 15:49 - 2016-01-27 15:49 - 00000000 ____D C:\Users\Willi\AppData\Local\Registry Cleaner Pro
2016-01-27 15:47 - 2016-01-27 15:47 - 00003520 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-01-27 15:34 - 2016-01-27 15:34 - 00003344 _____ C:\Windows\System32\Tasks\PC Cleaner Pro Update Job
2016-01-27 15:34 - 2016-01-27 15:34 - 00003226 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
2016-01-27 15:34 - 2016-01-18 20:26 - 05310360 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
2016-01-27 11:25 - 2016-01-31 08:38 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-26 17:43 - 2016-01-26 17:43 - 00262144 _____ C:\Windows\Minidump\012616-64210-01.dmp
2016-01-26 16:45 - 2016-01-26 16:45 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG_Protection_Free_698 (1).exe
2016-01-26 15:32 - 2016-01-26 15:32 - 00271240 _____ C:\Windows\Minidump\012616-24616-01.dmp
2016-01-26 14:11 - 2016-01-26 16:44 - 00000000 ____D C:\Users\Willi\Downloads\Icon Folder
2016-01-25 22:56 - 2016-01-25 22:56 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\Monomi Park
2016-01-20 15:52 - 2016-01-20 15:52 - 08338221 _____ C:\Users\Willi\Downloads\axj0jqn_460sv.mp4
2016-01-18 20:11 - 2016-01-29 22:06 - 304010120 _____ C:\Windows\MEMORY.DMP
2016-01-17 14:56 - 2016-01-17 14:56 - 00324404 _____ C:\Users\Willi\Downloads\62734170067282909.pdf
2016-01-17 14:55 - 2016-01-17 14:55 - 00324342 _____ C:\Users\Willi\Downloads\62734170067282917.pdf
2016-01-16 00:53 - 2016-01-16 00:54 - 00000000 _____ C:\Users\Willi\AppData\Local\{4E54C26F-C9B5-44D6-9469-E2C9BC723966}
2016-01-12 18:25 - 2016-01-12 18:25 - 01311770 _____ C:\Users\Willi\Downloads\W3ZMEv10.zip
2016-01-10 02:06 - 2016-01-10 02:07 - 00000000 ____D C:\Users\Willi\Downloads\[HorribleSubs] Assassination Classroom (01-22) [720p] (Batch)
2016-01-07 11:33 - 2016-01-07 11:33 - 00000108 _____ C:\ProgramData\i38baecjbfd.dat
2016-01-05 14:37 - 2016-01-05 14:37 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-01-05 14:36 - 2016-01-05 14:37 - 00000000 ____D C:\Program Files (x86)\Safari
2016-01-05 14:31 - 2016-01-05 14:31 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup (1).exe
2016-01-05 14:10 - 2016-01-05 14:10 - 00716405 _____ C:\Users\Willi\Downloads\Coles eGift Card.webarchive
2016-01-05 14:07 - 2016-01-05 14:08 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup.exe
2016-01-05 11:33 - 2016-01-05 11:33 - 00010288 ____N C:\bootsqm.dat
2016-01-03 03:01 - 2016-01-03 03:01 - 00000000 ____D C:\Users\Willi\Downloads\vlc-skins
2016-01-03 02:59 - 2016-01-03 02:59 - 38802013 _____ C:\Users\Willi\Downloads\vlc-skins.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-31 17:27 - 2012-01-17 12:55 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2016-01-31 17:26 - 2009-07-14 10:52 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
2016-01-31 15:21 - 2011-05-20 21:27 - 00000000 ____D C:\Users\Willi\AppData\Roaming\uTorrent
2016-01-31 15:19 - 2015-12-29 11:06 - 00000003 _____ C:\ProgramData\baecjbfd38.nls
2016-01-31 15:15 - 2013-06-08 11:47 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-01-31 15:15 - 2013-06-03 08:29 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-01-31 15:15 - 2010-10-26 19:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-31 15:14 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-31 14:53 - 2009-07-14 15:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-31 14:53 - 2009-07-14 15:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-31 14:02 - 2011-10-26 19:25 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-01-31 13:58 - 2012-04-02 08:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-31 13:24 - 2010-10-26 19:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-31 09:45 - 2010-10-23 16:46 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-31 09:26 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-31 09:25 - 2014-01-06 01:59 - 00000000 ____D C:\Users\Willi\AppData\Local\genienext
2016-01-31 09:25 - 2012-09-03 23:30 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-01-31 08:27 - 2012-01-17 12:54 - 03766272 ____T (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-01-29 21:12 - 2010-10-23 16:15 - 00000000 ____D C:\Users\Willi
2016-01-29 16:05 - 2010-11-04 16:29 - 00000370 _____ C:\Windows\Tasks\GlaryUpdate.job
2016-01-28 20:42 - 2012-08-16 08:33 - 00801280 ____T (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-01-28 15:49 - 2012-02-12 13:29 - 00000000 ____D C:\ProgramData\InstallMate
2016-01-28 14:49 - 2010-10-23 16:34 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18161333-E3D5-452A-BA59-56D3A5BA1C7C}
2016-01-28 11:52 - 2015-12-08 22:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-28 11:52 - 2015-09-05 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-28 11:52 - 2015-08-12 23:11 - 00000000 ____D C:\081eae46e41ea8cc6d
2016-01-28 11:52 - 2015-01-25 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Goo
2016-01-28 11:52 - 2015-01-08 15:54 - 00000000 ____D C:\Windows\Bejeweled 3
2016-01-28 11:52 - 2015-01-08 15:54 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled 3
2016-01-28 11:52 - 2014-12-22 10:24 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA
2016-01-28 11:52 - 2014-12-22 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2016-01-28 11:52 - 2014-08-28 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxy
2016-01-28 11:52 - 2014-06-26 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-01-28 11:52 - 2014-05-30 23:26 - 00000000 ____D C:\Users\Willi\Documents\Warcraft- Frozen Throne
2016-01-28 11:52 - 2014-04-28 18:13 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-01-28 11:52 - 2014-04-24 11:03 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banished 1.0
2016-01-28 11:52 - 2014-02-09 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2016-01-28 11:52 - 2014-02-08 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2016-01-28 11:52 - 2014-01-06 01:59 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2016-01-28 11:52 - 2013-12-23 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2016-01-28 11:52 - 2013-12-15 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5th Cell Media
2016-01-28 11:52 - 2013-10-22 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
2016-01-28 11:52 - 2013-10-15 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteBurner
2016-01-28 11:52 - 2013-10-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneClone
2016-01-28 11:52 - 2013-07-25 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2016-01-28 11:52 - 2013-05-27 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2016-01-28 11:52 - 2013-02-19 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media converter
2016-01-28 11:52 - 2013-02-11 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZombieModding
2016-01-28 11:52 - 2013-01-11 13:09 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-01-28 11:52 - 2012-11-19 00:55 - 00000000 ____D C:\Users\UpdatusUser
2016-01-28 11:52 - 2012-10-30 20:53 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mixxx
2016-01-28 11:52 - 2012-08-12 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2016-01-28 11:52 - 2012-06-11 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
2016-01-28 11:52 - 2012-06-05 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CBR Reader
2016-01-28 11:52 - 2012-05-19 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2016-01-28 11:52 - 2012-04-23 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
2016-01-28 11:52 - 2012-04-11 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2016-01-28 11:52 - 2012-02-12 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BFlix
2016-01-28 11:52 - 2011-10-15 18:51 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gundemonium Collection
2016-01-28 11:52 - 2011-09-27 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2016-01-28 11:52 - 2011-07-20 21:53 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-01-28 11:52 - 2011-03-25 18:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Mozilla
2016-01-28 11:52 - 2010-12-09 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2016-01-28 11:52 - 2010-11-04 16:28 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2016-01-28 11:52 - 2010-10-29 07:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-28 11:52 - 2010-10-23 16:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-28 11:52 - 2010-10-23 16:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-28 11:52 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\servicing
2016-01-28 11:51 - 2012-03-10 19:20 - 00000000 ____D C:\Program Files\DivX
2016-01-28 11:51 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\registration
2016-01-28 11:50 - 2013-04-21 16:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-01-28 11:50 - 2011-11-26 11:56 - 00000000 ____D C:\Users\Willi\AppData\Roaming\.minecraft
2016-01-28 11:50 - 2010-10-26 19:23 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Macromedia
2016-01-28 11:49 - 2013-09-18 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-01-28 11:49 - 2012-03-10 19:19 - 00000000 ____D C:\ProgramData\DivX
2016-01-28 11:49 - 2011-07-20 21:53 - 00000000 ____D C:\ProgramData\HP
2016-01-28 11:48 - 2013-01-18 11:43 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-01-28 11:48 - 2011-07-20 21:52 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-28 11:48 - 2010-10-23 16:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-28 11:48 - 2009-07-14 14:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-28 07:44 - 2015-04-21 15:01 - 00000000 ____D C:\Users\Willi\AppData\Roaming\vlc
2016-01-27 19:31 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-27 19:16 - 2010-11-12 18:38 - 00000000 ____D C:\Users\Willi\AppData\Local\ElevatedDiagnostics
2016-01-27 18:25 - 2012-05-23 14:35 - 00000000 ____D C:\Windows\Minidump
2016-01-27 18:15 - 2012-01-06 16:31 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-01-27 18:01 - 2012-11-19 07:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-27 18:01 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2016-01-27 17:34 - 2010-10-23 16:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 16:40 - 2012-02-18 19:47 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-27 16:32 - 2011-11-26 10:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2016-01-27 15:50 - 2014-03-07 16:58 - 00000000 ____D C:\Users\Willi\Documents\Thief
2016-01-27 15:50 - 2013-10-15 21:57 - 00000000 ____D C:\Users\Willi\Documents\TuneClone
2016-01-27 15:50 - 2011-07-20 21:53 - 00000000 ____D C:\Users\Willi\AppData\Roaming\HpUpdate
2016-01-27 15:37 - 2014-12-22 10:25 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA Corporation
2016-01-27 12:12 - 2013-08-25 15:54 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Olna
2016-01-27 10:29 - 2015-04-06 00:58 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-26 22:03 - 2009-07-14 16:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-26 21:17 - 2010-10-25 17:35 - 00133048 _____ C:\Users\Willi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-26 21:16 - 2009-07-14 15:45 - 00467976 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-26 19:18 - 2011-07-20 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-01-26 19:17 - 2013-10-12 02:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-26 19:04 - 2013-09-01 12:37 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-01-26 19:02 - 2010-10-23 16:24 - 00000000 ____D C:\ProgramData\InstallShield
2016-01-26 18:46 - 2010-10-23 17:31 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-26 17:36 - 2012-03-31 16:29 - 00000000 ____D C:\Users\Willi\AppData\Local\Ubisoft Game Launcher
2016-01-26 17:25 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-26 17:04 - 2013-01-18 13:51 - 00000000 ____D C:\Users\Willi\Documents\Electronic Arts
2016-01-26 16:56 - 2011-03-26 15:55 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-26 16:48 - 2015-12-27 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ƒ
2016-01-26 15:39 - 2012-10-11 13:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2016-01-26 15:35 - 2015-04-16 16:37 - 00002564 _____ C:\Windows\system32\CFG2957810525
2016-01-23 11:48 - 2012-02-21 07:57 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Media Player Classic
2016-01-23 02:56 - 2012-03-19 19:38 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-21 12:58 - 2014-11-27 16:58 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-21 12:58 - 2012-04-02 08:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-21 12:58 - 2012-04-02 08:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-21 12:58 - 2011-08-30 17:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-19 12:26 - 2009-07-14 16:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-18 20:33 - 2015-11-11 21:23 - 00000000 ____D C:\8743d51bd6c6c7c48d4b92ccf55c252a
2016-01-18 20:33 - 2015-05-13 22:07 - 00000000 ____D C:\196f01c63f8a34c8ee60
2016-01-18 20:33 - 2015-04-29 21:08 - 00000000 ____D C:\Users\Willi\AppData\Roaming\tor
2016-01-18 20:33 - 2015-02-12 03:21 - 00000000 ____D C:\7f2f401ed84fb5678026a9255954b6bd
2016-01-18 20:33 - 2014-12-05 15:20 - 00000000 ____D C:\Program Files\CCleaner
2016-01-18 20:33 - 2013-10-08 11:48 - 00000000 ____D C:\Program Files\Calibre2
2016-01-18 14:41 - 2015-09-05 13:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-18 02:26 - 2015-09-06 22:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-18 02:24 - 2015-09-06 22:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 00:51 - 2010-10-23 12:38 - 00000000 ____D C:\Windows\softwaredistribution.old
2016-01-05 14:37 - 2011-07-28 22:30 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Apple Computer
2016-01-05 14:37 - 2011-07-28 22:30 - 00000000 ____D C:\Users\Willi\AppData\Local\Apple Computer
 
==================== Files in the root of some directories =======
 
2013-06-27 08:32 - 2014-06-23 12:05 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2009-07-14 10:19 - 2009-07-14 12:52 - 0000230 _____ () C:\Users\Willi\AppData\Roaming\PBS2957810525.ini
2011-05-09 19:43 - 2015-01-01 18:22 - 0040448 _____ () C:\Users\Willi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-23 08:51 - 2013-02-23 08:51 - 0000093 _____ () C:\Users\Willi\AppData\Local\fusioncache.dat
2016-01-16 00:53 - 2016-01-16 00:54 - 0000000 _____ () C:\Users\Willi\AppData\Local\{4E54C26F-C9B5-44D6-9469-E2C9BC723966}
2011-11-29 07:41 - 2011-11-29 07:41 - 0000000 _____ () C:\Users\Willi\AppData\Local\{6D251824-50CC-45F3-BFBD-C92A7EEE7E4C}
2015-12-29 11:06 - 2015-12-29 11:06 - 0129625 _____ () C:\ProgramData\aai19475cm.dat
2013-08-24 18:29 - 2013-08-25 00:34 - 0001300 ___SH () C:\ProgramData\b6a9a42b-a585-40b4-b62a-f8372f26831e
2015-12-29 11:06 - 2016-01-31 15:19 - 0000003 _____ () C:\ProgramData\baecjbfd38.nls
2016-01-07 11:33 - 2016-01-07 11:33 - 0000108 _____ () C:\ProgramData\i38baecjbfd.dat
2015-12-29 11:06 - 2015-12-29 11:06 - 0192377 _____ () C:\ProgramData\iim19477bov.dat
2016-01-27 15:34 - 2016-01-18 20:26 - 5310360 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
2013-11-24 19:36 - 2013-11-24 19:36 - 0000040 _____ () C:\ProgramData\ra3.ini
 
Files to move or delete:
====================
C:\ProgramData\aai19475cm.dat
C:\ProgramData\i38baecjbfd.dat
C:\ProgramData\iim19477bov.dat
C:\ProgramData\pclunst.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clicenum.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 00:03
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Willi (2016-01-31 15:21:41)
Running from C:\Users\Willi\Downloads
Windows 7 Professional Service Pack 1 (X64) (2010-10-23 05:15:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1434546154-2345726292-1624916509-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1434546154-2345726292-1624916509-1005 - Limited - Enabled)
Guest (S-1-5-21-1434546154-2345726292-1624916509-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1434546154-2345726292-1624916509-1002 - Limited - Enabled)
Willi (S-1-5-21-1434546154-2345726292-1624916509-1000 - Administrator - Enabled) => C:\Users\Willi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acronis True Image Home (HKLM-x32\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 9.12 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.1.2 - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 19.2.0.326 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\Bejeweled 31.0) (Version: 1.0 - AllSmartGames)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Browser Configuration Utility (HKLM-x32\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.) <==== ATTENTION
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{0DE5DC1F-24E3-4B25-9675-B773EBCA0AD1}) (Version: 1.34.0 - Kovid Goyal)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.70.0 - International GeoGebra Institute)
Glary Utilities Pro 2.23.0.923 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.23.0.923 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6000 E609 Series (HKLM\...\{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11502 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I Am Alive (HKLM-x32\...\InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}) (Version: 1.00.0 - Ubisoft)
I Am Alive (x32 Version: 1.00.0 - Ubisoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Kingdom (HKLM-x32\...\Kingdom_is1) (Version:  - )
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKV player (HKLM-x32\...\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1) (Version:  - )
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\UnityWebPlayer) (Version: 2.6.1f3_31223 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX HD Video Converter Deluxe 3.12.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software,Inc.)
World in Conflict (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Ubisoft Entertainment)
YTD Video Downloader 4.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.0 - GreenTree Applications SRL) <==== ATTENTION
Zafehouse Diaries (HKLM-x32\...\GOGPACKZAFEHOUSEDIARIES_is1) (Version: 2.0.0.3 - GOG.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C1D0183-D567-4EE0-B890-D5FDAE156D95} - System32\Tasks\{42A62DAC-EDC0-40E4-B193-F9365176626C} => pcalua.exe -a "L:\games\The Forest.exe" -d L:\games
Task: {0CE00F13-AE16-4C01-90D7-A4581E73D1AB} - System32\Tasks\{797717DC-6C8A-4EA4-9781-4EE27FE4B8B5} => pcalua.exe -a H:\Portable_CS1.6.exe -d H:\
Task: {10F2C085-4A5A-4490-906A-534B3421D23B} - System32\Tasks\PCCleaner-Maintenance-Autorun => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe
Task: {14E03CCC-F563-4980-A74D-975A29DD7B40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {1937E039-BB69-4D01-BB35-B9BB14E2F3F4} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {1ED808BE-E3C6-46FD-9FCB-958BACFD97B1} - System32\Tasks\{C652830A-3145-412E-A1FF-E5192984E58E} => pcalua.exe -a "L:\games\The Sims 3 - Island Paradise\Sims3EP10Setup.exe" -d "L:\games\The Sims 3 - Island Paradise"
Task: {2324A7A8-E464-4242-BA45-A37568E6B41E} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Willi\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION
Task: {23CF4F1F-DF63-41BA-A167-1831771D749F} - System32\Tasks\{A7D70F97-135B-4355-BECA-4B035C502708} => pcalua.exe -a "E:\C&amp;C Generals + Zero Hour.exe" -d E:\
Task: {277090B6-3E13-418B-8C61-1535DBAA3B3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {349F54AC-CC60-4368-858D-D64505207153} - System32\Tasks\Microsoft\f23c5fe1cd043f1f65accec74ace9b08 => C:\Users\Willi\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {3C3410FA-D7D5-46E8-8E57-9C27797E729C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {41289A4D-0644-4849-B34C-24B801445A79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {475BBBDC-9933-4752-B3C6-739E9FF760DC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{2343BE90-7C59-40F7-B0E7-27B509DB33BC}.exe
Task: {4FC1B404-A0FE-4359-ACF1-459042FDC1C3} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {55DC5245-D720-41B8-9DB4-8723BF932DE3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {5631DA9E-0C4A-4419-8F34-DE68569BFFCF} - System32\Tasks\4694 => C:\Windows\system32\wscript.exe [2013-10-12] (Microsoft Corporation) <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5BD16B7C-5A2D-40C6-A3A2-52A82BCF58B3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {6B91ECEF-4042-4576-A7F9-7B11A3FE3D90} - System32\Tasks\{323070F4-A4CE-4ADE-9D8D-87A126339EA2} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {6FAA50CE-3746-41C3-8400-7BDA50D10AD3} - System32\Tasks\{AD12C3B4-78F4-4930-9CD9-9A5AB5EA9CBB} => pcalua.exe -a C:\Users\Willi\Documents\MuseScore-1.1.exe -d C:\Users\Willi\Documents
Task: {70FA370B-CE71-4BF6-BACF-6FE74F5D2E3B} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-28] ()
Task: {753B3632-9B75-47C0-8326-2A06DE24C336} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)
Task: {81709698-CCFB-40EB-B096-8F1C3CE5DFDE} - System32\Tasks\PCCleaner-AutoCleanup-Task => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe
Task: {84E24EFE-497A-4034-8DEF-D0930780DC49} - System32\Tasks\{7B95996B-A5BD-4575-BE7E-E9D166902D9B} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {9613BC94-FB52-4C18-AD4D-151B826F0EFD} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-20] ()
Task: {A25E7027-FA36-4020-9D2A-ABF2EB20C527} - System32\Tasks\{BD44E86F-0CD0-4DE2-AB78-5624B402051A} => pcalua.exe -a "L:\games\The Sims 3 - Ambitions\Sims3EP02Setup.exe" -d "L:\games\The Sims 3 - Ambitions"
Task: {A4D8D5A3-38F3-465A-8508-E09D94276B23} - System32\Tasks\{583312CF-DFB7-4D42-B1A5-4FE4A48A09EA} => pcalua.exe -a "E:\Games\Portable Counter-Strike Source by ZeroX.exe" -d E:\Games
Task: {A5136595-DC3C-4E69-8C4F-B998E7E9283D} - System32\Tasks\{8A3C2642-2966-41CE-8931-4971C7E222BF} => pcalua.exe -a E:\AUTORUN.EXE -d E:\
Task: {BB03B76A-94B9-4172-9844-530F81C70742} - System32\Tasks\PC Cleaner Pro Update Job => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe
Task: {CBBD4336-F0AB-4540-BD09-11AE57008313} - System32\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685 => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTION
Task: {D0E6C695-9CB3-4AF6-890A-31E90A792EE0} - System32\Tasks\{2746560B-54B1-4BF0-8116-C9B74C4B25A3} => pcalua.exe -a "C:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=C:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default
Task: {D1F4D7EF-5EF7-470E-BA9C-A01214AC3336} - System32\Tasks\{3C8A4CA9-9E8A-43F6-AC54-5BB7243F489C} => pcalua.exe -a "E:\Wilson Huynh\Games\Portable Counter-Strike Source by ZeroX.exe" -d "E:\Wilson Huynh\Games"
Task: {D70AB74D-61E2-4328-8CAC-9D3ADAFD04FF} - System32\Tasks\{289D5770-9428-48B5-9EC9-792AAAE60899} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {DA71BE41-90BE-40BA-AE89-A07848255607} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{CAF961A7-3445-4885-9AF8-9DECFCD62B77}.exe
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DE5BB14E-3EB6-4F8C-8EB7-EEF0D147F0A5} - System32\Tasks\{57FAA59F-0CB9-496A-B7DB-0690966F51CA} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
Task: {E082E142-2023-4671-AD50-2AA2E03423A5} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E0BB3211-DC07-48FB-B5C3-DB8F4335DEAD} - System32\Tasks\{8DF0DABB-28C5-4F11-865C-623AD96ED4DC} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
Task: {E3A2E832-9B10-4BA5-B660-4E930131C16E} - System32\Tasks\GlaryUpdate => C:\Program Files (x86)\Glary Utilities\webupdate.exe [2010-05-26] (Glarysoft Ltd)
Task: {EE13B27E-FFB6-4C6C-A45C-617F6D58C593} - System32\Tasks\{3FE7960E-BE5B-45E8-8AB9-C1E523626125} => pcalua.exe -a "G:\New folder\Skyrim\install.exe" -d "G:\New folder\Skyrim"
Task: {F594E02F-31F7-41F2-BFA3-26E1E82D58E6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {F77DF2BB-1DB8-4A6D-9DC2-4D7EF97237A9} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2010-05-26] (Glarysoft Ltd)
Task: {FF4DBCE4-5F01-413C-9EFF-27ED6C567A74} - System32\Tasks\{BAFF12E7-F654-4B74-83C6-EDFF0DE21A69} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{CAF961A7-3445-4885-9AF8-9DECFCD62B77}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{2343BE90-7C59-40F7-B0E7-27B509DB33BC}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => 
Task: C:\Windows\Tasks\GlaryUpdate.job => C:\Program Files (x86)\Glary Utilities\webupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685.job => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-18 14:41 - 2016-01-13 03:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-18 14:41 - 2016-01-13 03:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:27FC7C9E
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2016-01-27 15:40 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 idnet.ua-corp.com
127.0.0.1 pc-cleaners.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.220.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppsHat => C:\Users\Willi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
MSCONFIG\startupreg: Google Update => "C:\Users\Willi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstallIQUpdater => "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
MSCONFIG\startupreg: Internet Security => C:\ProgramData\amsecure.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LxrAutorun => C:\Users\Willi\AppData\Local\Lexar Media\LxrAutorun.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NoteBurner => C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe /silence
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
The system cannot find message text for message number 0x1069 in the message file for (null).
 
More help is available by typing NET HELPMSG 4201.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 3835.49 MB
Available physical RAM: 1951.14 MB
Total Virtual: 7669.19 MB
Available Virtual: 5424.46 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:271 GB) NTFS
Drive d: (GIGABYTE) (CDROM) (Total:2.7 GB) (Free:0 GB) CDFS
Drive l: (Infinity) (Fixed) (Total:1397.26 GB) (Free:209.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EAD4F996)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 9E723981)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 31 January 2016 - 09:21 AM

Hi primewatcher,
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

AVG Security Toolbar
Browser Configuration Utility
Glary Utilities Pro 2.23.0.923
McAfee Security Scan Plus

Additional instructions can be found here if needed.
 
--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 01 February 2016 - 05:00 AM

Hi xXToffeexX

I have uninstalled all the programs you have asked and  have run the Adwcleaner.exe. You never mentioned if I should press the clean button after it is finished scanning so if you could please advise on that it would be great. 

 

The logfile is as follows. There are no entries that are that concern me and all can be removed if necessary. 

 

# AdwCleaner v5.032 - Logfile created 01/02/2016 at 20:35:43
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Willi - WILLI-PC
# Running from : C:\Users\Willi\Downloads\adwcleaner_5.032.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : OutfoxTvService
Service Found : vToolbarUpdater19.2.0
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\DeviceVM
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Free Ride Games
Folder Found : C:\ProgramData\Store
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Willi\AppData\Local\apn
Folder Found : C:\Users\Willi\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Willi\AppData\Local\Conduit
Folder Found : C:\Users\Willi\AppData\Local\genienext
Folder Found : C:\Users\Willi\AppData\Local\Ilivid Player
Folder Found : C:\Users\Willi\AppData\Local\iWin
Folder Found : C:\Users\Willi\AppData\Local\Mobogenie
Folder Found : C:\Users\Willi\AppData\Local\PackageAware
Folder Found : C:\Users\Willi\AppData\Local\28050
Folder Found : C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found : C:\Users\Willi\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Willi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Willi\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Willi\AppData\LocalLow\wincorebsband
Folder Found : C:\Users\Willi\AppData\Roaming\DownloadManager
Folder Found : C:\Users\Willi\AppData\Roaming\Yahoo!\Companion
Folder Found : C:\Users\Willi\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\Users\Public\Desktop\YTD Video Downloader.lnk
File Found : C:\Users\Willi\daemonprocess.txt
File Found : C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dungeoncrawlernetwork.com_0.localstorage
File Found : C:\Users\Willi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oxy.lnk
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : Your File Updater
Task Found : PC Cleaner Pro Update Job
Task Found : Your File Updater
Task Found : AVG-Secure-Search-Update_JUNE2013_HP_rmv
Task Found : AVG-Secure-Search-Update_JUNE2013_TB_rmv
Task Found : AVG-Secure-Search-Update_JUNE2013_HP_rmv
Task Found : AVG-Secure-Search-Update_JUNE2013_TB_rmv
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\OutfoxTV
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Software\AppDataLow\PlaySushi
Key Found : HKCU\Software\AppDataLow\Software\Brothersoft
Key Found : HKCU\Software\AppDataLow\Software\mediabarbs
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\BFlix
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\PCCleaners
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\W3I
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\APN PIP
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\eSupport.com
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\ilivid
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\IM
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\ImInstaller
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\OutfoxTV
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\PIP
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\StartSearch
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Tutorials
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\YourFileDownloader
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\PlaySushi
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\Software\Brothersoft
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\Software\mediabarbs
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Key Found : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\chatango.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dealply.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\f.linkuryjs.info
 
***** [ Web browsers ] *****
 
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : amfclgbdpgndipgoegfpkkgobahigbcl
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mhkaekfpcppmmioggniknbnbdbcigpkk
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : niapdbllcanepiiimjjndipklodoedlc
[C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pfmopbbadnfoelckkcmjjeaaegjpjjbk
[C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [19856 bytes] ##########


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:13 AM

Posted 01 February 2016 - 03:58 PM

Hi primewatcher,
 

You never mentioned if I should press the clean button after it is finished scanning so if you could please advise on that it would be great. 

We will do that step now, just wanted to make sure there was nothing of a program you purposely installed being removed.
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 primewatcher

primewatcher
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 02 February 2016 - 06:00 AM

Hey xXToffeeXx. I have finished both tasks as you have asked. In order of the log files it is adwcleaner, FRST and addition last. By the way I have never thanked you for the help. To be honest without you, my computer would still be broken so thanks Toffee.

 

# AdwCleaner v5.032 - Logfile created 02/02/2016 at 21:43:17
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Willi - WILLI-PC
# Running from : C:\Users\Willi\Downloads\adwcleaner_5.032.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : OutfoxTvService
[-] Service Deleted : vToolbarUpdater19.2.0
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\DeviceVM
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Free Ride Games
[-] Folder Deleted : C:\ProgramData\Store
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxy
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Willi\AppData\Local\apn
[-] Folder Deleted : C:\Users\Willi\AppData\Local\AVG Secure Search
[-] Folder Deleted : C:\Users\Willi\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Willi\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Willi\AppData\Local\Ilivid Player
[-] Folder Deleted : C:\Users\Willi\AppData\Local\iWin
[-] Folder Deleted : C:\Users\Willi\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Willi\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Willi\AppData\Local\28050
[-] Folder Deleted : C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
[-] Folder Deleted : C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[-] Folder Deleted : C:\Users\Willi\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Users\Willi\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Willi\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Willi\AppData\LocalLow\wincorebsband
[-] Folder Deleted : C:\Users\Willi\AppData\Roaming\DownloadManager
[-] Folder Deleted : C:\Users\Willi\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Willi\AppData\Roaming\YourFileDownloader
[-] Folder Deleted : C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Willi\daemonprocess.txt
[-] File Deleted : C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.dungeoncrawlernetwork.com_0.localstorage
[-] File Deleted : C:\Users\Willi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oxy.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Your File Updater
[-] Task Deleted : PC Cleaner Pro Update Job
[-] Task Deleted : Your File Updater
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_HP_rmv
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_HP_rmv
[-] Task Deleted : AVG-Secure-Search-Update_JUNE2013_TB_rmv
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\OutfoxTV
[-] Key Deleted : HKCU\Software\PIP
[-] Key Deleted : HKCU\Software\StartSearch
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\YourFileDownloader
[-] Key Deleted : HKCU\Software\AppDataLow\PlaySushi
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Brothersoft
[-] Key Deleted : HKCU\Software\AppDataLow\Software\mediabarbs
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\BFlix
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\PCCleaners
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{739126B3-1B80-4F9F-8D59-312A19633E1A}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\APN PIP
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\eSupport.com
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\ilivid
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\IM
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\ImInstaller
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\OutfoxTV
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\PIP
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\StartSearch
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Tutorials
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\YahooPartnerToolbar
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\YourFileDownloader
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\PlaySushi
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\Software\Brothersoft
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\Software\mediabarbs
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Value Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[!] Key Not Deleted : HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\chatango.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dealply.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dotomi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\f.linkuryjs.info
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : amfclgbdpgndipgoegfpkkgobahigbcl
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mhkaekfpcppmmioggniknbnbdbcigpkk
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : niapdbllcanepiiimjjndipklodoedlc
[-] [C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfmopbbadnfoelckkcmjjeaaegjpjjbk
[-] [C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Willi\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [21410 bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Willi (administrator) on WILLI-PC (02-02-2016 21:49:14)
Running from C:\Users\Willi\Downloads
Loaded Profiles: Willi (Available Profiles: Willi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BitTorrent Inc.) C:\Users\Willi\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(BitTorrent Inc.) C:\Users\Willi\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Willi\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-18] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\Run: [uTorrent] => C:\Users\Willi\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-04] (BitTorrent Inc.)
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\MountPoints2: {40b74e97-e250-11df-bfe2-6cf049dae786} - F:\Install.exe
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\MountPoints2: {4f41090e-9a3c-11e1-b11b-6cf049dae786} - I:\LaunchEAWG.exe
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\MountPoints2: {8cca2d7b-e892-11e0-821b-6cf049dae786} - "I:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-08-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
Tcpip\..\Interfaces\{8A10B4FD-CCC7-4496-A166-3537D0158613}: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.toggle.com/en/index.php?rvs=hompag
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKLM-x32 -> {C7CB1613-9ACA-40DD-9E8A-39A554B3D471} URL = hxxp://www.toggle.com/en/index.php?rvs=hompag
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> DefaultScope {A2D47C69-7929-4e72-8F06-E010CA7EECE4} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {45D320D7-F13F-4a07-B5CD-76A6E91A932F} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = 
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {A2D47C69-7929-4e72-8F06-E010CA7EECE4} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> {C7CB1613-9ACA-40DD-9E8A-39A554B3D471} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> No File
BHO-x32: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Toolbar: HKLM - No Name - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File
Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKLM-x32 - No Name - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File
Toolbar: HKLM-x32 - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9cgjk.default-1449576150533
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-03-22] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1434546154-2345726292-1624916509-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Extension: . - C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9cgjk.default-1449576150533\extensions\{52687473-bd36-cf2d-bc39-541c7b7a1a42} [2016-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Users\Willi\Documents\Games\Fiddler2\FiddlerHook => not found
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.17\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.17\coFFNST [2013-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll => No File
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Willi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => No File
CHR Profile: C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Willi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [kpojpihgafjhbgkgaglhighomjceieff] - C:\Program Files (x86)\BFlix\BFlix.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [503296 2016-01-21] (Adobe Systems Incorporated) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [320000 2015-12-28] (Microsoft Corporation) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [275968 2015-12-28] (Microsoft Corporation) [File not signed]
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3878400 2015-12-28] (AVG Technologies CZ, s.r.o.) [File not signed]
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [521728 2015-12-28] (AVG Technologies CZ, s.r.o.) [File not signed]
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [300032 2015-12-28] (Microsoft Corporation) [File not signed]
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [323584 2016-01-31] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [328704 2015-12-28] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [349696 2015-12-28] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [936448 2015-12-28] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [368128 2015-12-28] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [929792 2015-12-28] (Microsoft Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1383424 2015-12-29] (NVIDIA Corporation) [File not signed]
S4 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [379904 2015-12-28] (Google Inc.) [File not signed]
S4 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [379904 2015-12-28] (Google Inc.) [File not signed]
S2 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [1092096 2015-12-28] (Microsoft Corporation) [File not signed]
S2 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [355328 2015-12-28] (Microsoft Corporation) [File not signed]
R2 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [878592 2015-12-28] (Apple Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1748480 2016-01-31] (Malwarebytes) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1371136 2016-01-31] (Malwarebytes) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [31200256 2015-12-28] (Microsoft Corporation) [File not signed]
S2 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [379392 2015-12-28] (Mozilla Foundation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [382464 2015-12-28] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20057088 2015-12-30] (NVIDIA Corporation) [File not signed]
R2 nvsvc; C:\Windows\system32\nvvsvc.exe [1165824 2016-02-02] (NVIDIA Corporation) [File not signed]
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5159424 2015-12-29] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [255488 2015-12-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [801280 2016-01-28] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3766272 2016-01-31] (Microsoft Corporation) [File not signed]
S2 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1072128 2016-01-26] (Valve Corporation) [File not signed]
R2 UI0Detect; C:\Windows\system32\UI0Detect.exe [282112 2016-01-31] (Microsoft Corporation) [File not signed]
R2 vds; C:\Windows\System32\vds.exe [776192 2016-01-31] (Microsoft Corporation) [File not signed]
R2 VSS; C:\Windows\system32\vssvc.exe [1840128 2015-12-28] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1488896 2015-12-28] (Microsoft Corporation) [File not signed]
R2 wbengine; C:\Windows\system32\wbengine.exe [1747456 2015-12-28] (Microsoft Corporation) [File not signed]
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2525184 2015-12-30] (Microsoft Corporation) [File not signed]
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [443392 2015-12-28] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1766400 2015-12-30] (Microsoft Corporation) [File not signed]
S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]
S2 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S2 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 PS3 Media Server; "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf"
S4 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-07-09] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\0200000.011\ccSetx64.sys [167048 2011-08-09] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-07-09] ()
R2 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2010-11-06] (Acronis)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 BS2957810525; \??\C:\Users\Willi\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 21:48 - 2016-02-02 21:48 - 02370560 _____ (Farbar) C:\Users\Willi\Downloads\FRST64.exe
2016-02-02 07:38 - 2016-02-02 07:38 - 00316938 _____ C:\Users\Willi\Downloads\1454284937_Rosemary_Dobson_Poems_2016-02-01.pdf
2016-02-01 21:10 - 2016-02-01 21:10 - 00000000 ____D C:\Users\Willi\Downloads\Subs
2016-02-01 07:08 - 2016-02-01 07:08 - 00001268 _____ C:\Users\Willi\Desktop\Revo Uninstaller.lnk
2016-02-01 07:08 - 2016-02-01 07:08 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-01 07:08 - 2016-02-01 07:08 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-01 07:06 - 2016-02-01 07:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Willi\Downloads\revosetup.exe
2016-02-01 06:51 - 2016-02-02 21:43 - 00000000 ____D C:\AdwCleaner
2016-02-01 06:50 - 2016-02-01 06:50 - 01508352 _____ C:\Users\Willi\Downloads\adwcleaner_5.032.exe
2016-01-31 21:41 - 2016-01-31 21:41 - 00159144 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\WindowsActivationUpdate.exe
2016-01-31 21:35 - 2016-01-31 21:35 - 01674198 _____ C:\Users\Willi\Documents\cc_20160131_213511.reg
2016-01-31 20:39 - 2016-01-31 20:39 - 00002115 _____ C:\Windows\epplauncher.mif
2016-01-31 20:30 - 2016-01-31 20:30 - 00000000 ____D C:\MATS
2016-01-31 20:27 - 2016-01-31 20:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2016-01-31 20:19 - 2016-01-31 20:19 - 00000000 ____D C:\e6835574419f829d464e6d8918d7e7
2016-01-31 20:15 - 2016-01-31 20:18 - 00002530 _____ C:\Users\Willi\Desktop\Rkill.txt
2016-01-31 20:15 - 2016-01-31 20:15 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Willi\Downloads\rkill64.exe
2016-01-31 20:14 - 2016-01-31 20:15 - 00001058 _____ C:\Users\Willi\Downloads\ESETSirefefCleaner.exe_20160131.201454.1444.zip
2016-01-31 20:14 - 2016-01-31 20:14 - 00430280 _____ (ESET) C:\Users\Willi\Downloads\ESETSirefefCleaner.exe
2016-01-31 20:00 - 2016-01-31 20:00 - 00000820 _____ C:\Users\Willi\Downloads\UAC_Level-4_Disable.reg
2016-01-31 20:00 - 2016-01-31 20:00 - 00000820 _____ C:\Users\Willi\Downloads\UAC_Level-3_No_Dim.reg
2016-01-31 20:00 - 2016-01-31 20:00 - 00000820 _____ C:\Users\Willi\Downloads\UAC_Level-2_Default.reg
2016-01-31 20:00 - 2016-01-31 20:00 - 00000820 _____ C:\Users\Willi\Downloads\UAC_Level-1.reg
2016-01-31 19:57 - 2016-01-31 19:57 - 00002098 _____ C:\Users\Willi\Downloads\Add_Take_Ownership_with_Pause_to_context_menu.reg
2016-01-31 19:57 - 2016-01-31 19:57 - 00001118 _____ C:\Users\Willi\Downloads\Remove_Take_Ownership_from_context_menu.reg
2016-01-31 19:54 - 2016-01-31 20:00 - 210797372 _____ (NVIDIA Corporation) C:\Users\Willi\Downloads\Unconfirmed 589728.crdownload
2016-01-31 19:15 - 2016-01-31 19:11 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2016-01-31 15:21 - 2016-01-31 15:23 - 00034438 _____ C:\Users\Willi\Downloads\Addition.txt
2016-01-31 15:20 - 2016-02-02 21:49 - 00027179 _____ C:\Users\Willi\Downloads\FRST.txt
2016-01-31 10:35 - 2016-02-01 11:49 - 00000000 ____D C:\e8d4ab0992e01c130e
2016-01-31 10:02 - 2016-01-31 10:03 - 20940872 _____ C:\Users\Willi\Downloads\RogueKiller.exe
2016-01-31 10:02 - 2016-01-31 10:02 - 01609032 _____ (Malwarebytes) C:\Users\Willi\Downloads\JRT.exe
2016-01-31 10:00 - 2016-01-31 10:00 - 02870984 _____ (ESET) C:\Users\Willi\Downloads\esetsmartinstaller_enu.exe
2016-01-31 09:42 - 2016-01-31 09:42 - 00000022 _____ C:\Users\Willi\Downloads\ESETPoweliksCleaner.exe_20160131.094216.3764.zip
2016-01-31 09:24 - 2016-01-31 09:24 - 00001055 _____ C:\Users\Willi\Documents\MBscan1.txt
2016-01-31 09:04 - 2016-01-31 09:04 - 00224968 _____ (ESET) C:\Users\Willi\Downloads\ESETPoweliksCleaner.exe
2016-01-31 09:03 - 2016-01-31 09:03 - 01258432 _____ (AVG Technologies CZ) C:\Users\Willi\Downloads\avg_remover_poweliks.exe
2016-01-31 08:51 - 2016-01-31 08:51 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Willi\Downloads\rkill.exe
2016-01-31 08:50 - 2016-01-31 08:50 - 05653508 _____ (Swearware) C:\Users\Willi\Downloads\ComboFix.exe
2016-01-31 08:45 - 2016-02-02 21:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-31 08:44 - 2016-01-31 20:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-31 08:44 - 2016-01-31 08:44 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-31 08:44 - 2016-01-31 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-31 08:44 - 2016-01-31 08:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-31 08:44 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-31 08:44 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-31 08:44 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-31 08:42 - 2016-02-01 14:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-31 08:35 - 2016-01-31 08:42 - 00448616 _____ C:\TDSSKiller.3.1.0.9_31.01.2016_08.35.35_log.txt
2016-01-31 08:34 - 2016-01-31 09:45 - 00000000 ____D C:\ProgramData\Avg
2016-01-31 08:33 - 2016-01-31 09:44 - 00000000 ____D C:\Users\Willi\AppData\Local\AvgSetupLog
2016-01-31 08:33 - 2016-01-31 08:33 - 00000000 ____D C:\Users\Willi\AppData\Local\Avg
2016-01-30 21:11 - 2016-02-02 21:49 - 00000000 ____D C:\FRST
2016-01-30 18:30 - 2016-01-30 20:38 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-01-29 21:14 - 2016-01-29 21:14 - 02979296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG.exe
2016-01-29 21:06 - 2016-01-29 21:07 - 14243008 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\mseinstall.exe
2016-01-29 21:03 - 2016-01-29 21:03 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Willi\Downloads\tdsskiller.exe
2016-01-29 21:00 - 2016-01-29 21:01 - 22908888 _____ (Malwarebytes ) C:\Users\Willi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-27 19:40 - 2016-01-27 19:40 - 09723600 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\WindowsUpdateAgent-7.6-x86.exe
2016-01-27 19:37 - 2016-01-27 19:37 - 02026382 _____ C:\Users\Willi\Downloads\wsusoffline1032.zip
2016-01-27 19:30 - 2016-01-27 19:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\MicrosoftFixit.wu.RNP.Run.exe
2016-01-27 19:11 - 2016-01-27 19:11 - 00302011 _____ C:\Users\Willi\Downloads\WindowsUpdateDiagnostic.diagcab
2016-01-27 18:20 - 2016-01-27 18:20 - 00003228 _____ C:\Windows\System32\Tasks\{BAFF12E7-F654-4B74-83C6-EDFF0DE21A69}
2016-01-27 18:20 - 2016-01-27 18:20 - 00003228 _____ C:\Windows\System32\Tasks\{8DF0DABB-28C5-4F11-865C-623AD96ED4DC}
2016-01-27 18:20 - 2016-01-27 18:20 - 00003228 _____ C:\Windows\System32\Tasks\{57FAA59F-0CB9-496A-B7DB-0690966F51CA}
2016-01-27 18:15 - 2016-01-27 18:15 - 00002813 _____ C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2016-01-27 18:15 - 2016-01-27 18:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2016-01-27 18:08 - 2016-01-27 18:08 - 00359656 _____ (Microsoft Corporation) C:\Users\Willi\Downloads\msicuu2.exe
2016-01-27 18:06 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2016-01-27 17:36 - 2016-02-02 21:46 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\uTorrent
2016-01-27 16:59 - 2016-01-29 20:00 - 00000390 _____ C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685.job
2016-01-27 16:59 - 2016-01-27 17:42 - 00003196 _____ C:\Windows\System32\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685
2016-01-27 15:47 - 2016-01-27 15:47 - 00003520 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-01-27 15:34 - 2016-01-27 15:34 - 00003226 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
2016-01-27 15:34 - 2016-01-18 20:26 - 05310360 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
2016-01-27 11:25 - 2016-01-31 08:38 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-26 16:45 - 2016-01-26 16:45 - 02946424 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Willi\Downloads\AVG_Protection_Free_698 (1).exe
2016-01-26 14:11 - 2016-01-26 16:44 - 00000000 ____D C:\Users\Willi\Downloads\Icon Folder
2016-01-25 22:56 - 2016-01-25 22:56 - 00000000 ____D C:\Users\Willi\AppData\LocalLow\Monomi Park
2016-01-20 15:52 - 2016-01-20 15:52 - 08338221 _____ C:\Users\Willi\Downloads\axj0jqn_460sv.mp4
2016-01-17 14:56 - 2016-01-17 14:56 - 00324404 _____ C:\Users\Willi\Downloads\62734170067282909.pdf
2016-01-17 14:55 - 2016-01-17 14:55 - 00324342 _____ C:\Users\Willi\Downloads\62734170067282917.pdf
2016-01-16 00:53 - 2016-01-16 00:54 - 00000000 _____ C:\Users\Willi\AppData\Local\{4E54C26F-C9B5-44D6-9469-E2C9BC723966}
2016-01-12 18:25 - 2016-01-12 18:25 - 01311770 _____ C:\Users\Willi\Downloads\W3ZMEv10.zip
2016-01-10 02:06 - 2016-01-10 02:07 - 00000000 ____D C:\Users\Willi\Downloads\[HorribleSubs] Assassination Classroom (01-22) [720p] (Batch)
2016-01-07 11:33 - 2016-01-07 11:33 - 00000108 _____ C:\ProgramData\i38baecjbfd.dat
2016-01-05 14:37 - 2016-01-05 14:37 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-01-05 14:36 - 2016-01-05 14:37 - 00000000 ____D C:\Program Files (x86)\Safari
2016-01-05 14:31 - 2016-01-05 14:31 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup (1).exe
2016-01-05 14:10 - 2016-01-05 14:10 - 00716405 _____ C:\Users\Willi\Downloads\Coles eGift Card.webarchive
2016-01-05 14:07 - 2016-01-05 14:08 - 38494576 _____ (Apple Inc.) C:\Users\Willi\Downloads\SafariSetup.exe
2016-01-05 11:33 - 2016-01-05 11:33 - 00010288 ____N C:\bootsqm.dat
2016-01-03 03:01 - 2016-01-03 03:01 - 00000000 ____D C:\Users\Willi\Downloads\vlc-skins
2016-01-03 02:59 - 2016-01-03 02:59 - 38802013 _____ C:\Users\Willi\Downloads\vlc-skins.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 21:48 - 2011-05-20 21:27 - 00000000 ____D C:\Users\Willi\AppData\Roaming\uTorrent
2016-02-02 21:45 - 2010-10-26 19:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-02 21:45 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 21:44 - 2010-07-09 16:57 - 01165824 ____T (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-02-02 21:43 - 2015-11-07 08:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-02 21:43 - 2011-03-26 15:55 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Yahoo!
2016-02-02 21:43 - 2010-10-23 16:15 - 00000000 ____D C:\Users\Willi
2016-02-02 21:43 - 2009-07-14 15:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 21:43 - 2009-07-14 15:45 - 00025536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 21:24 - 2015-12-29 11:06 - 00000003 _____ C:\ProgramData\baecjbfd38.nls
2016-02-02 21:02 - 2011-10-26 19:25 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-02-02 20:58 - 2012-04-02 08:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-02 16:29 - 2010-10-26 19:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 16:29 - 2010-10-26 19:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 16:29 - 2010-10-26 19:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-02 07:37 - 2012-02-21 07:57 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Media Player Classic
2016-02-01 16:04 - 2010-10-23 16:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-01 14:36 - 2015-12-08 22:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-01 14:36 - 2012-11-19 00:55 - 00000000 ____D C:\Users\UpdatusUser
2016-02-01 14:36 - 2011-07-20 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-02-01 14:36 - 2011-07-20 21:53 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-02-01 14:36 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\security
2016-02-01 14:36 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\registration
2016-02-01 07:19 - 2010-10-23 16:34 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18161333-E3D5-452A-BA59-56D3A5BA1C7C}
2016-02-01 06:45 - 2010-10-25 17:35 - 00133048 _____ C:\Users\Willi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-01 06:44 - 2009-07-14 15:45 - 00472160 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-31 21:56 - 2012-05-23 14:35 - 00000000 ____D C:\Windows\Minidump
2016-01-31 21:56 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2016-01-31 21:24 - 2014-07-09 14:06 - 00000000 ____D C:\Users\Public\Documents\The Witcher
2016-01-31 21:21 - 2011-07-20 21:52 - 00000000 ____D C:\Program Files (x86)\HP
2016-01-31 20:48 - 2012-01-17 12:55 - 00776192 ____T (Microsoft Corporation) C:\Windows\system32\vds.exe
2016-01-31 20:48 - 2009-07-14 10:52 - 00282112 ____T (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
2016-01-31 20:29 - 2010-11-12 18:38 - 00000000 ____D C:\Users\Willi\AppData\Local\ElevatedDiagnostics
2016-01-31 20:25 - 2015-09-05 13:42 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-31 20:25 - 2015-09-05 13:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-31 09:45 - 2010-10-23 16:46 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-31 09:26 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\AppCompat
2016-01-31 08:27 - 2012-01-17 12:54 - 03766272 ____T (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-01-28 20:42 - 2012-08-16 08:33 - 00801280 ____T (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-01-28 15:49 - 2012-02-12 13:29 - 00000000 ____D C:\ProgramData\InstallMate
2016-01-28 11:52 - 2015-08-12 23:11 - 00000000 ____D C:\081eae46e41ea8cc6d
2016-01-28 11:52 - 2015-01-08 15:54 - 00000000 ____D C:\Windows\Bejeweled 3
2016-01-28 11:52 - 2014-12-22 10:24 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA
2016-01-28 11:52 - 2014-06-26 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-01-28 11:52 - 2014-02-09 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE
2016-01-28 11:52 - 2014-02-08 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2016-01-28 11:52 - 2013-12-23 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2016-01-28 11:52 - 2013-10-15 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoteBurner
2016-01-28 11:52 - 2013-10-15 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneClone
2016-01-28 11:52 - 2013-05-27 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows
2016-01-28 11:52 - 2013-02-19 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media converter
2016-01-28 11:52 - 2013-01-11 13:09 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-01-28 11:52 - 2012-10-30 20:53 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mixxx
2016-01-28 11:52 - 2012-06-05 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CBR Reader
2016-01-28 11:52 - 2012-04-23 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remedy Entertainment
2016-01-28 11:52 - 2011-10-15 18:51 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gundemonium Collection
2016-01-28 11:52 - 2011-03-25 18:43 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Mozilla
2016-01-28 11:52 - 2010-12-09 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2016-01-28 11:52 - 2010-10-29 07:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-28 11:52 - 2010-10-23 16:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-28 11:52 - 2010-10-23 16:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-28 11:52 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\servicing
2016-01-28 11:51 - 2012-03-10 19:20 - 00000000 ____D C:\Program Files\DivX
2016-01-28 11:50 - 2013-04-21 16:45 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-01-28 11:50 - 2011-11-26 11:56 - 00000000 ____D C:\Users\Willi\AppData\Roaming\.minecraft
2016-01-28 11:50 - 2010-10-26 19:23 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Macromedia
2016-01-28 11:49 - 2012-03-10 19:19 - 00000000 ____D C:\ProgramData\DivX
2016-01-28 11:49 - 2011-07-20 21:53 - 00000000 ____D C:\ProgramData\HP
2016-01-28 11:48 - 2013-01-18 11:43 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2016-01-28 11:48 - 2009-07-14 14:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-28 07:44 - 2015-04-21 15:01 - 00000000 ____D C:\Users\Willi\AppData\Roaming\vlc
2016-01-27 19:31 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-27 18:15 - 2012-01-06 16:31 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-01-27 18:01 - 2012-11-19 07:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-27 17:34 - 2010-10-23 16:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 16:40 - 2012-02-18 19:47 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-27 16:32 - 2011-11-26 10:15 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2016-01-27 15:50 - 2013-10-15 21:57 - 00000000 ____D C:\Users\Willi\Documents\TuneClone
2016-01-27 15:50 - 2011-07-20 21:53 - 00000000 ____D C:\Users\Willi\AppData\Roaming\HpUpdate
2016-01-27 15:37 - 2014-12-22 10:25 - 00000000 ____D C:\Users\Willi\AppData\Local\NVIDIA Corporation
2016-01-27 12:12 - 2013-08-25 15:54 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Olna
2016-01-27 10:29 - 2015-04-06 00:58 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-26 22:03 - 2009-07-14 16:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-26 19:17 - 2013-10-12 02:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-26 19:04 - 2013-09-01 12:37 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-01-26 19:02 - 2010-10-23 16:24 - 00000000 ____D C:\ProgramData\InstallShield
2016-01-26 18:46 - 2010-10-23 17:31 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-26 17:25 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-01-26 16:56 - 2011-03-26 15:55 - 00000000 ____D C:\ProgramData\Yahoo!
2016-01-26 15:35 - 2015-04-16 16:37 - 00002564 _____ C:\Windows\system32\CFG2957810525
2016-01-23 02:56 - 2012-03-19 19:38 - 00000000 ____D C:\ProgramData\PC Suite
2016-01-21 12:58 - 2014-11-27 16:58 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-21 12:58 - 2012-04-02 08:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-21 12:58 - 2012-04-02 08:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-21 12:58 - 2011-08-30 17:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-19 12:26 - 2009-07-14 16:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-18 20:33 - 2015-11-11 21:23 - 00000000 ____D C:\8743d51bd6c6c7c48d4b92ccf55c252a
2016-01-18 20:33 - 2015-05-13 22:07 - 00000000 ____D C:\196f01c63f8a34c8ee60
2016-01-18 20:33 - 2015-04-29 21:08 - 00000000 ____D C:\Users\Willi\AppData\Roaming\tor
2016-01-18 20:33 - 2015-02-12 03:21 - 00000000 ____D C:\7f2f401ed84fb5678026a9255954b6bd
2016-01-18 20:33 - 2014-12-05 15:20 - 00000000 ____D C:\Program Files\CCleaner
2016-01-18 20:33 - 2013-10-08 11:48 - 00000000 ____D C:\Program Files\Calibre2
2016-01-18 02:26 - 2015-09-06 22:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-18 02:24 - 2015-09-06 22:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-14 00:51 - 2010-10-23 12:38 - 00000000 ____D C:\Windows\softwaredistribution.old
2016-01-05 14:37 - 2011-07-28 22:30 - 00000000 ____D C:\Users\Willi\AppData\Roaming\Apple Computer
2016-01-05 14:37 - 2011-07-28 22:30 - 00000000 ____D C:\Users\Willi\AppData\Local\Apple Computer
 
==================== Files in the root of some directories =======
 
2013-06-27 08:32 - 2014-06-23 12:05 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2009-07-14 10:19 - 2009-07-14 12:52 - 0000230 _____ () C:\Users\Willi\AppData\Roaming\PBS2957810525.ini
2011-05-09 19:43 - 2015-01-01 18:22 - 0040448 _____ () C:\Users\Willi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-23 08:51 - 2013-02-23 08:51 - 0000093 _____ () C:\Users\Willi\AppData\Local\fusioncache.dat
2016-01-16 00:53 - 2016-01-16 00:54 - 0000000 _____ () C:\Users\Willi\AppData\Local\{4E54C26F-C9B5-44D6-9469-E2C9BC723966}
2011-11-29 07:41 - 2011-11-29 07:41 - 0000000 _____ () C:\Users\Willi\AppData\Local\{6D251824-50CC-45F3-BFBD-C92A7EEE7E4C}
2015-12-29 11:06 - 2015-12-29 11:06 - 0129625 _____ () C:\ProgramData\aai19475cm.dat
2013-08-24 18:29 - 2013-08-25 00:34 - 0001300 ___SH () C:\ProgramData\b6a9a42b-a585-40b4-b62a-f8372f26831e
2015-12-29 11:06 - 2016-02-02 21:24 - 0000003 _____ () C:\ProgramData\baecjbfd38.nls
2016-01-07 11:33 - 2016-01-07 11:33 - 0000108 _____ () C:\ProgramData\i38baecjbfd.dat
2015-12-29 11:06 - 2015-12-29 11:06 - 0192377 _____ () C:\ProgramData\iim19477bov.dat
2016-01-27 15:34 - 2016-01-18 20:26 - 5310360 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
2013-11-24 19:36 - 2013-11-24 19:36 - 0000040 _____ () C:\ProgramData\ra3.ini
 
Files to move or delete:
====================
C:\ProgramData\aai19475cm.dat
C:\ProgramData\i38baecjbfd.dat
C:\ProgramData\iim19477bov.dat
C:\ProgramData\pclunst.exe
 
 
Some files in TEMP:
====================
C:\Users\Willi\AppData\Local\Temp\sqlite3.dll
C:\Users\Willi\AppData\Local\Temp\_is9DE4.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clicenum.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 00:03
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Willi (2016-02-02 21:50:21)
Running from C:\Users\Willi\Downloads
Windows 7 Professional Service Pack 1 (X64) (2010-10-23 05:15:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1434546154-2345726292-1624916509-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1434546154-2345726292-1624916509-1005 - Limited - Enabled)
Guest (S-1-5-21-1434546154-2345726292-1624916509-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1434546154-2345726292-1624916509-1002 - Limited - Enabled)
Willi (S-1-5-21-1434546154-2345726292-1624916509-1000 - Administrator - Enabled) => C:\Users\Willi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
6000E609_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6000E609a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acronis True Image Home (HKLM-x32\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 9.12 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.1.2 - ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{0DE5DC1F-24E3-4B25-9675-B773EBCA0AD1}) (Version: 1.34.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.70.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6000 E609 Series (HKLM\...\{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Kingdom (HKLM-x32\...\Kingdom_is1) (Version:  - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX HD Video Converter Deluxe 3.12.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software,Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C1D0183-D567-4EE0-B890-D5FDAE156D95} - System32\Tasks\{42A62DAC-EDC0-40E4-B193-F9365176626C} => pcalua.exe -a "L:\games\The Forest.exe" -d L:\games
Task: {0CE00F13-AE16-4C01-90D7-A4581E73D1AB} - System32\Tasks\{797717DC-6C8A-4EA4-9781-4EE27FE4B8B5} => pcalua.exe -a H:\Portable_CS1.6.exe -d H:\
Task: {10F2C085-4A5A-4490-906A-534B3421D23B} - System32\Tasks\PCCleaner-Maintenance-Autorun => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe
Task: {14E03CCC-F563-4980-A74D-975A29DD7B40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {1ED808BE-E3C6-46FD-9FCB-958BACFD97B1} - System32\Tasks\{C652830A-3145-412E-A1FF-E5192984E58E} => pcalua.exe -a "L:\games\The Sims 3 - Island Paradise\Sims3EP10Setup.exe" -d "L:\games\The Sims 3 - Island Paradise"
Task: {2324A7A8-E464-4242-BA45-A37568E6B41E} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Willi\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION
Task: {23CF4F1F-DF63-41BA-A167-1831771D749F} - System32\Tasks\{A7D70F97-135B-4355-BECA-4B035C502708} => pcalua.exe -a "E:\C&amp;C Generals + Zero Hour.exe" -d E:\
Task: {277090B6-3E13-418B-8C61-1535DBAA3B3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {2A490D75-D66A-4BE3-9EA4-5D8A91B3969F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {2F6F7EA2-42DF-4F0A-91C3-EE9CD339AD1A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-06] (Microsoft Corporation)
Task: {349F54AC-CC60-4368-858D-D64505207153} - System32\Tasks\Microsoft\f23c5fe1cd043f1f65accec74ace9b08 => C:\Users\Willi\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {41289A4D-0644-4849-B34C-24B801445A79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {4FC1B404-A0FE-4359-ACF1-459042FDC1C3} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {55DC5245-D720-41B8-9DB4-8723BF932DE3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {5631DA9E-0C4A-4419-8F34-DE68569BFFCF} - System32\Tasks\4694 => C:\Windows\system32\wscript.exe [2013-10-12] (Microsoft Corporation) <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5BD16B7C-5A2D-40C6-A3A2-52A82BCF58B3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {6B91ECEF-4042-4576-A7F9-7B11A3FE3D90} - System32\Tasks\{323070F4-A4CE-4ADE-9D8D-87A126339EA2} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {6FAA50CE-3746-41C3-8400-7BDA50D10AD3} - System32\Tasks\{AD12C3B4-78F4-4930-9CD9-9A5AB5EA9CBB} => pcalua.exe -a C:\Users\Willi\Documents\MuseScore-1.1.exe -d C:\Users\Willi\Documents
Task: {70FA370B-CE71-4BF6-BACF-6FE74F5D2E3B} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-28] ()
Task: {753B3632-9B75-47C0-8326-2A06DE24C336} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)
Task: {81709698-CCFB-40EB-B096-8F1C3CE5DFDE} - System32\Tasks\PCCleaner-AutoCleanup-Task => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe
Task: {84E24EFE-497A-4034-8DEF-D0930780DC49} - System32\Tasks\{7B95996B-A5BD-4575-BE7E-E9D166902D9B} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {9613BC94-FB52-4C18-AD4D-151B826F0EFD} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-05-20] ()
Task: {A25E7027-FA36-4020-9D2A-ABF2EB20C527} - System32\Tasks\{BD44E86F-0CD0-4DE2-AB78-5624B402051A} => pcalua.exe -a "L:\games\The Sims 3 - Ambitions\Sims3EP02Setup.exe" -d "L:\games\The Sims 3 - Ambitions"
Task: {A4D8D5A3-38F3-465A-8508-E09D94276B23} - System32\Tasks\{583312CF-DFB7-4D42-B1A5-4FE4A48A09EA} => pcalua.exe -a "E:\Games\Portable Counter-Strike Source by ZeroX.exe" -d E:\Games
Task: {A5136595-DC3C-4E69-8C4F-B998E7E9283D} - System32\Tasks\{8A3C2642-2966-41CE-8931-4971C7E222BF} => pcalua.exe -a E:\AUTORUN.EXE -d E:\
Task: {CBBD4336-F0AB-4540-BD09-11AE57008313} - System32\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685 => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTION
Task: {D0E6C695-9CB3-4AF6-890A-31E90A792EE0} - System32\Tasks\{2746560B-54B1-4BF0-8116-C9B74C4B25A3} => pcalua.exe -a "C:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=C:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default
Task: {D1F4D7EF-5EF7-470E-BA9C-A01214AC3336} - System32\Tasks\{3C8A4CA9-9E8A-43F6-AC54-5BB7243F489C} => pcalua.exe -a "E:\Wilson Huynh\Games\Portable Counter-Strike Source by ZeroX.exe" -d "E:\Wilson Huynh\Games"
Task: {D70AB74D-61E2-4328-8CAC-9D3ADAFD04FF} - System32\Tasks\{289D5770-9428-48B5-9EC9-792AAAE60899} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DE5BB14E-3EB6-4F8C-8EB7-EEF0D147F0A5} - System32\Tasks\{57FAA59F-0CB9-496A-B7DB-0690966F51CA} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
Task: {E082E142-2023-4671-AD50-2AA2E03423A5} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E0BB3211-DC07-48FB-B5C3-DB8F4335DEAD} - System32\Tasks\{8DF0DABB-28C5-4F11-865C-623AD96ED4DC} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
Task: {EE13B27E-FFB6-4C6C-A45C-617F6D58C593} - System32\Tasks\{3FE7960E-BE5B-45E8-8AB9-C1E523626125} => pcalua.exe -a "G:\New folder\Skyrim\install.exe" -d "G:\New folder\Skyrim"
Task: {FF4DBCE4-5F01-413C-9EFF-27ED6C567A74} - System32\Tasks\{BAFF12E7-F654-4B74-83C6-EDFF0DE21A69} => pcalua.exe -a "C:\Program Files (x86)\Windows Installer Clean Up\MsiZap.exe" -d "C:\Program Files (x86)\Windows Installer Clean Up"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\Registry Cleaner Pro_scan_schedule_task_37b7e855-8666-4bdf-a34b-7b7cd3313685.job => C:\Program Files (x86)\Registry Cleaner Pro\Registry Cleaner Pro.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-01-31 20:25 - 2016-01-28 04:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-31 20:25 - 2016-01-28 04:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B174FAE
AlternateDataStreams: C:\ProgramData\TEMP:27FC7C9E
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\...\sony.com -> sony.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 13:34 - 2016-01-27 15:40 - 00000878 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 idnet.ua-corp.com
127.0.0.1 pc-cleaners.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1434546154-2345726292-1624916509-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.220.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppsHat => C:\Users\Willi\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000
MSCONFIG\startupreg: Google Update => "C:\Users\Willi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstallIQUpdater => "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
MSCONFIG\startupreg: Internet Security => C:\ProgramData\amsecure.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LxrAutorun => C:\Users\Willi\AppData\Local\Lexar Media\LxrAutorun.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NoteBurner => C:\Program Files (x86)\NoteBurner\VTBurnerGUI.exe /silence
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: VideoDownloadConverter Search Scope Monitor => "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: X5XSEx_Pr143
Description: X5XSEx_Pr143
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: X5XSEx_Pr143
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
The system cannot find message text for message number 0x1069 in the message file for (null).
 
More help is available by typing NET HELPMSG 4201.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 45%
Total physical RAM: 3835.49 MB
Available physical RAM: 2095.88 MB
Total Virtual: 7669.19 MB
Available Virtual: 5595.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:280.95 GB) NTFS
Drive d: (GIGABYTE) (CDROM) (Total:2.7 GB) (Free:0 GB) CDFS
Drive l: (Infinity) (Fixed) (Total:1397.26 GB) (Free:223.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EAD4F996)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 9E723981)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users