Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ??? and many sites are blocked in brower and search engine and hom


  • This topic is locked This topic is locked
8 replies to this topic

#1 dukeofurl

dukeofurl

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 31 January 2016 - 12:10 AM

Help!  I am using Win7x64, and I was stupid, I tried to watch some video and it wanted me to install something, and it wrecked shop.  It installed some unknown spyware, also installed like 10 programs, even though I said no, also most websites cant connect, and search engine and home page changed.  I only use FireFox.  I have already tried: Malwarebytes, Spybot Seek and Destroy, Microsoft Security Essentials, Super Anti Spyware, and even shelled out the money for SpyHunter 4.  None of them helped.  (I'm gonna ask for a refund on SpyHunter since it didn't help me.)

 

Help!

 

I have already run Farbar, and here are the results:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by aguzzi (administrator) on AGUZZI-DESKTOP (30-01-2016 19:26:13)
Running from C:\Users\aguzzi\Desktop
Loaded Profiles: aguzzi (Available Profiles: aguzzi)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Greenshot) E:\Program Files\Greenshot\Greenshot.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Space Sciences Laboratory) E:\Program Files\BOINC\boinctray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hobbyist Software) C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
(RaMMicHaeL) E:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Xmarks.com) E:\Program Files\Xmarks\IE Extension\xmarkssync.exe
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SUPERAntiSpyware) E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Space Sciences Laboratory) E:\Program Files\BOINC\boincmgr.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
(Dropbox, Inc.) C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe
(Apple Inc.) C:\Program Files (x86)\VLC Streamer\mdnsresponder.exe
(Cerulean Studios) E:\Program Files\Trillian\trillian.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Space Sciences Laboratory) E:\Program Files\BOINC\boinc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => E:\Program Files\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [boinctray] => E:\Program Files\BOINC\boinctray.exe [68416 2015-07-14] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => E:\Program Files\BOINC\boincmgr.exe [9007424 2015-07-14] (Space Sciences Laboratory)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [531808 2015-11-26] (Acronis)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [218144 2015-08-18] (Geek Software GmbH)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2015-11-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7211112 2015-11-26] ()
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => D:\Program Files\DivX10\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [Hobbyist Software VLC Streamer] => C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe [1211720 2015-04-21] (Hobbyist Software)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [7 Taskbar Tweaker] => E:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-12-04] (RaMMicHaeL)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [Xmarks] => E:\Program Files\Xmarks\IE Extension\xmarkssync.exe [1178680 2014-11-06] (Xmarks.com)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8547320 2016-01-20] (Binary Fortress Software)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [Dropbox Update] => C:\Users\aguzzi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [cdloader] => C:\Users\aguzzi\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Run: [SUPERAntiSpyware] => E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\MountPoints2: G - G:\ESRI.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
AppInit_DLLs-x32: C:\ProgramData\caMyciloP\U-trax.dll => C:\ProgramData\caMyciloP\U-trax.dll [257536 2016-01-28] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-11-11] (Acronis)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-04-05] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-04-05] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2013-04-05] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-04-05] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-04-05] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2013-04-05] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\Users\aguzzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boincmgr.exe - Shortcut.lnk [2014-12-04]
ShortcutTarget: boincmgr.exe - Shortcut.lnk -> E:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
Startup: C:\Users\aguzzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\aguzzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2014-03-15]
ShortcutTarget: Trillian.lnk -> E:\Program Files\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-09] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-09] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-09] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-09] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-09] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7B741825-4B10-4C0C-ABB4-1826DE95CA9D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D4FD4946-7FA2-4CB1-92B0-33DC392EF3CB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1745219912-2714602360-568695940-1000 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1745219912-2714602360-568695940-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FireFox:
========
FF ProfilePath: C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony
FF NewTab: C:\\ProgramData\\caMyciloPs\\ff.NT
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://maps.google.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files (x86)\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2009-01-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1745219912-2714602360-568695940-1000: @citrixonline.com/appdetectorplugin -> C:\Users\aguzzi\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-08] (Citrix Online)
FF SearchPlugin: C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\searchplugins\google-lavasoft.xml [2015-09-09]
FF Extension: TinyURL Generator - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\tinyurl.addon@fast-chat.co.uk.xpi [2015-05-29]
FF Extension: IdentFavIcon - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\identfavicon@david.hanak.hu.xpi [2015-05-29]
FF Extension: Favicon Restorer - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\faviconrestorer@masserog.it [2015-05-29]
FF Extension: Muter - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\muter@yxl.name [2015-05-29]
FF Extension: Garmin Communicator - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-06-01] [not signed]
FF Extension: Turn Off the Lights - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\stefanvandamme@stefanvd.net.xpi [2015-09-12]
FF Extension: Greasemonkey - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-11-23]
FF Extension: Tab Mix Plus - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-12-28]
FF Extension: Mozilla Archive Format - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2016-01-28]
FF Extension: Display Window Title - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\aero-window-title@benjamin.smedbergs.us.xpi [2014-08-12] [not signed]
FF Extension: Classic Style for Favicons - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\classic_style_for_favicons@iceberg.it.xpi [2014-04-19] [not signed]
FF Extension: Duplicate in Tab Context Menu - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\DuplicateInTabContext@schuzak.jp.xpi [2014-08-05] [not signed]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\fbp@fbpurity.com.xpi [2014-07-25] [not signed]
FF Extension: IdentFavIcon - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\identfavicon@david.hanak.hu.xpi [2014-04-19] [not signed]
FF Extension: Hover Hound - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\jid0-PEBvWWKP6g5gzvk2gsdrh097hv0@jetpack.xpi [2014-07-27] [not signed]
FF Extension: Personal Titlebar - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\personaltitlebar@moztw.org.xpi [2014-08-12] [not signed]
FF Extension: Print Edit - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\printedit@DW-dev.xpi [2014-08-04] [not signed]
FF Extension: Priv3 - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\priv3@icsi.berkeley.edu.xpi [2014-07-26] [not signed]
FF Extension: Remember Passwords - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi [2014-07-08] [not signed]
FF Extension: TinyURL Generator - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-04-19] [not signed]
FF Extension: Garmin Communicator - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-04-19] [not signed]
FF Extension: greasedlightbox - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{1dacc1f2-0e39-4c79-8b10-aa2f18025bf3}.xpi [2014-04-19] [not signed]
FF Extension: Flashblock - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-04-19] [not signed]
FF Extension: Mozilla Archive Format - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi [2014-07-07] [not signed]
FF Extension: Adblock Plus - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-22] [not signed]
FF Extension: Tab Mix Plus - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-07-26] [not signed]
FF Extension: Greasemonkey - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\s9t9rwvw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-07-28] [not signed]
FF Extension: ActiveGS - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\Extensions\activegs@freetoolsassociation.com [2015-07-19] [not signed]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\Extensions\fbp-signed@fbpurity.com.xpi [2016-01-09]
FF Extension: YouTube Control Center - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\Extensions\jid1-CikLKKPVkw6ipw@jetpack.xpi [2015-12-29]
FF Extension: YouTube Center - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2015-12-29]
FF Extension: Adblock Plus - C:\Users\aguzzi\AppData\Roaming\Mozilla\Firefox\Profiles\99p0kk8h.Anthony\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-07-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-07-19] [not signed]

Chrome:
=======
CHR HKU\S-1-5-21-1745219912-2714602360-568695940-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-06-03]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-06-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-01-05] (Flexera Software, Inc.)
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-01-27] () [File not signed]
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2015-12-11] (Digital Wave Ltd.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4616216 2016-01-20] (Binary Fortress Software)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; E:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2014-10-12] () [File not signed]
R2 SBSDWSCService; E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-01-28] (Enigma Software Group USA, LLC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-01-28] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-28] ()
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [339808 2015-12-02] (Acronis International GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [388448 2010-04-27] (Ralink Technology Corp.)
S3 RTLU3E8023-W7-64; C:\Windows\System32\DRIVERS\rtu30x64w7.sys [83160 2013-10-12] (Realtek                                            )
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [27136 2014-10-12] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1049432 2015-12-02] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [202592 2015-12-02] (Acronis International GmbH)
S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [581464 2015-12-02] (Acronis International GmbH)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116744 2015-03-02] (Oracle Corporation)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [301408 2015-12-02] (Acronis International GmbH)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-30 19:26 - 2016-01-30 19:26 - 00037692 _____ C:\Users\aguzzi\Desktop\FRST.txt
2016-01-28 23:07 - 2016-01-28 23:08 - 00028924 _____ C:\native log.txt
2016-01-28 23:06 - 2016-01-30 19:13 - 00000000 ___HD C:\RHTUrBYlDPUuCBJS
2016-01-28 21:16 - 2016-01-28 21:16 - 00000000 _____ C:\autoexec.bat
2016-01-28 21:15 - 2016-01-28 23:02 - 00003276 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-28 21:15 - 2016-01-28 21:15 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-28 21:15 - 2016-01-28 21:15 - 00001087 _____ C:\Users\aguzzi\Desktop\SpyHunter.lnk
2016-01-28 21:15 - 2016-01-28 21:15 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-01-28 21:15 - 2016-01-28 21:15 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\Enigma Software Group
2016-01-28 21:15 - 2016-01-28 21:15 - 00000000 ____D C:\sh4ldr
2016-01-28 21:15 - 2016-01-28 21:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-28 20:39 - 2016-01-28 20:39 - 00000877 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-28 20:39 - 2016-01-28 20:39 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\SUPERAntiSpyware.com
2016-01-28 20:39 - 2016-01-28 20:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-28 20:39 - 2016-01-28 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-28 19:44 - 2016-01-30 19:26 - 00000000 ____D C:\FRST
2016-01-28 19:42 - 2016-01-28 19:42 - 02370560 _____ (Farbar) C:\Users\aguzzi\Desktop\FRST64.exe
2016-01-28 19:01 - 2016-01-28 23:06 - 00000000 ____D C:\ProgramData\caMyciloPs
2016-01-28 19:00 - 2016-01-28 23:06 - 00000000 ____D C:\ProgramData\caMyciloP
2016-01-27 23:10 - 2015-11-02 20:19 - 00451038 _____ C:\Windows\system32\Drivers\etc\hosts.20160127-231014.backup
2016-01-27 23:05 - 2016-01-27 23:05 - 00001648 _____ C:\Windows\SysWOW64\apply.reg
2016-01-27 23:05 - 2016-01-27 23:05 - 00000089 _____ C:\Windows\SysWOW64\apply.bat
2016-01-27 22:17 - 2016-01-27 22:17 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-27 21:42 - 2016-01-27 21:42 - 00000000 ____D C:\Program Files (x86)\VLC
2016-01-27 21:41 - 2016-01-28 00:41 - 00000000 ____D C:\Program Files\BitTorrent
2016-01-27 21:41 - 2016-01-27 21:41 - 00041472 _____ C:\Users\aguzzi\AppData\Local\K-it.dat
2016-01-27 21:41 - 2016-01-27 21:41 - 00000187 _____ C:\Users\aguzzi\AppData\Local\K-it.exe.config
2016-01-27 21:39 - 2016-01-27 21:39 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-01-27 21:38 - 2016-01-27 21:39 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\DivX
2016-01-27 21:38 - 2016-01-27 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-01-27 21:38 - 2016-01-27 21:38 - 00000000 ____D C:\Program Files\DivX
2016-01-27 21:37 - 2016-01-27 21:37 - 00000000 ____D C:\ProgramData\461d202b-7981-1
2016-01-27 21:37 - 2016-01-27 21:37 - 00000000 ____D C:\ProgramData\461d202b-2c31-0
2016-01-27 21:35 - 2016-01-27 21:39 - 00000000 ____D C:\ProgramData\DivX
2016-01-27 21:19 - 2016-01-27 21:19 - 00001410 _____ C:\Users\aguzzi\Desktop\ws_ftp95.exe - Shortcut.lnk
2016-01-24 14:25 - 2016-01-24 14:25 - 00004076 _____ C:\Users\aguzzi\Desktop\eBay Info2.txt
2016-01-19 00:10 - 2016-01-19 00:10 - 00073673 _____ C:\Users\aguzzi\Desktop\cards-against-infosec.pdf
2016-01-19 00:09 - 2016-01-19 00:09 - 00052691 _____ C:\Users\aguzzi\Desktop\cards-v1-1.pdf
2016-01-19 00:08 - 2016-01-27 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-01-17 16:51 - 2016-01-17 16:51 - 00001092 _____ C:\Users\aguzzi\Desktop\DesktopOK.exe - Shortcut.lnk
2016-01-17 15:31 - 2016-01-17 15:31 - 00000000 ____D C:\Users\aguzzi\Desktop\Can you see me
2016-01-17 14:29 - 2016-01-27 23:09 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\DesktopOK
2016-01-16 21:25 - 2016-01-16 21:25 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-01-15 09:36 - 2016-01-15 09:36 - 00000373 _____ C:\Users\aguzzi\Desktop\SERVICE (H) - Shortcut.lnk
2016-01-14 14:57 - 2012-11-07 20:41 - 00139592 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys
2016-01-14 14:54 - 2012-11-07 20:41 - 00418632 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmtxhci.sys
2016-01-13 20:08 - 2016-01-13 20:08 - 00359480 _____ C:\Windows\Minidump\011316-47237-01.dmp
2016-01-13 18:48 - 2016-01-13 18:48 - 00000000 ____D C:\Users\aguzzi\Desktop\plpbt-5.0.15
2016-01-13 18:38 - 2016-01-13 18:38 - 02766396 _____ C:\Users\aguzzi\Desktop\plpbt-5.0.15.zip
2016-01-07 14:27 - 2016-01-27 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-01 20:23 - 2016-01-01 20:23 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\2C0A
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0C0A
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0C04
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0816
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0804
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0424
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\041F
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\041E
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\041D
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\041B
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0419
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0416
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0415
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0414
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0413
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0412
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0411
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0410
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\040E
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\040D
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\040C
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\040B
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\040A
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0408
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0407
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0406
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0405
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0404
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Windows\system32\0401
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\ProgramData\Downloaded Installations
2016-01-01 20:22 - 2016-01-01 20:22 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-30 19:22 - 2009-07-13 20:45 - 00017392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-30 19:22 - 2009-07-13 20:45 - 00017392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-30 19:19 - 2013-05-26 12:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-30 19:19 - 2009-07-13 21:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 19:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-01-30 19:18 - 2013-05-29 11:34 - 00000000 ____D C:\Users\aguzzi\AppData\Local\Xmarks
2016-01-30 19:16 - 2015-11-03 20:21 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5EB327AF-0F41-4A0A-81E8-8E68C0BCFB86}
2016-01-30 19:15 - 2013-05-18 16:54 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\Dropbox
2016-01-30 19:14 - 2015-03-13 11:08 - 00003244 _____ C:\Windows\System32\Tasks\IORRT
2016-01-30 19:14 - 2013-05-26 12:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 19:13 - 2014-06-30 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-30 19:13 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-29 16:07 - 2013-11-02 16:50 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\ClassicShell
2016-01-29 15:54 - 2013-05-18 15:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 15:52 - 2015-06-12 19:41 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745219912-2714602360-568695940-1000UA.job
2016-01-28 21:04 - 2015-09-22 22:50 - 00000000 ____D C:\Users\aguzzi\AppData\LocalLow\uTorrent
2016-01-28 21:04 - 2013-05-19 18:57 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\uTorrent
2016-01-28 19:38 - 2015-10-31 22:34 - 00000382 _____ C:\Users\aguzzi\openvpn-connect.json
2016-01-28 19:01 - 2014-04-19 17:55 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-28 19:01 - 2013-05-18 13:22 - 00001401 _____ C:\Users\aguzzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-28 18:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Resources
2016-01-28 17:52 - 2015-06-12 19:41 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745219912-2714602360-568695940-1000Core.job
2016-01-28 16:35 - 2014-07-28 17:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-28 14:21 - 2013-05-16 18:28 - 00117265 _____ C:\Users\aguzzi\Desktop\bleep 9.txt
2016-01-28 08:01 - 2015-04-20 17:43 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\vlc
2016-01-28 00:40 - 2013-07-10 22:17 - 00006410 _____ C:\Users\aguzzi\Desktop\Customers.txt
2016-01-27 23:07 - 2013-06-12 08:09 - 00000000 ____D C:\Users\aguzzi\AppData\Local\ElevatedDiagnostics
2016-01-27 23:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-27 23:06 - 2013-12-29 22:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-27 23:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SchCache
2016-01-27 23:03 - 2014-06-23 08:23 - 00000000 ____D C:\Users\aguzzi\AppData\Local\CrashDumps
2016-01-27 22:42 - 2013-09-18 15:54 - 00000000 ____D C:\Users\aguzzi\AppData\Local\Greenshot
2016-01-27 21:55 - 2013-05-18 15:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-27 21:55 - 2013-05-18 15:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-27 21:55 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-27 21:20 - 2014-01-28 14:18 - 00000000 ____D C:\Program Files (x86)\WS_FTP
2016-01-27 19:30 - 2013-05-18 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-27 17:05 - 2015-03-12 07:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-27 14:59 - 2014-05-29 09:46 - 00000000 ____D C:\Dells
2016-01-26 10:02 - 2013-05-21 11:33 - 00000000 ____D C:\Users\aguzzi\Documents\FinePrint files
2016-01-24 14:45 - 2013-06-28 13:01 - 00001456 _____ C:\Users\aguzzi\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-01-24 14:28 - 2014-06-22 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2016-01-24 14:28 - 2014-06-22 01:19 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2016-01-24 14:28 - 2013-05-20 19:54 - 00000000 ____D C:\Users\aguzzi\Documents\DisplayFusion Backups
2016-01-23 14:06 - 2013-11-10 23:29 - 00000000 ____D C:\ProgramData\FLEXnet
2016-01-21 19:35 - 2013-05-18 13:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-20 19:40 - 2013-05-24 17:30 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\HandBrake
2016-01-19 14:54 - 2015-09-22 05:54 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-19 14:54 - 2013-05-18 15:09 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 14:54 - 2013-05-18 15:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-19 14:54 - 2013-05-18 15:09 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-17 12:07 - 2014-01-29 14:33 - 00001640 _____ C:\Users\aguzzi\Desktop\Enemies of Progress.txt
2016-01-17 01:58 - 2009-07-13 20:45 - 00479832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 00:51 - 2015-11-15 16:19 - 00000000 ____D C:\Users\aguzzi\Desktop\Pics temp
2016-01-17 00:08 - 2013-05-18 13:33 - 00141256 _____ C:\Users\aguzzi\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-16 18:52 - 2013-06-01 23:36 - 00000000 ____D C:\Users\aguzzi\.VirtualBox
2016-01-16 14:35 - 2013-05-18 16:53 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\gsak
2016-01-16 14:35 - 2013-05-18 16:53 - 00000000 ____D C:\Program Files (x86)\gsak
2016-01-13 20:08 - 2014-05-15 17:29 - 00000000 ____D C:\Windows\Minidump
2016-01-05 15:45 - 2013-12-21 12:00 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-01-05 15:41 - 2015-10-26 20:34 - 00000113 _____ C:\Users\aguzzi\Desktop\rufus.ini
2016-01-01 20:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\0409
2015-12-31 22:33 - 2013-05-18 17:00 - 00000000 ____D C:\Users\aguzzi\AppData\Roaming\EurekaLog

==================== Files in the root of some directories =======

2014-01-15 19:58 - 2014-01-15 20:09 - 0000132 _____ () C:\Users\aguzzi\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-05-19 20:57 - 2013-05-19 20:57 - 0099384 _____ () C:\Users\aguzzi\AppData\Roaming\inst.exe
2014-07-28 17:42 - 2014-07-28 17:42 - 0000098 _____ () C:\Users\aguzzi\AppData\Roaming\mbam.context.scan
2013-05-19 20:57 - 2013-05-19 20:57 - 0007859 _____ () C:\Users\aguzzi\AppData\Roaming\pcouffin.cat
2013-05-19 20:57 - 2013-05-19 20:57 - 0001167 _____ () C:\Users\aguzzi\AppData\Roaming\pcouffin.inf
2013-05-19 20:57 - 2013-05-19 20:57 - 0000055 _____ () C:\Users\aguzzi\AppData\Roaming\pcouffin.log
2013-05-19 20:57 - 2013-05-19 20:57 - 0082816 _____ (VSO Software) C:\Users\aguzzi\AppData\Roaming\pcouffin.sys
2013-06-28 13:01 - 2016-01-24 14:45 - 0001456 _____ () C:\Users\aguzzi\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-01-27 21:41 - 2016-01-27 21:41 - 0041472 _____ () C:\Users\aguzzi\AppData\Local\K-it.dat
2016-01-27 21:41 - 2016-01-27 21:41 - 0000187 _____ () C:\Users\aguzzi\AppData\Local\K-it.exe.config
2015-04-03 18:12 - 2015-04-03 18:12 - 0000767 _____ () C:\Users\aguzzi\AppData\Local\recently-used.xbel
2013-07-09 13:35 - 2014-07-21 11:23 - 0007625 _____ () C:\Users\aguzzi\AppData\Local\Resmon.ResmonCfg
2015-11-23 17:52 - 2015-11-23 17:52 - 0000000 _____ () C:\Users\aguzzi\AppData\Local\{0A63EDAA-9A7C-4C95-8653-CF2CB7B58C9B}
2014-03-06 12:02 - 2015-03-09 17:11 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-29 01:29

==================== End of FRST.txt ============================

 

 

 

and now Addition.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by aguzzi (2016-01-30 19:26:42)
Running from C:\Users\aguzzi\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-05-18 21:22:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1745219912-2714602360-568695940-500 - Administrator - Disabled)
aguzzi (S-1-5-21-1745219912-2714602360-568695940-1000 - Administrator - Enabled) => C:\Users\aguzzi
Guest (S-1-5-21-1745219912-2714602360-568695940-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1745219912-2714602360-568695940-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7+ Taskbar Tweaker v5.1 (HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\7 Taskbar Tweaker) (Version: 5.1 - RaMMicHaeL)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2016 (HKLM-x32\...\{64AB919C-28AA-4260-A147-1A88E53EE978}Visible) (Version: 19.0.6027 - Acronis)
Acronis True Image 2016 (x32 Version: 19.0.6027 - Acronis) Hidden
Acronis True Image 2016 Media Add-on (HKLM-x32\...\{6D9E5EBC-3602-4AAB-9BC4-1E23D57FED18}) (Version: 19.0.6027 - Acronis)
Acronis Universal Restore Bootable Media Builder (HKLM-x32\...\{396FA8A2-0154-4814-AED9-1EC5F81C2BA4}) (Version: 11.5.39006 - Acronis)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.1 License Manager (HKLM-x32\...\ArcGIS 10.1 License Manager) (Version: 10.1.2891 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.1 License Manager (x32 Version: 10.1.2891 - Environmental Systems Research Institute, Inc.) Hidden
Attribute Changer 7.10c (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.10c - Romain Petges)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BOINC (HKLM\...\{883F04B1-5714-44BF-A8D4-E995DD7F1D4B}) (Version: 7.6.6 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CALIFORNIA TOPO 2011 (HKLM-x32\...\catopo11) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
cGPSmapper Free 0100d (HKLM-x32\...\cGPSmapper Free_is1) (Version:  - cGPSmapper)
Citrix Online Launcher (HKLM-x32\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DisplayFusion 7.3.4 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.4.0 - Binary Fortress Software)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC)
Dropbox (HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
FinePrint (HKLM\...\FinePrint) (Version: 7.21 - FinePrint Software, LLC)
FlacSquisher 1.3.4 (HKLM-x32\...\FlacSquisher) (Version: 1.3.4 - FlacSquisher)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version:  - FreeVideoJoiner.com)
Free Video to MP3 Converter (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.71.1211 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2012.40 Update (HKLM-x32\...\{A0966294-1F16-411F-98BF-AB9FDED7B9C6}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin MapInstall (HKLM-x32\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}) (Version: 2.7.2 - Garmin Ltd or its subsidiaries)
Garmin TOPO U.S. 2008 (HKLM-x32\...\{47BA74C5-1890-4ED2-954A-AD11186D8E26}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin TOPO U.S. 24K West v2 (HKLM-x32\...\{C701DC2B-7240-43D8-B776-3653952E781F}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 5.8.0.1189 (HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\GoToMeeting) (Version: 5.8.0.1189 - CitrixOnline)
GrabIt 1.6.2 Beta (build 940) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
GSAK 8.5.1.52 (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
iCopy (HKLM-x32\...\iCopy) (Version: 1.6.1 - Matteo Rossi)
Ipswitch WS_FTP LE (HKLM-x32\...\WS_FTP LE) (Version:  - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junction Link Magic 2.0 (HKLM\...\Junction Link Magic_is1) (Version:  - )
K-Lite Codec Pack 11.6.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.6.6 - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.4.8 - Hermann Schinagl)
magicJack (HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
Mp3tag v2.60 (HKLM-x32\...\Mp3tag) (Version: v2.60 - Florian Heidenreich)
MP4Joiner v2.2 (HKLM-x32\...\MP4Joiner_is1) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenVPN Connect (HKLM-x32\...\{2C0CBAAF-6461-449E-B8E2-B56D77DA30F1}) (Version: 2.0.9.200 - OpenVPN Technologies)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
PDF24 Creator 7.0.7 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
SWF & FLV Player 3.0 (build 3.0.33.5106) (HKLM-x32\...\SWF & FLV Player_is1) (Version: 3.0.33.5106 - Eltima Software)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.60 - NCH Software)
SysTools PDF Unlocker - v3.1 (Build_1508) (HKLM-x32\...\{FBD68E88-2999-43B7-B249-E1B08FA2B065}_is1) (Version:  - SysTools Software)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TeraCopy 2.3 beta 2 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Subst (HKLM-x32\...\Visual Subst) (Version: 1.0.6 - NTWind Software)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Streamer 5.04 (HKLM-x32\...\VLC Streamer_is1) (Version:  - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.30 - VSO-Software SARL)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\WinDirStat) (Version:  - )
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Xmarks for IE (HKLM-x32\...\{ABFA6EAE-C9C0-4B39-B722-02094EF6B889}) (Version: 127.0.177 - Xmarks)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1189\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1745219912-2714602360-568695940-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B8F2F29-CC22-405B-987C-B6F28B3B2FC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {15903C07-01CB-4F9A-96C9-70C4E6EB9FE7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {19D1A7A2-6D1A-4F08-A8FA-3419737D385B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {3818EFA0-32C3-4A7E-9145-1A3DD47FDDC2} - System32\Tasks\IORRT => C:\IORRT\IORRT.bat [2013-05-21] ()
Task: {4708AB44-BCBD-4431-8ADA-6AB090ED9324} - System32\Tasks\PornTime => E:\Program Files\PornTime\pt.exe [2015-05-28] ()
Task: {5458C321-79B3-4794-8043-05A258895B21} - System32\Tasks\Hybrid => C:\IORRT\IORRT.bat [2013-05-21] ()
Task: {570D761B-3765-45F0-9E20-2D22003C7EA8} - System32\Tasks\AutoPico Daily Restart => E:\OS
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5FFC1898-FB67-4E88-A5AC-ADE42F6BD900} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {6629141F-4418-4091-BD93-183943F5ACEA} - \Advanced System Protector -> No File <==== ATTENTION
Task: {6BE124DE-48CE-41C0-A9B8-CA8188F14B31} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1745219912-2714602360-568695940-1000Core => C:\Users\aguzzi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {8A0FA6D2-DDDD-455E-B3B6-BC01A46C0272} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1745219912-2714602360-568695940-1000UA => C:\Users\aguzzi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-12] (Dropbox, Inc.)
Task: {91191FD4-6C5E-4CC6-9429-6C018D51DB88} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {B29ABE74-6348-40C2-A0DA-597A24C5046F} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2015-11-30] (DivX, LLC)
Task: {B408C3F4-27E6-4D56-A1B6-3ED84C6FDE7C} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-28] (Enigma Software Group USA, LLC.)
Task: {D12BD970-6D59-4F73-B528-F7788ED4FE0F} - \{79090E47-0E04-7E7A-0A11-7F0A787D117A} -> No File <==== ATTENTION
Task: {D14BC21F-ED62-4F20-981A-2D686B20801F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D576189A-A0C8-4974-8A82-D41F84C44164} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-06] ()
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745219912-2714602360-568695940-1000Core.job => C:\Users\aguzzi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1745219912-2714602360-568695940-1000UA.job => C:\Users\aguzzi\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-06-30 20:48 - 2015-08-06 16:44 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 11:29 - 2014-05-01 11:29 - 00098304 _____ () E:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2004-09-30 10:15 - 2004-09-30 10:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2016-01-27 21:00 - 2016-01-27 21:00 - 00383488 _____ () C:\Program Files\BitTorrent\BitTorrent.exe
2015-11-26 11:13 - 2015-11-26 11:13 - 07211112 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2014-10-12 17:23 - 2014-10-12 17:23 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () E:\Program Files\BOINC\zlib1.dll
2014-10-12 17:23 - 2014-10-12 17:23 - 00055296 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
2014-06-27 14:36 - 2014-06-27 14:36 - 00107520 _____ () E:\Program Files\Xmarks\IE Extension\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-12 16:33 - 2015-10-30 16:59 - 00034768 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00022848 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00023352 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00042296 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-12 16:33 - 2015-10-30 16:59 - 00116688 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 16:33 - 2015-10-30 16:59 - 00093640 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 16:33 - 2015-10-30 16:59 - 00018376 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00019760 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00105928 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 16:33 - 2015-10-30 16:59 - 00392144 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 16:33 - 2015-12-08 13:36 - 00381752 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 16:33 - 2015-10-30 16:59 - 00692688 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00020816 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00109520 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 01737032 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00020808 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00020800 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00021840 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00038696 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00024528 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00020936 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00114640 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00021320 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00124880 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00030160 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00043472 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00175560 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00028616 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00048592 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00024392 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00036296 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 16:33 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00117056 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00023376 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 16:33 - 2015-10-30 16:59 - 00134608 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 16:33 - 2015-10-30 16:59 - 00134088 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00240584 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00020280 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00052024 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00021304 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00350152 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00084792 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 16:33 - 2015-12-08 13:36 - 01826608 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 16:33 - 2015-10-30 17:00 - 00083912 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 03891504 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 01950000 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00519984 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00133936 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00225080 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00207672 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00024904 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00486704 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 16:33 - 2015-12-08 13:36 - 00357680 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 13:45 - 2015-10-30 17:01 - 00019920 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 13:45 - 2015-10-30 17:00 - 00786904 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 15:52 - 2015-10-30 17:00 - 00063448 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 13:45 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00059904 _____ () E:\Program Files\Trillian\zlib1.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00187392 _____ () E:\Program Files\Trillian\libpng15.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () e:\program files\trillian\languages\en\trillian.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00065536 _____ () E:\Program Files\Trillian\libungif.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00003584 _____ () e:\program files\trillian\languages\en\toolkit.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () e:\program files\trillian\languages\en\events.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00010752 _____ () e:\program files\trillian\languages\en\buddy.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00007168 _____ () e:\program files\trillian\languages\en\talk.dll
2015-12-18 17:45 - 2015-12-11 01:34 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-12-18 17:45 - 2015-12-11 01:34 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-12-18 17:45 - 2015-12-11 01:34 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-12-18 17:45 - 2015-12-11 01:34 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-12-18 17:45 - 2015-12-11 01:34 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-12-18 17:45 - 2015-12-11 01:34 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2013-08-01 23:37 - 2015-08-18 12:25 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2013-08-01 23:37 - 2015-08-18 12:25 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2015-11-26 11:07 - 2015-11-26 11:07 - 19884832 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2015-11-26 10:40 - 2015-11-26 10:40 - 00035760 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-11-26 10:43 - 2015-11-26 10:43 - 00056752 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2015-11-26 10:42 - 2015-11-26 10:42 - 00445872 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-11-26 10:36 - 2015-11-26 10:36 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2015-08-11 14:36 - 2015-08-11 14:36 - 00024896 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2015-11-26 11:13 - 2015-11-26 11:13 - 04093976 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2015-08-23 14:59 - 2015-08-23 14:59 - 00606672 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sqlite3.dll
2011-02-26 10:33 - 2011-02-26 10:33 - 00027648 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2011-02-27 09:12 - 2011-02-27 09:12 - 00110080 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2011-02-26 10:32 - 2011-02-26 10:32 - 00040960 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2011-02-26 10:33 - 2011-02-26 10:33 - 00096768 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2011-02-26 10:32 - 2011-02-26 10:32 - 00017408 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32profile.pyd
2010-08-24 17:48 - 2010-08-24 17:48 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2010-08-24 17:47 - 2010-08-24 17:47 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2010-08-24 17:48 - 2010-08-24 17:48 - 00720896 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2011-02-26 10:32 - 2011-02-26 10:32 - 00110080 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2011-02-26 10:34 - 2011-02-26 10:34 - 00354304 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pythoncom26.dll
2011-02-26 10:38 - 2011-02-26 10:38 - 00265728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
2014-10-12 17:22 - 2014-10-12 17:22 - 00019968 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2010-08-24 17:48 - 2010-08-24 17:48 - 00286208 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2010-08-24 17:48 - 2010-08-24 17:48 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2010-08-24 17:48 - 2010-08-24 17:48 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2014-10-12 17:23 - 2014-10-12 17:23 - 00010240 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2014-10-12 17:23 - 2014-10-12 17:23 - 00061440 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2014-10-12 17:23 - 2014-10-12 17:23 - 00039424 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2011-02-26 10:32 - 2011-02-26 10:32 - 00035840 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2014-10-12 17:22 - 2014-10-12 17:22 - 00007680 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2014-10-12 17:23 - 2014-10-12 17:23 - 00007168 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
2011-02-26 10:31 - 2011-02-26 10:31 - 00112128 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2011-02-26 10:31 - 2011-02-26 10:31 - 00017408 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2011-02-26 10:32 - 2011-02-26 10:32 - 00023552 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2010-08-24 17:48 - 2010-08-24 17:48 - 00585728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
2011-02-26 10:33 - 2011-02-26 10:33 - 00022528 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
2011-02-26 10:33 - 2011-02-26 10:33 - 00167424 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
2014-10-12 16:41 - 2014-10-12 16:41 - 00005120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
2016-01-28 19:01 - 2016-01-28 19:01 - 00257536 _____ () C:\ProgramData\caMyciloP\U-trax.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5F64C164

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

IE trusted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\sony.com -> hxxps://sony.com
IE trusted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\sonylearning.com -> hxxps://www.sonylearning.com
IE trusted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\wwts.com -> hxxps://wwts.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1745219912-2714602360-568695940-1000\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-01-27 23:10 - 00451169 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15470 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1745219912-2714602360-568695940-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\aguzzi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CVPND => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\Windows\pss\ImageBrowser EX Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "E:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: cdloader => "C:\Users\aguzzi\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: iTunesHelper => "E:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: OfficeSyncProcess => "E:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: SearchProtection => "C:\Users\aguzzi\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D859A904-B921-4645-9DC6-06EE4DC1C369}] => (Allow) C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C05C2081-0766-43EC-B323-5DF67F7175D8}] => (Allow) C:\Users\aguzzi\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E5996953-6E27-4B9A-954D-325A4C807A3F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{65FEF070-C0B1-425D-BDF4-96944F163A29}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9BBDC10C-88A7-4AA3-8B98-872A9463E774}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{678E89EC-B2F8-4C22-B1E9-50AF501E7F80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D34B18C0-253E-4A15-BEA5-DE1E2D53AA3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{02EC30AC-1A5C-4761-9B04-7850DDBA4B21}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10416D25-575E-4706-ACC6-760A36746A11}] => (Allow) E:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{ADCB8EBD-0FF4-45AA-818E-B12137351A63}] => (Allow) E:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{8EDA3B35-5B94-4EF1-B10D-984304C60746}] => (Allow) E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{E0B8777E-D28F-4E18-B137-DD2F4168DE45}] => (Allow) E:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{48867261-242C-487A-B937-46B74DE1A71A}F:\rtmp\rtmpgw.exe] => (Allow) F:\rtmp\rtmpgw.exe
FirewallRules: [UDP Query User{BFB0AE8C-78AB-46B5-829B-B91C1A0C7C77}F:\rtmp\rtmpgw.exe] => (Allow) F:\rtmp\rtmpgw.exe
FirewallRules: [TCP Query User{3C42B381-5ABF-4C07-918F-364A7F6D712A}F:\rtmp\rtmpsrv.exe] => (Allow) F:\rtmp\rtmpsrv.exe
FirewallRules: [UDP Query User{B6288C3C-3EAA-4F52-8777-F5FE91331BE1}F:\rtmp\rtmpsrv.exe] => (Allow) F:\rtmp\rtmpsrv.exe
FirewallRules: [TCP Query User{B2BE7618-AF0E-4827-8181-20A7F1B5669E}F:\rtmp\rtmpsuck.exe] => (Allow) F:\rtmp\rtmpsuck.exe
FirewallRules: [UDP Query User{324AE378-7FA1-474F-BEB3-ED84774BD07E}F:\rtmp\rtmpsuck.exe] => (Allow) F:\rtmp\rtmpsuck.exe
FirewallRules: [{FBF368CE-EAF5-465A-8872-6FCFBCE367CF}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{3948BE34-5870-48F1-9136-F7353D5AB423}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{E7EF7A67-9D70-4EBE-AB20-CCEF5260EF33}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{73B53B9F-A28A-43FE-9456-2076C26EB2FD}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{85535319-C37C-42BB-845B-54ED670D2C17}] => (Allow) C:\Users\aguzzi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{08BAE87C-8D7C-4D48-9ABE-AF4FCEE2E5C1}] => (Allow) C:\Users\aguzzi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{17899D27-71C3-436C-81CE-508CED2F48E3}] => (Allow) C:\Users\aguzzi\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{0D28062F-3D61-4C5D-A5D6-1E31B3680D9F}] => (Allow) C:\Users\aguzzi\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{B504BE42-B8C5-418C-98A9-F24FA68F596A}] => (Allow) C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
FirewallRules: [{BE422CCB-1025-4923-A32F-2343D0847468}] => (Allow) C:\Program Files (x86)\VLC Streamer\mDNSResponder.exe
FirewallRules: [{0A65E916-B8DB-4A1A-9AEE-6F99706C85D1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{47019314-5AAB-4827-BD02-DFF0F74A4113}] => (Allow) E:\Program Files\Winamp\winamp.exe
FirewallRules: [{A8F79669-6A98-4751-A7E5-28C24AE80342}] => (Allow) E:\Program Files\Winamp\winamp.exe
FirewallRules: [TCP Query User{8E0D2091-1DCC-4810-9114-65A8239A3270}C:\users\aguzzi\appdata\roaming\popcorn time\node-webkit\nw.exe] => (Allow) C:\users\aguzzi\appdata\roaming\popcorn time\node-webkit\nw.exe
FirewallRules: [UDP Query User{EF8B71F1-E967-4092-BCB9-49893AF30BF4}C:\users\aguzzi\appdata\roaming\popcorn time\node-webkit\nw.exe] => (Allow) C:\users\aguzzi\appdata\roaming\popcorn time\node-webkit\nw.exe
FirewallRules: [{76032322-422D-41ED-AD96-ED8ADF882D5F}] => (Block) C:\users\aguzzi\appdata\roaming\popcorn time\node-webkit\nw.exe
FirewallRules: [{F1AC1911-443B-49F6-82FF-CB94CCE8B6B0}] => (Block) C:\users\aguzzi\appdata\roaming\popcorn time\node-webkit\nw.exe
FirewallRules: [{BC98468B-E292-40B1-984F-1F6C3A185A92}] => (Allow) C:\Users\aguzzi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56700E93-7EB4-40C4-9D92-AE8C3B695560}] => (Allow) C:\Users\aguzzi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{483D6F8B-125D-4B65-92D7-90B7D138890A}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{1FE722CC-779E-4AB5-9CE2-CDFFA68C857B}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{ACF2238F-86C8-4BB7-B105-F152F6F8D3FC}] => (Block) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{9B8988D0-64F9-48E5-AAA1-3623E8578856}] => (Block) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{2BDCF918-3CE7-4D68-ADC6-ECB1BFE0E0A9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7F419D17-6726-4379-9376-51D5763AAFFD}] => (Allow) LPort=2869
FirewallRules: [{89F80BF7-466A-4988-891D-196D87BDDA00}] => (Allow) LPort=1900
FirewallRules: [{9E06C352-3671-45DA-B4AC-E9D171E21751}] => (Allow) E:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D6C40687-FE17-4E27-9625-59476EC67A07}] => (Allow) E:\Program Files\Video Download Capture\Video Download Capture.exe
FirewallRules: [{A943A2B6-4B83-41DB-92A6-40F63A38A1E6}] => (Allow) E:\Program Files\Video Download Capture\Video Download Capture.exe
FirewallRules: [{1BDD6A7A-3861-4848-A5E2-C1863B62F46E}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{7C5AE7DD-FED3-4567-A0F5-A2C7420ED8DA}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{0CE2FC9C-E1EE-45D8-956C-0BF3CA639E96}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{9AFD427C-6A70-4210-A888-F98F38685219}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{9E6C156A-8E21-4309-8C2F-73423FBEFC16}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{8508D43D-E559-46A4-BD69-075EE686C79F}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{CCE8D1B6-25D6-425A-9577-2DE8851890D9}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{E556CF59-A57A-4ADC-B253-5058F0B6CC59}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{B6508AF7-F8F4-4FCE-BEBB-ECCC9DC28685}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{3AD1DEDA-8F32-4545-AAE1-D00E4F1CFFEB}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{EC102E06-FF2E-4405-9F28-CCC012578BA7}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{93DC0DA6-17CF-47C9-ABA8-371DE400A8AC}] => (Allow) E:\Program Files\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{F04A40E9-AFAF-4765-8BAE-35957994560B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8618CE8-21C0-4B25-83D2-9DD4E134F97B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45055377-7029-48F9-8F5B-063660966A86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8C8336F5-36F4-47DC-9E1F-790448875FF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E9B995D9-57A7-45C3-9212-467DDD49C7BA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7D1C0944-C909-4537-93FD-9CBDB7815B91}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{33E3D69B-16B5-465A-9A6D-E14A87F9D59F}] => (Allow) C:\Users\aguzzi\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{6D4420DC-E802-4F17-A6EB-6BF40760F676}] => (Allow) C:\Users\aguzzi\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{25A843A4-F5C2-4D13-9886-8EBC78BF61DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DD7E1AF-9855-4F58-911A-C379F7F31BED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ADCD4FE9-607B-42F4-B646-8CC9BA93FFF4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{BC3C5A88-CD65-4ED1-A669-96DDE2B91414}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{9270346F-4425-4506-8D09-D36190B6226E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C57CD79D-FE6B-40F4-811A-FDD3E03A702A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7ECDA823-A74D-4F52-934D-2A6DD130A2BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5180C8AD-9BB6-4FDF-A367-AF26B560C449}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 11:01:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program trillian.exe because of this error.

Program: trillian.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000000E
Disk type: 0

Error: (01/27/2016 11:01:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: trillian.exe, version: 0.0.0.0, time stamp: 0x5565b8f1
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x5609fe30
Exception code: 0xc0000006
Fault offset: 0x0005b3d5
Faulting process id: 0xe20
Faulting application start time: 0xtrillian.exe0
Faulting application path: trillian.exe1
Faulting module path: trillian.exe2
Report Id: trillian.exe3

Error: (01/27/2016 09:55:25 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2972) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (01/27/2016 09:42:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WindoWeather.exe, version: 1.0.0.1, time stamp: 0x56a98599
Faulting module name: WindoWeather.exe, version: 1.0.0.1, time stamp: 0x56a98599
Exception code: 0xc0000005
Fault offset: 0x00007720
Faulting process id: 0x220c
Faulting application start time: 0xWindoWeather.exe0
Faulting application path: WindoWeather.exe1
Faulting module path: WindoWeather.exe2
Report Id: WindoWeather.exe3

Error: (01/24/2016 12:15:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: boinc.exe, version: 0.0.0.0, time stamp: 0x55a54052
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x560a0083
Exception code: 0xc0000005
Fault offset: 0x000000000001889d
Faulting process id: 0xd40
Faulting application start time: 0xboinc.exe0
Faulting application path: boinc.exe1
Faulting module path: boinc.exe2
Report Id: boinc.exe3

Error: (01/23/2016 08:16:25 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program trillian.exe because of this error.

Program: trillian.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000000E
Disk type: 0

Error: (01/23/2016 08:16:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: trillian.exe, version: 0.0.0.0, time stamp: 0x5565b8f1
Faulting module name: MSVCR90.dll, version: 9.0.30729.4940, time stamp: 0x4ca2ef57
Exception code: 0xc0000006
Fault offset: 0x0005d93b
Faulting process id: 0xf30
Faulting application start time: 0xtrillian.exe0
Faulting application path: trillian.exe1
Faulting module path: trillian.exe2
Report Id: trillian.exe3

Error: (01/23/2016 04:11:13 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Media Player Network Sharing Service because of this error.

Program: Windows Media Player Network Sharing Service
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000000E
Disk type: 0

Error: (01/23/2016 04:11:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: wmp.dll, version: 12.0.7601.18840, time stamp: 0x5541213c
Exception code: 0xc0000006
Fault offset: 0x0000000000030329
Faulting process id: 0x1a90
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (01/17/2016 02:25:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18057, time stamp: 0x55f8d3e4
Faulting module name: urlmon.dll, version: 11.0.9600.18057, time stamp: 0x55f8d510
Exception code: 0xc0000005
Fault offset: 0x00015d6c
Faulting process id: 0x568
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (01/30/2016 07:25:59 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (01/30/2016 07:25:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (01/29/2016 04:07:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/28/2016 11:07:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/28/2016 10:31:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2016 10:31:30 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/28/2016 10:31:30 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/28/2016 10:31:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (01/28/2016 10:31:30 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort1.

Error: (01/28/2016 10:31:29 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


CodeIntegrity:
===================================
  Date: 2016-01-27 21:42:35.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:42:35.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:39:42.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:39:42.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:38:34.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:38:34.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:38:34.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-27 21:38:34.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 13:31:15.604
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Backup of old Program Files\Program Files\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-09 13:31:15.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Backup of old Program Files\Program Files\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 940 Processor
Percentage of memory in use: 38%
Total physical RAM: 8191.18 MB
Available physical RAM: 5041.48 MB
Total Virtual: 16380.57 MB
Available Virtual: 12498.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:33.4 GB) NTFS
Drive e: (Jeneral Purpose Too) (Fixed) (Total:1397.26 GB) (Free:503.61 GB) NTFS
Drive f: (Storage Unit) (Fixed) (Total:3725.9 GB) (Free:1447.35 GB) NTFS
Drive g: (Data_Warehouse) (Fixed) (Total:7451.91 GB) (Free:5530.72 GB) NTFS
Drive h: () (Removable) (Total:14.45 GB) (Free:5.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 95FBFC4F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: A65343AC)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 398CF10D)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7452 GB) (Disk ID: 9A99AA60)

Partition: GPT.

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 959107A6)
Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 AM

Posted 31 January 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The file in bold is suspicious.
AppInit_DLLs-x32: C:\ProgramData\caMyciloP\U-trax.dll => C:\ProgramData\caMyciloP\U-trax.dll [257536 2016-01-28] ()

Please submit the file to Virus total following the instructions on this page.
https://www.virustotal.com/

Post the results for my review.
If you have any information on it please tell.

===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKU\S-1-5-21-1745219912-2714602360-568695940-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys 
Task: {6629141F-4418-4091-BD93-183943F5ACEA} - \Advanced System Protector -> No File <==== ATTENTION
Task: {91191FD4-6C5E-4CC6-9429-6C018D51DB88} - \Advanced System Protector_startup -> No File <==== ATTENTION
Task: {D12BD970-6D59-4F73-B528-F7788ED4FE0F} - \{79090E47-0E04-7E7A-0A11-7F0A787D117A} -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5F64C164

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Please post the Fislog.txt and let me know what problem persists.

#3 dukeofurl

dukeofurl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 01 February 2016 - 12:26 AM

The directory  C:\ProgramData\caMyciloP\  is unknown to me.  There was a similar named directory right next to it.  Inside it, alongide that U-trax.dll was many other unknown files, they are:

 

 Directory of C:\ProgramData\caMyciloP

01/31/2016  08:52 PM    <DIR>          .
01/31/2016  08:52 PM    <DIR>          ..
01/28/2016  06:36 PM         7,767,040 caMyciloP.d.dat
01/28/2016  06:36 PM            17,920 caMyciloP.dat
01/28/2016  09:13 PM               601 conf.config
01/28/2016  11:02 PM            75,456 Config.xml
01/28/2016  09:09 PM               111 confpro.config
01/31/2016  08:52 PM                 0 dir.txt
01/28/2016  07:01 PM           416,768 Joydex.bin
01/28/2016  07:01 PM           138,752 Lexilab.exe
01/28/2016  07:01 PM               266 Lexilab.exe.config
01/06/2016  02:27 AM             5,568 md.xml
01/28/2016  07:01 PM    <DIR>          ondemand
01/28/2016  09:09 PM             5,904 PrxCfg.xml
01/28/2016  07:01 PM           141,312 Silver-Tone.dat
01/28/2016  07:01 PM           404,480 Softhatin.bin
01/28/2016  07:01 PM           398,336 Softit.bin
01/28/2016  07:01 PM            24,576 Solozap.dat
01/28/2016  07:01 PM           129,536 Tampphase.bin
01/28/2016  07:01 PM           115,712 TranDantop.exe
01/28/2016  07:01 PM               266 TranDantop.exe.config
01/28/2016  07:01 PM           392,704 Trippleflex.bin
01/28/2016  07:01 PM           257,536 U-trax.dll
01/28/2016  06:36 PM           126,464 uninstall.dat
01/28/2016  07:01 PM           445,952 Voyaplus.bin
01/28/2016  07:01 PM           479,232 Zimfresh.bin
              23 File(s)     11,344,492 bytes
               3 Dir(s)  35,576,442,880 bytes free

 

 

 

I have submitted that U-trax.dll to https://www.virustotal.com/, and the results were:

 

AegisLab     Riskware.Gen!c     20160130
Symantec     PUA.Gen.4     20160129
VIPRE     Adware.Linkury     20160130
Everything else was green checkmark

 

 

 

I have done the fixlist.txt as you said, and ran FRST64, it says: Deleting temporary files C:\Users\aguzzi\Local\MOZILLA\FIREFOX\PROFILES  and the Fixing button text is grey, implying that it's still working, but I gave it 20 minutes and it didn't move, it looks frozen.

 

I will uninstall Java soon.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 AM

Posted 01 February 2016 - 08:25 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

EmptyTemp:
CloseProcesses:

AppInit_DLLs-x32: C:\ProgramData\caMyciloP\U-trax.dll => C:\ProgramData\caMyciloP\U-trax.dll [257536 2016-01-28] ()
C:\ProgramData\caMyciloP

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 dukeofurl

dukeofurl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 01 February 2016 - 03:49 PM

That seems to have fixed it.  With one exception that I can find.  Firefox, when opening a new tab, says "Firefox can't find the file at /C:/ProgramData/caMyciloPs/ff.NT" despite being changed to a real site in the Options.

 

What did I have?

 

 

Thank you so much



#6 dukeofurl

dukeofurl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 01 February 2016 - 03:52 PM

I have now fixed the tab problem, via about:config in Firefox.

 

Thank you so much

 

What did I have?  So that I can say SpyHunter4 did not catch it.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 AM

Posted 02 February 2016 - 08:39 AM

Symantec PUA.Gen.4 20160129

PUA is a (Potentially Unwanted Application) probably installed without your consent.

Probably a new version and SpyHunter is not aware of it.

If you still have the file in the Recycle bin send it to SpyHunter for their review.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 dukeofurl

dukeofurl
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 AM

Posted 02 February 2016 - 10:39 PM

Ah.  Yes, it definitely installed without my consent.

 

I don't think I still have it.

 

 

Thank you again



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,199 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 AM

Posted 03 February 2016 - 09:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users