Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need assistance Hijack this log


  • This topic is locked This topic is locked
18 replies to this topic

#1 Warrior50

Warrior50

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 06 February 2016 - 06:26 PM

Been having all kinds of issues. I run a windows 10 operating system. I need any help someone can provide me. I have run sfc/ scannow and I get errors. I have ran DISM and get errors.... kind of at a loss for words as to what is wrong. I have run malwarebytes but it comes up with nothing. I tried running CCleaner but get an error message that says something along these lines: "The program can't start because C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus (bunch of numbers after that part) is missing from your computer.

 

I have ran hijack this and combofix in the past (I know combofix isn't compatible with windows 10 and don't intent to use it). Could someone please look at my hijack this log and provide assistance.

 

Thanks

Warrior

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 06 February 2016 - 07:29 PM

Hello Warrior50 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
This section is  for harmful cleaning . Do you have a malware your doubt and Is there operating system CD ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 06 February 2016 - 07:36 PM

I did all the steps that you listed. I am not sure if it is a malware issue or a system file issue. I do not have an operating CD as I previously had Windows 7 installed when I bought the computer and I upgraded to Windows ten.



#4 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 06 February 2016 - 08:41 PM

Hi Warrior50,
 
If you want,system first, to overall status let's check. Let's make the necessary fix. After  other on windows 10 machine
Prepare repair disks and we try to  make  repair it . Okay?

 

If you think okay, then let's start it!

===============================

Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Note:

proxy.nfl2go.com:1234

is there proxy about your info ?

 

Sincerely  . :hello:


Edited by olgun52, 06 February 2016 - 08:43 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 06 February 2016 - 09:58 PM

Downloaded and ran the scan....

 

Not sure what you mean by the Proxy question... not really familiar with "is there a proxy about your info"

 

Here are the results... thanks again....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by StellarsPC (administrator) on STELLARSPC-HP (06-02-2016 21:48:10)
Running from C:\Users\StellarsPC\Desktop
Loaded Profiles: StellarsPC (Available Profiles: StellarsPC & Mcx1-STELLARSPC-HP & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\lxducoms.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
() C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [lxdumon.exe] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM-x32\...\Run: [lxduamon] => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-01-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [uTorrent] => C:\Users\StellarsPC\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [ZedgeToneSync] => C:\Users\StellarsPC\AppData\Local\Apps\2.0\Data\X774RC6X.ELT\7RDEC7R2.50M\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [Voobly] => "C:\Program Files (x86)\Voobly\voobly.exe" --startup
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [Hudl Mercury] => C:\Program Files (x86)\Hudl Mercury\HudlMercury.exe [3412320 2015-04-02] (Agile Sports Technologies)
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6452552 2016-01-22] (Plex, Inc.)
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\RunOnce: [Uninstall C:\Users\StellarsPC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StellarsPC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\RunOnce: [Uninstall C:\Users\StellarsPC\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StellarsPC\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk [2014-12-25]
ShortcutTarget: Device Monitor 4.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser 4\MBCameraMonitor.exe (PIXELA CORPORATION)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-3863878881-14844189-1490774679-1000] => proxy.nfl2go.com:1234
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07C226E6-763D-4A7F-A834-571E2B50B91C}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{3a146b79-4730-4c2a-a22a-21193196aa2b}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{a0f81787-13ac-42ad-b0f8-94f7989b48f3}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{d3f2c7b3-ffdf-4df1-b478-80beddd1a89a}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope ComcastSearch URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search
SearchScopes: HKLM -> ComcastSearch URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search
SearchScopes: HKLM -> {02DAE60D-991B-4B0D-8A41-4A844FECF688} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {02DAE60D-991B-4B0D-8A41-4A844FECF688} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> ComcastSearch URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {02DAE60D-991B-4B0D-8A41-4A844FECF688} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111202&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-26] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF NetworkProxy: "http", "proxy.nfl2go.com"
FF NetworkProxy: "http_port", 1234
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-09]
FF Extension: AdBlock Lite - C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2016-01-07]
FF Extension: Adblock Plus - C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-26] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20] [not signed]

Chrome:
=======
CHR Profile: C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-28]
CHR Extension: (Google Docs) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Google Sheets) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (CouchPotato) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2016-01-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-28]
CHR Extension: (Gmail) - C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881696 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2011-08-02] (Kinetic Jump Software, LLC) [File not signed]
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\WINDOWS\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [24064 2016-01-14] (sonarr.tv) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R1 pfmfs_A1C; C:\Windows\System32\Drivers\pfmfs_A1C.sys [258656 2014-07-11] (Pismo Technic Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 21:48 - 2016-02-06 21:48 - 00025673 _____ C:\Users\StellarsPC\Desktop\FRST.txt
2016-02-06 20:56 - 2016-02-06 21:48 - 00000000 ____D C:\FRST
2016-02-06 20:56 - 2016-02-06 20:56 - 02370560 _____ (Farbar) C:\Users\StellarsPC\Desktop\FRST64.exe
2016-02-06 18:10 - 2016-02-06 18:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\StellarsPC\Downloads\HijackThis.exe
2016-02-06 18:06 - 2016-02-06 18:09 - 00003256 _____ C:\Users\StellarsPC\Desktop\Rkill.txt
2016-02-06 18:06 - 2016-02-06 18:06 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\StellarsPC\Downloads\rkill.exe
2016-02-06 18:04 - 2016-02-06 18:04 - 05657667 _____ (Swearware) C:\Users\StellarsPC\Downloads\ComboFix.exe
2016-02-06 17:22 - 2016-02-06 17:22 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-02-06 17:05 - 2016-02-06 17:05 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-06 17:05 - 2016-02-06 17:05 - 00000865 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-02-06 17:05 - 2016-02-06 17:05 - 00000000 ____D C:\Program Files\CCleaner
2016-02-06 17:04 - 2016-02-06 17:04 - 06828320 _____ (Piriform Ltd) C:\Users\StellarsPC\Downloads\ccsetup514.exe
2016-02-06 17:00 - 2016-02-06 17:01 - 00000000 ____D C:\drzoidberg33-plexpy-be058ea
2016-02-06 14:45 - 2016-02-06 14:45 - 06700704 _____ C:\Users\StellarsPC\Desktop\Dism Log Feb 6th.txt
2016-02-06 14:45 - 2016-02-06 14:45 - 00165709 _____ C:\Users\StellarsPC\Desktop\Dism Log Feb 6th.rar
2016-02-06 14:23 - 2016-02-06 20:32 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19B1C3A2-23CC-42B4-AE6B-F9435F63DE88}
2016-02-05 17:09 - 2016-02-05 17:09 - 00155631 _____ C:\Users\StellarsPC\Desktop\CBS LOG Feb 5.rar
2016-02-05 01:55 - 2016-02-05 01:55 - 00002425 _____ C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-03 23:30 - 2016-02-03 23:30 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlexPy
2016-02-03 21:29 - 2016-02-03 21:30 - 29610680 _____ (Microsoft Corporation) C:\Users\StellarsPC\Downloads\WSUS-KB2720211-x64.exe
2016-02-03 16:12 - 2016-02-06 10:07 - 00000000 ____D C:\Users\StellarsPC\Desktop\drzoidberg33-plexpy-be058ea
2016-02-03 16:11 - 2016-02-03 16:11 - 00000000 ____D C:\Python27
2016-02-03 16:11 - 2016-02-03 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-01-31 18:17 - 2016-01-31 18:17 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-31 18:17 - 2016-01-31 18:17 - 00001824 _____ C:\ProgramData\Desktop\iTunes.lnk
2016-01-31 18:17 - 2016-01-31 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-31 18:17 - 2016-01-31 18:17 - 00000000 ____D C:\Program Files\iTunes
2016-01-31 18:17 - 2016-01-31 18:17 - 00000000 ____D C:\Program Files\iPod
2016-01-31 18:17 - 2016-01-31 18:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-31 17:30 - 2016-01-31 18:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-31 17:30 - 2016-01-31 17:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-01-31 17:30 - 2016-01-31 17:30 - 00000000 ____D C:\Program Files\Bonjour
2016-01-31 17:30 - 2016-01-31 17:30 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-31 17:30 - 2016-01-31 17:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-31 16:30 - 2016-01-31 16:40 - 167583000 _____ (Apple Inc.) C:\Users\StellarsPC\Downloads\iTunes6464Setup.exe
2016-01-31 12:50 - 2016-01-31 12:50 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-31 12:48 - 2016-01-31 12:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-31 12:48 - 2016-01-31 12:48 - 00001422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-31 12:48 - 2016-01-31 12:48 - 00001410 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-31 12:48 - 2016-01-31 12:48 - 00001410 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2016-01-31 12:48 - 2016-01-31 12:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-01-31 12:48 - 2016-01-31 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-31 12:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-01-31 12:43 - 2016-01-31 12:43 - 00000000 ___HD C:\$AVG
2016-01-31 12:43 - 2016-01-31 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-31 12:41 - 2016-01-31 12:41 - 02895464 _____ (AVG Technologies) C:\Users\StellarsPC\Downloads\AVG_Protection_Free_1115.exe
2016-01-31 11:59 - 2016-01-31 17:28 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-01-28 04:10 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 04:10 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 04:10 - 2016-01-16 01:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 04:10 - 2016-01-16 01:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 04:10 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 04:10 - 2016-01-16 00:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 04:10 - 2016-01-16 00:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 04:10 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 04:10 - 2016-01-16 00:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 04:10 - 2016-01-16 00:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 04:10 - 2016-01-16 00:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 04:10 - 2016-01-16 00:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 04:10 - 2016-01-16 00:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 04:09 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 04:09 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 04:09 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 04:09 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 04:09 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 04:09 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 04:09 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 04:09 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 04:09 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 04:09 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 04:09 - 2016-01-16 01:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 04:09 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 04:09 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 04:09 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 04:09 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 04:09 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 04:09 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 04:09 - 2016-01-16 01:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 04:09 - 2016-01-16 01:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 04:09 - 2016-01-16 01:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 04:09 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 04:09 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 04:09 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 04:09 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 04:09 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 04:09 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 04:09 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 04:09 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 04:09 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 04:09 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 04:09 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 04:09 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 04:09 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 04:09 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 04:09 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 04:09 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 04:09 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 04:09 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 04:09 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 04:09 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 04:09 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 04:09 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 04:09 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 04:09 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 04:09 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 04:09 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 04:09 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 04:09 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 04:09 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 04:09 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 04:09 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 04:09 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 04:09 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 04:09 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 04:09 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 04:09 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 04:09 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 04:09 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 04:09 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 04:09 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 04:09 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 04:09 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 04:09 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 04:09 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 04:09 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 04:09 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 04:09 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 04:09 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 04:09 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 04:09 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 04:09 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 04:09 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 04:09 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 04:09 - 2016-01-16 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 04:09 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 04:09 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 04:09 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 04:09 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 04:09 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 04:09 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 04:09 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 04:09 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 04:09 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 04:09 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 04:09 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 04:09 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 04:09 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 04:09 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 04:09 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 04:09 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 04:09 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 04:09 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 04:09 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 04:09 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 04:09 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 04:09 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 04:09 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 04:09 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 04:09 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 04:09 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 04:09 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 04:09 - 2016-01-16 00:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 04:09 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 04:09 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 04:09 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 04:09 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 04:09 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 04:09 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 04:09 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 04:09 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 04:09 - 2016-01-16 00:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-27 19:16 - 2016-02-01 20:36 - 00000000 ____D C:\ProgramData\NzbDrone
2016-01-27 19:16 - 2016-01-27 19:16 - 00000907 _____ C:\Users\Public\Desktop\Sonarr.lnk
2016-01-27 19:16 - 2016-01-27 19:16 - 00000907 _____ C:\ProgramData\Desktop\Sonarr.lnk
2016-01-27 19:16 - 2016-01-27 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarr
2016-01-27 14:34 - 2016-01-31 17:29 - 00000000 ____D C:\Program Files (x86)\SystemScheduler
2016-01-27 14:24 - 2016-01-27 14:24 - 00587776 _____ (Igor Pavlov) C:\Users\StellarsPC\Desktop\7za.exe
2016-01-27 00:44 - 2016-01-31 17:26 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2016-01-27 00:25 - 2016-01-27 00:26 - 368009078 _____ C:\Users\StellarsPC\Desktop\registry save.reg
2016-01-27 00:19 - 2016-02-06 16:52 - 00001344 _____ C:\Users\StellarsPC\Desktop\Should I Remove It.lnk
2016-01-27 00:19 - 2016-01-27 00:19 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2016-01-27 00:19 - 2016-01-27 00:19 - 00000000 ____D C:\Program Files (x86)\Reason
2016-01-27 00:12 - 2016-01-27 00:12 - 02178872 _____ (Reason Software Company Inc.) C:\Users\StellarsPC\Downloads\ShouldIRemoveIt_Setup.exe
2016-01-27 00:05 - 2016-01-02 20:14 - 02660496 ____N (Sysinternals - www.sysinternals.com) C:\Users\StellarsPC\Desktop\procexp.exe
2016-01-26 23:46 - 2016-01-26 23:52 - 00000000 ____D C:\AdwCleaner
2016-01-26 22:30 - 2016-01-27 01:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-26 15:58 - 2016-01-26 16:01 - 00247942 _____ C:\WINDOWS\ntbtlog.txt
2016-01-26 08:31 - 2016-01-26 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2016-01-25 17:52 - 2016-01-25 17:52 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\RepairTasks
2016-01-25 17:52 - 2016-01-25 17:52 - 00000000 ____D C:\Tasks 2016-01-25 175219
2016-01-25 17:08 - 2016-01-25 17:10 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Notepad++
2016-01-25 17:08 - 2016-01-25 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-01-25 17:08 - 2016-01-25 17:08 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-01-23 17:17 - 2016-02-06 15:59 - 00000000 ____D C:\xampp
2016-01-23 16:41 - 2016-01-23 16:41 - 00000063 _____ C:\Users\StellarsPC\.gitconfig
2016-01-23 16:35 - 2016-01-23 16:35 - 00000000 ____D C:\Users\StellarsPC\.cordova
2016-01-23 15:30 - 2016-01-23 16:35 - 00000297 _____ C:\Users\StellarsPC\AppData\Local\.meteorsession
2016-01-23 15:25 - 2016-01-23 15:25 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\PaxHeader
2016-01-23 15:23 - 2016-01-23 15:23 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\java
2016-01-23 10:19 - 2016-01-27 07:23 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\FileBot
2016-01-23 10:19 - 2016-01-23 10:19 - 00002161 _____ C:\Users\StellarsPC\Desktop\FileBot.lnk
2016-01-23 10:19 - 2016-01-23 10:19 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileBot
2016-01-23 10:19 - 2016-01-23 10:19 - 00000000 ____D C:\Program Files\FileBot
2016-01-22 20:23 - 2016-01-23 17:23 - 00000000 ____D C:\Program Files (x86)\SABnzbd
2016-01-22 20:23 - 2016-01-22 20:24 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\sabnzbd
2016-01-22 20:19 - 2016-01-22 20:19 - 00001288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CouchPotato.lnk
2016-01-22 20:18 - 2016-01-23 05:59 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\CouchPotato
2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2016-01-20 21:33 - 2016-01-20 21:33 - 00000000 ____D C:\Users\StellarsPC\.idlerc
2016-01-20 21:17 - 2016-01-20 21:17 - 00000000 ____D C:\ProgramData\Git
2016-01-13 00:05 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 00:05 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 00:05 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 00:05 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 00:05 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 00:05 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 00:05 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 00:05 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 00:05 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 00:05 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 00:05 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 00:05 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 00:05 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 00:05 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 00:05 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 00:05 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 00:05 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 00:05 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 00:05 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 00:05 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 00:05 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 00:05 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 00:05 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 00:05 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 00:05 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 00:05 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 00:05 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 00:05 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 00:05 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 00:05 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 00:05 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 00:05 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 00:05 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 00:05 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 00:05 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 00:05 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 00:05 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 00:05 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 00:05 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 00:05 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 00:05 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 00:05 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 00:05 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 00:05 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 00:05 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 00:05 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 00:05 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 00:05 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 00:05 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 00:05 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 00:05 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 00:05 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 00:05 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 00:05 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 00:05 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 00:05 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 00:05 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 00:05 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 00:05 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 00:05 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 00:05 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 00:05 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 00:05 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 00:05 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 00:05 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 00:05 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 00:05 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 00:05 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 00:05 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 00:05 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 00:05 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 00:05 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 00:05 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-10 03:37 - 2016-02-04 03:57 - 00003292 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForStellarsPC
2016-01-10 03:37 - 2016-02-04 03:57 - 00000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForStellarsPC.job
2016-01-08 10:46 - 2016-01-08 10:46 - 00272304 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsha.sys
2016-01-08 10:46 - 2016-01-08 10:46 - 00023472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avguniva.sys
2016-01-07 15:03 - 2016-01-07 15:03 - 00021632 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgboota.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 21:48 - 2011-09-30 10:51 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-06 21:25 - 2012-04-11 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-06 17:55 - 2014-08-30 15:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-06 17:36 - 2015-12-03 04:55 - 01014690 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-06 17:36 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-06 17:33 - 2011-09-30 10:51 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-06 17:30 - 2011-07-15 15:09 - 00000000 ____D C:\ProgramData\PDFC
2016-02-06 17:29 - 2015-12-03 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-06 17:29 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-06 16:30 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-06 16:30 - 2012-11-18 17:08 - 00000000 ____D C:\ProgramData\MFAData
2016-02-06 15:54 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-06 14:23 - 2014-08-03 10:33 - 00000000 __SHD C:\Users\StellarsPC\AppData\Local\EmieUserList
2016-02-06 14:23 - 2014-08-03 10:33 - 00000000 __SHD C:\Users\StellarsPC\AppData\Local\EmieSiteList
2016-02-06 10:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-06 10:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-05 18:21 - 2014-12-28 11:33 - 00000000 ____D C:\Users\StellarsPC\Downloads\PLEX
2016-02-05 17:48 - 2011-09-18 17:49 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\uTorrent
2016-02-05 02:18 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-05 01:55 - 2015-08-31 20:35 - 00000000 ___RD C:\Users\StellarsPC\OneDrive
2016-02-04 20:50 - 2015-08-28 21:50 - 00002234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 20:50 - 2015-08-28 21:50 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-04 20:50 - 2015-08-28 21:50 - 00002222 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2016-02-04 20:12 - 2015-08-31 20:28 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\Packages
2016-02-04 18:52 - 2015-11-13 07:47 - 00000000 ____D C:\Users\StellarsPC\Documents\Outlook Files
2016-02-03 15:46 - 2015-11-13 08:17 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-31 17:30 - 2011-09-22 22:23 - 00000000 ____D C:\ProgramData\Apple
2016-01-31 17:29 - 2012-04-24 18:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-31 17:25 - 2011-09-22 22:25 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Apple Computer
2016-01-31 16:31 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2016-01-31 14:04 - 2015-12-03 04:56 - 00000000 ____D C:\Users\StellarsPC
2016-01-31 13:35 - 2012-11-09 15:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-31 12:47 - 2012-11-09 15:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-01-31 12:46 - 2011-09-24 16:53 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\vlc
2016-01-31 12:44 - 2015-11-13 07:47 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\Avg
2016-01-31 12:43 - 2015-11-13 08:07 - 00000000 ____D C:\ProgramData\Avg
2016-01-31 12:43 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-31 12:43 - 2012-11-18 17:19 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-31 12:41 - 2015-11-13 07:47 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\AvgSetupLog
2016-01-31 11:59 - 2013-03-23 11:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-01-31 11:59 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-30 14:26 - 2008-12-20 17:01 - 00000000 ____D C:\Users\StellarsPC\Documents\My PSP Files
2016-01-29 15:15 - 2015-08-31 20:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-27 16:35 - 2011-07-15 15:05 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-01-27 16:34 - 2011-07-15 15:05 - 00000000 ____D C:\ProgramData\WildTangent
2016-01-27 01:52 - 2014-03-24 09:26 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\TSVNCache
2016-01-27 00:20 - 2015-03-19 17:50 - 00000000 ____D C:\Program Files (x86)\Voobly
2016-01-27 00:19 - 2013-03-19 15:08 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-01-27 00:19 - 2013-03-19 15:08 - 00000000 __SHD C:\AI_RecycleBin
2016-01-26 15:45 - 2011-12-01 20:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-26 15:44 - 2015-12-03 07:43 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-26 14:59 - 2015-03-04 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-26 14:59 - 2014-08-30 15:47 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-26 14:59 - 2014-08-30 15:47 - 00001173 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-26 14:59 - 2014-08-30 15:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-26 14:44 - 2015-11-13 07:47 - 00000000 ___RD C:\Users\StellarsPC\iCloudDrive
2016-01-26 14:18 - 2014-10-25 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-26 14:18 - 2014-10-25 12:09 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-26 14:18 - 2014-06-02 09:54 - 00000000 ____D C:\ProgramData\Oracle
2016-01-26 14:17 - 2015-08-27 18:32 - 00000000 ____D C:\Users\StellarsPC\.oracle_jre_usage
2016-01-26 14:17 - 2014-10-25 12:09 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-26 10:02 - 2013-08-11 15:32 - 00000865 _____ C:\Users\StellarsPC\Desktop\µTorrent.lnk
2016-01-26 08:31 - 2015-12-03 04:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-24 11:19 - 2015-03-05 14:20 - 00027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2016-01-24 11:19 - 2015-03-05 14:20 - 00003276 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2016-01-24 11:19 - 2015-03-05 14:20 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2016-01-24 11:19 - 2015-03-05 14:20 - 00000000 ____D C:\Program Files\pia_manager
2016-01-23 16:39 - 2014-12-27 21:32 - 00000000 ____D C:\Program Files (x86)\Plex
2016-01-16 11:02 - 2015-04-21 20:06 - 00000000 ____D C:\Users\StellarsPC\Downloads\Posters
2016-01-14 03:47 - 2013-03-13 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 03:47 - 2013-03-13 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 06:40 - 2013-03-13 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-13 06:37 - 2013-08-15 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 06:31 - 2011-09-18 10:48 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 06:31 - 2009-07-13 21:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-01-08 16:45 - 2015-07-31 16:05 - 00000000 ____D C:\Users\StellarsPC\Downloads\4K-wallpaper
2016-01-08 16:42 - 2015-11-14 18:50 - 00000000 ____D C:\Users\StellarsPC\Downloads\4K Christmas Wallpaper

==================== Files in the root of some directories =======

2013-05-21 06:34 - 2014-06-25 01:20 - 0003737 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2016-01-23 15:30 - 2016-01-23 16:35 - 0000297 _____ () C:\Users\StellarsPC\AppData\Local\.meteorsession
2011-09-30 15:02 - 2014-05-29 13:35 - 0004260 _____ () C:\ProgramData\lxdu.log
2011-09-30 15:12 - 2012-09-09 19:12 - 0000887 _____ () C:\ProgramData\lxduDiagnostics.log
2012-01-19 18:52 - 2014-05-27 18:24 - 0008490 _____ () C:\ProgramData\lxduJSW.log
2014-05-29 13:42 - 2014-05-29 13:42 - 1421900 _____ () C:\ProgramData\SPL4A95.tmp
2013-12-17 23:26 - 2013-12-17 23:26 - 1613652 _____ () C:\ProgramData\SPL4B23.tmp
2014-06-30 12:34 - 2014-06-30 12:34 - 2188297 _____ () C:\ProgramData\SPL7F86.tmp
2014-05-03 02:15 - 2014-05-03 02:15 - 0446495 _____ () C:\ProgramData\SPLBC1D.tmp
2013-12-17 22:41 - 2013-12-17 22:41 - 1614720 _____ () C:\ProgramData\SPLD17.tmp

Some files in TEMP:
====================
C:\Users\StellarsPC\AppData\Local\Temp\7za.exe
C:\Users\StellarsPC\AppData\Local\Temp\avguirn_081644869246.exe
C:\Users\StellarsPC\AppData\Local\Temp\avguirn_081958593532.exe
C:\Users\StellarsPC\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\StellarsPC\AppData\Local\Temp\msvcp120.dll
C:\Users\StellarsPC\AppData\Local\Temp\msvcr120.dll
C:\Users\StellarsPC\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\StellarsPC\AppData\Local\Temp\sqlite3.dll
C:\Users\StellarsPC\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-06 10:12

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by StellarsPC (2016-02-06 21:49:18)
Running from C:\Users\StellarsPC\Desktop
Windows 10 Home (X64) (2015-12-03 10:26:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3863878881-14844189-1490774679-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3863878881-14844189-1490774679-503 - Limited - Disabled)
Guest (S-1-5-21-3863878881-14844189-1490774679-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3863878881-14844189-1490774679-1002 - Limited - Enabled)
Mcx1-STELLARSPC-HP (S-1-5-21-3863878881-14844189-1490774679-1003 - Administrator - Enabled) => C:\Users\Mcx1-STELLARSPC-HP
StellarsPC (S-1-5-21-3863878881-14844189-1490774679-1000 - Administrator - Enabled) => C:\Users\StellarsPC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AppLifeSetup (x32 Version: 1.0.0 - Microsoft) Hidden
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
Avery Template (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000008}) (Version: 2.0.0.0 - Avery)
Avery Template (HKLM-x32\...\{A760067A-C07E-1033-0000-A764AC000012}) (Version: 2.0.0.0 - Avery)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.41.7441 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7441 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (x32 Version: 2011.0113.2337.42366 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 3 - Your Mom)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Fusion Retail by FatalError (HKLM-x32\...\Driver Fusion Retail_is1) (Version: 1.4.0 - )
Everio MediaBrowser 4 (HKLM-x32\...\{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}) (Version: 4.00.231 - PIXELA)
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FileBot (HKLM\...\{CA3D594A-9D1D-4505-B697-0EB5E6AFDF1F}) (Version: 4.6.1 - Reinhard Pointner)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hudl Mercury (HKLM-x32\...\{BB93E1B1-1149-4303-9504-45993A2489CB}_is1) (Version: 1.4.19 - Agile Sports Technologies, Inc.)
Hulu Desktop (HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3609 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3609 - CyberLink Corp.) Hidden
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
MAGIX Slideshow Maker 2 (HKLM-x32\...\MAGIX_MSI_Slideshow_Maker_2) (Version: 2.0.0.8 - MAGIX AG)
MAGIX Slideshow Maker 2 (x32 Version: 2.0.0.8 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Browser DVD/BD Image System Support Package (HKLM\...\pfm-license-mediabrowser.txt) (Version:  - )
Media Browser Server (HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Media Browser Server) (Version: 3.0 - Media Browser Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PDF Combine (HKLM-x32\...\PDF Combine_is1) (Version: 2.5 - Softplicity, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{40fb0edd-d178-4968-87d6-83fa4adb37bf}) (Version: 0.9.1502 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1502 - Plex, Inc.) Hidden
Port Royale 3 (HKLM-x32\...\{68DED384-1F74-4AEE-8B8E-95AF15572FE3}) (Version: 1.0.0.0 - Gaming Minds Studios GmbH)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
PowerTeacher Gradebook (HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\PowerTeacher Gradebook) (Version:  - Pearson School Systems)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Ralink Wireless LAN Installation Program for VISTA v2.0.6.0 (HKLM-x32\...\{FDE773CD-9201-4655-87F3-4E051860D47D}) (Version: 1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Sonarr version 2.0 (HKLM-x32\...\{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 2.0 - Team Sonarr)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
ToneSync for Windows (HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\c2c9648a374f64d1) (Version: 1.2.3.309 - Zedge Europe AS)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Webshots Desktop (HKLM-x32\...\{2857dbef-0b50-361c-8690-7d505747009f}) (Version: 3.1.5.7620 - AG Interactive)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinX DVD Ripper Platinum 7.3.5 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.12.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.1.12.0 - WonderShare Software Co.,Ltd.)
Wondershare Photo Collage Studio 4.2.16.1 (HKLM-x32\...\Wondershare Photo Collage Studio_is1) (Version: 4.2.16.1 - Wondershare Software Co.,Ltd.)
Wondershare Video Converter Ultimate(Build 5.5.1.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version:  - Wondershare Software)
Xilisoft AVI to DVD Converter (HKLM-x32\...\Xilisoft AVI to DVD Converter) (Version: 7.1.3.20121219 - Xilisoft)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3863878881-14844189-1490774679-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\StellarsPC\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {06640CE1-0C9F-4294-A322-30989D8F948A} - System32\Tasks\{6118D811-E98C-4262-A05A-D472AF32DAC2} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Age of Empires II\AoFE_Launcher.exe" -d "C:\Program Files (x86)\Microsoft Games\Age of Empires II"
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0FFC55D5-EAF2-49DF-88BC-E8D2826B279F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1324562B-3A56-42E6-AA26-C031D8FE6CD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1B02DF09-0782-4A7D-84A4-4F0EA5317E6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)
Task: {21D0EA35-2D19-49AF-B230-B35158754611} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {279E2C22-0E72-4237-AE0D-32D3EA5E43D6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2DA5A06F-841D-41A5-B0A0-4601E0646416} - System32\Tasks\{40F04E34-7D7B-4C73-BAE7-6C7445000969} => pcalua.exe -a C:\Users\StellarsPC\Downloads\HijackThis.exe -d C:\Users\StellarsPC\Downloads
Task: {32E41CC9-B0F3-4F05-A72E-58B13006F77C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3A77AF33-ABDE-4634-901E-CA5F8A1E1F79} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3ED92234-52BA-4DC3-96B1-977692D1AB73} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {4168080B-5CD8-48E5-8A6A-FFE3D4D8D980} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {463B5444-3F33-48CB-B539-EA5D858E522D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {46A7BC34-726E-4366-B6AD-B2EF59A390C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {477C7E0B-D333-4A63-A317-064E3FAE81E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4D23B7D4-11B8-465F-87E4-B72E1937E743} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {56866FD5-0BED-48D9-BA4A-91896CACBDBC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5D75BBDA-B98B-4CA2-BFAE-7D97C0E45A80} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-01-24] ()
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {64CEB95E-E1F9-49FD-9A46-563D4C9F64A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6D60F3D7-2F6C-412F-A9D7-1C34415D90FF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {78D81EF5-D0C8-40F0-81E3-B03E62613479} - System32\Tasks\Installation App Launcher => C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()
Task: {79742420-C642-49D1-B996-E83BBE582446} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7E07C5D2-1EE1-4542-BFD6-AF1CC085A7C4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {82DD6937-AF75-406A-B658-DE1A8566FE79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8705CD74-3AD8-4F5D-BAD6-F0503792E735} - System32\Tasks\HPCeeScheduleForStellarsPC => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8DA06BEB-6A71-48B6-AAF2-AAE3B54072F5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-STELLARSPC-HP => C:\Windows\ehome\McxTask.exe
Task: {8EE518DE-97EB-407B-8D8A-289167F58E44} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {989F305C-5D55-4F2C-8B7B-0447C394373B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A2B00C18-2D95-44B8-86E6-FE9BA9FC7572} - System32\Tasks\{A2037BE1-2E56-4E3E-B49B-35DAFF92DDF7} => pcalua.exe -a C:\Users\StellarsPC\Desktop\mpssetup.exe -d C:\Users\StellarsPC\Desktop
Task: {A2FC32FB-1B51-4322-B18E-02AEA74DF600} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {B15896BE-D1BC-479C-8434-DDDF865F3FB6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B3B758F8-49A4-4230-81BD-5C5C8096696D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C0321E92-3E59-4139-8628-DA9C1903B3DC} - \boosterpop -> No File <==== ATTENTION
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C18052DE-950B-4A4D-8483-E69921D857BA} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] ()
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CE06253C-1B63-4C48-A8AF-C1DEF8048284} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DC69659C-9C9A-4AFF-9D7F-81D2FBCD5885} - System32\Tasks\{4B7B631E-C0B7-4B57-8362-0E8AE63597C3} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age of Empires 2 Age of Kings + The Conquerors by sielxm3d\AoFE_Launcher.exe" -d "C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age of Empires 2 Age of Kings + The Conquerors by sielxm3d"
Task: {E2CDD59E-24F8-47B5-84A2-CA7A9F394247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EA27856B-FBFA-4DF9-9FA9-AD33BD8296B6} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-12-22] (Oracle Corporation)
Task: {EBB2DD7F-3DCD-4CEA-94E8-0D3A43749812} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EFCB74D7-2434-4159-87AC-FDF4230B6C91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F396CEF0-40D7-4B6D-99AF-876F725816AE} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {F9E1329C-E933-4C23-8FC3-812F61D2B88F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForStellarsPC.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 04:51 - 2009-10-16 15:07 - 00186880 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-11 03:00 - 2009-08-19 20:49 - 00025600 _____ () C:\WINDOWS\system32\lxducaps64.dll
2011-11-11 03:00 - 2009-08-19 20:49 - 01400320 _____ () C:\WINDOWS\system32\lxdudrs64.dll
2011-11-11 03:00 - 2009-08-19 20:39 - 00054784 _____ () C:\WINDOWS\system32\lxducnv464.dll
2015-12-03 07:38 - 2015-12-03 07:38 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 07:38 - 2015-12-03 07:38 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-11-23 17:02 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-12-18 07:19 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 07:19 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2011-09-30 15:02 - 2010-02-04 05:10 - 00676520 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2011-09-30 15:02 - 2010-02-04 05:10 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
2016-01-13 00:05 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:05 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 04:09 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 04:09 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-05-14 11:45 - 2014-05-14 11:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2016-01-31 12:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-31 12:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-31 12:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-31 12:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-31 12:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00851784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00057672 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00097608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 01986376 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 01743688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00501064 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00031048 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00083784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00206664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00551984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libdcadec.dll
2011-09-30 15:02 - 2010-02-04 04:52 - 00380928 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2011-09-30 15:02 - 2009-10-16 10:53 - 00188416 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2011-09-30 15:02 - 2009-10-16 10:53 - 00073728 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducats.dll
2011-09-30 15:02 - 2010-02-04 04:52 - 01036288 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2011-09-30 15:02 - 2010-02-04 04:52 - 00081920 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2011-09-30 15:02 - 2010-02-04 04:35 - 00069632 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2011-09-30 15:02 - 2010-01-21 05:09 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2011-09-30 15:02 - 2010-01-21 05:09 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2011-09-30 15:02 - 2010-01-21 05:08 - 00065536 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2011-09-30 15:02 - 2008-03-25 03:53 - 00012288 _____ () C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2015-11-13 08:07 - 2015-11-13 07:48 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-01-22 01:27 - 2016-01-22 01:27 - 00055112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2016-01-22 01:27 - 2016-01-22 01:27 - 00038728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2016-01-22 01:27 - 2016-01-22 01:27 - 00029512 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2016-01-22 01:27 - 2016-01-22 01:27 - 00045896 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2016-01-22 01:27 - 2016-01-22 01:27 - 00853832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2016-01-22 01:26 - 2016-01-22 01:26 - 00073544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2016-01-22 01:26 - 2016-01-22 01:26 - 00177480 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2016-01-22 01:27 - 2016-01-22 01:27 - 00204104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2016-01-22 01:26 - 2016-01-22 01:26 - 00026440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2016-01-22 01:27 - 2016-01-22 01:27 - 00092488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2016-01-22 01:26 - 2016-01-22 01:26 - 00122696 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2016-01-22 01:26 - 2016-01-22 01:26 - 00700744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2016-02-04 20:50 - 2016-02-03 02:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
2016-02-04 20:50 - 2016-02-03 02:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll
2016-02-04 20:50 - 2016-02-03 02:27 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-27 00:15 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\StartupFolder: => "Device Monitor 4.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "Hudl Mercury"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "Voobly"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "ZedgeToneSync"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615piz"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{261D7AC7-6AE6-4A25-853D-73EF7F20A470}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{7B7410B9-F640-4D4E-961B-977350FF98D1}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{E39D5E4E-E752-4639-AD74-D4A27936D308}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{1693BD2D-FEEB-4554-9367-6774DEDDE017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2A3FBB7-F3F1-40C0-8E2C-D4B636B41284}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00A3F5B4-F6FD-436A-B912-FBC505CAAC7E}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{A31AC29D-705F-4AD2-AFB7-6F3F8473BA4C}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{2030B8AC-8FB8-4BEB-BD22-8C9A1A44A43F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{3A34616D-0E81-40C4-94EC-372FC503CC00}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{3C5737E5-9393-41DE-A52B-D78A53066FE0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4B105600-1DA5-4629-BB84-E840901D6CE8}] => (Allow) LPort=2869
FirewallRules: [{6774B1D3-92D3-49E0-9DDC-58212EBDC760}] => (Allow) LPort=1900
FirewallRules: [{63DB65AF-E6B2-4E59-8CAC-F5AAB7686E96}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{613171F6-A5E9-449E-BED6-A33CB6232E73}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FDE4024A-973F-4EF5-8FCE-FBCAA52A82C7}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{2F17EC78-2065-4CB6-8F65-CA83D4A13E9A}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{3F87B6A8-948F-4761-982A-B5D92CCE1A5D}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{802F75DA-A06D-44AC-B71F-90D580C3EA36}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{410E1331-F6CD-450E-B2E9-82BDDF7CFA49}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{C0F15926-65B3-4093-8A5A-0D871CFC11F5}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{A633CA42-9C02-4BE0-BE7F-5F86548311B5}] => (Allow) C:\Program Files (x86)\Kalypso Media\Port Royale 3\PortRoyale3.exe
FirewallRules: [{BE0663D5-539A-41B2-86A2-33F8D0AAD930}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{04134135-C976-4DCD-BB3B-B600F2AB13A8}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{20C278BD-54BD-4B30-9EE3-4FBBB9E266D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AE09E9F8-A811-4EFD-B45D-083CFED178E2}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{373D985D-C68C-4B7D-9C06-CEAEA2816BF6}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{BB94A8B4-F46B-40DA-83E3-0E9E5A0FDE80}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{EC220816-3ABA-42FE-8CE7-AC3884FF4F81}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{D0E7569E-763C-467F-BAA8-2F0FEF653301}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{0B515F47-D61B-4DF5-97CC-39C610DA8CE0}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{E6523F66-FF8C-4B02-8761-F03682F3F731}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{89358254-A2A8-4E61-AE2A-E311153C9C3E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{6DB00CEC-ACCB-4D0F-AFA7-8AA1A4E42657}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
FirewallRules: [{F0A271A8-8A99-485E-80C0-89B86F9B1774}] => (Allow) C:\Program Files (x86)\Jawbone\JawboneUpdater.exe
FirewallRules: [{C3556248-77F9-4AD9-8A0A-1BE49792BCF8}] => (Allow) C:\Users\StellarsPC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2D05B4B3-F850-4543-BB66-E4CB92771071}] => (Allow) C:\Users\StellarsPC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D6DBB2E6-7A41-419F-B7E6-2684B06E3FC3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{6263F160-FFE9-4588-B896-8CA986F3443C}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{4E1AEFAB-F253-4896-BECD-52A5B5A45FD0}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{48568698-DDE9-4EE4-B1A8-48E895C68015}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{6EE341AA-DCE0-447E-8242-9B9B6E3D75A3}] => (Allow) C:\Users\StellarsPC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D257F597-43FD-4955-A74B-BF5FE1E2C1D7}] => (Allow) C:\Users\StellarsPC\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0678699D-71E2-4E11-94C8-019BD7E73AA1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9070B1A9-86DF-4B13-B094-D739C05034C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{08B76A7A-1FE1-47EC-830F-DDD11AE28F00}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{993913A8-B341-4ABE-9F22-571F6F85A7AE}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{814B5F25-029E-48BC-9F27-C42695A1E128}] => (Allow) LPort=7359
FirewallRules: [{D10E5E70-348C-4B75-8933-85E009CC75EE}] => (Allow) LPort=8096
FirewallRules: [{280A6E63-B6D9-4DBA-A77B-CA1B3BCB449C}] => (Allow) LPort=8920
FirewallRules: [TCP Query User{FBECC18C-A66D-4B55-A693-3CB327E22480}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{1785E7DD-CCE9-462C-B3C5-3BF1B43AA8F0}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [{30F25C5C-5C3D-4460-84AF-AA66569F60A1}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{37CD4531-AAE0-4F50-9956-8866BB251AA1}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{CDF56E9B-E4A7-4522-8C2F-4D83FDA6BFC7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\aoc.exe
FirewallRules: [{D9F3CD80-A6F7-49E0-A808-DF695AC37D25}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\aoc.exe
FirewallRules: [TCP Query User{F58E500F-1AE1-41B3-8F6F-7FED48261E22}C:\users\stellarspc\desktop\aoe ii\age2_x1.exe] => (Block) C:\users\stellarspc\desktop\aoe ii\age2_x1.exe
FirewallRules: [UDP Query User{9776D837-A30C-4F36-9D7D-61B6300D0C3F}C:\users\stellarspc\desktop\aoe ii\age2_x1.exe] => (Block) C:\users\stellarspc\desktop\aoe ii\age2_x1.exe
FirewallRules: [TCP Query User{6274CADC-3C76-4135-9F62-083A5276AFDA}C:\users\stellarspc\downloads\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe] => (Allow) C:\users\stellarspc\downloads\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{9733D384-C1C1-477B-8FEA-7BA221341295}C:\users\stellarspc\downloads\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe] => (Allow) C:\users\stellarspc\downloads\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{82F4ADC8-FA54-40CF-B941-0137058A9985}C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{C120D2AD-5AC3-41CC-A0F4-5AA4C9CB70EC}C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{0483C404-E22E-44F7-8DD2-7BA280191853}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files (x86)\microsoft games\age of empires ii\empires2.icd
FirewallRules: [UDP Query User{45A9CEF7-2B79-49D2-A461-936F1B939577}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files (x86)\microsoft games\age of empires ii\empires2.icd
FirewallRules: [{FAC2ACB2-A4E2-4558-8474-669117E6CD91}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age of Empires 2 Age of Kings + The Conquerors by sielxm3d\age2_x1\age2_x1.exe
FirewallRules: [{15F50065-909B-4C76-BFF1-788E2974AE39}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\Age of Empires 2 Age of Kings + The Conquerors by sielxm3d\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{DBB64425-7E80-4F81-969F-060757ED064D}C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\aoc.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\aoc.exe
FirewallRules: [UDP Query User{D0DAB642-303B-4F90-BCCB-DF969474F241}C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\aoc.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\aoc.exe
FirewallRules: [{9325D9BC-FC5E-4276-93F2-BC8C63D1B461}] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\aoc.exe
FirewallRules: [{45574AA3-57E5-4F87-AED3-C56F3F8269BC}] => (Block) C:\program files (x86)\microsoft games\age of empires ii\age of empires 2 age of kings + the conquerors by sielxm3d\age2_x1\aoc.exe
FirewallRules: [{EB74F2DA-3551-43E2-83BD-309FE16FB5B8}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{0A676B75-C6A5-418D-9BAB-A12E0B333E21}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{A32DB852-180B-48B8-8456-BBA244CF531B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{A65B4D8C-7858-4AF2-B0D6-9F84EF6D20A3}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{8E30B778-8AA8-4EBB-98F8-3F4FA2EDA6B4}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [UDP Query User{B04A9B50-6C92-40FB-89E6-94147145055B}C:\program files (x86)\voobly\voobly.exe] => (Allow) C:\program files (x86)\voobly\voobly.exe
FirewallRules: [TCP Query User{FCD6B5C5-4F66-4192-AE1B-E4773B54C57A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{E3B1DFD9-A5D4-4869-837B-26E3E60332C5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F29BDFA3-C54E-4706-A73D-565C0BB6D7E3}C:\program files (x86)\tvmc\tvmc.exe] => (Allow) C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [UDP Query User{505B92E8-F277-44BE-9101-42E5A1AE5ACE}C:\program files (x86)\tvmc\tvmc.exe] => (Allow) C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [{5C7C01DA-16FB-468A-93A1-F5201A620811}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{519AB799-BD6B-4CE2-A48B-A8ADDE2A8533}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{49DC4E30-9A18-44A6-B6AE-FE2E9DC0D35C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{616A3EA7-0C50-4C65-9D2F-EBEA5C0425EE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D725A95B-4F6D-45E9-A975-C6E2A898622E}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{F65E4ED0-59F4-4379-BCD6-66860DEE4A33}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{447B7103-1838-4B79-BD04-9178568C4593}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F828FECB-7D55-453B-B2AC-1E27971384FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{B15BF452-5C09-43BF-93D9-5577FC1F7221}C:\users\stellarspc\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\stellarspc\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [UDP Query User{915E9BF5-1E0C-4DBB-9CBF-1F6460C4E771}C:\users\stellarspc\appdata\roaming\couchpotato\application\couchpotato.exe] => (Allow) C:\users\stellarspc\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{73983F56-927A-4A76-A4FC-AC9748B5144B}] => (Block) C:\users\stellarspc\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{39C45D3C-0FA9-478E-9F81-237830F465E6}] => (Block) C:\users\stellarspc\appdata\roaming\couchpotato\application\couchpotato.exe
FirewallRules: [{6A4C1FB3-BF96-4372-A529-879C76BE45DD}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{E8823FF6-FA01-444E-B4B8-81DF962FBD19}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{89ED961C-2EC5-4CC9-A6BC-7F01E114FF35}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{8E0B98B9-D4D5-4F68-8644-678A8CA4AE6C}] => (Allow) LPort=8989
FirewallRules: [{DC542B3B-B472-4918-969C-61ACA0E75FBD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{13F2E6FC-A03A-4056-8169-BCA810EC7118}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{033C561D-9F82-4137-8C13-37C7308685AD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{67145A4E-D282-4446-9306-C4844C844783}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5FB5630C-6ADC-4356-9CB4-6053994D6E82}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{9D2D0946-A86A-4516-BBD9-6268ABF21577}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{899CF563-E0C0-4849-90E7-4483949B8878}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BC6B7277-859D-48FE-8AF0-4C284A706248}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{DC013E74-DDB7-47BE-94D7-0BF060FCD16B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E01341BC-514C-46D4-8AAA-E9608CE53A83}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{06829874-D14B-4825-BCE6-0CBA23A936D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4158184D-F66A-4B4B-AE1C-DCEBC41C7FE0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AAAF9C42-A5FB-4C89-BB8D-6571181C10CB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{256EE076-3900-4E3E-98E9-54251509C1C4}C:\python27\pythonw.exe] => (Allow) C:\python27\pythonw.exe
FirewallRules: [UDP Query User{36C7011E-5D4A-486F-87C3-EF0633BAD6F1}C:\python27\pythonw.exe] => (Allow) C:\python27\pythonw.exe
FirewallRules: [{57AFDFC2-5D9B-41C1-A7C7-4C46B7EE3018}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{03600764-2ADD-490F-9B94-A05867108D24}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [UDP Query User{F99B10BB-A69C-4624-A30C-907675E7ED5F}C:\python27\python.exe] => (Allow) C:\python27\python.exe
FirewallRules: [{4A7DC795-71CF-461F-AB40-8BE5DAB40120}] => (Block) C:\python27\python.exe
FirewallRules: [{9D69B314-EF42-4DEE-B1A1-D57F697E169C}] => (Block) C:\python27\python.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

27-01-2016 15:50:03 PC Decrapifier Restore Point
31-01-2016 11:55:34 Removed AVG
03-02-2016 16:10:15 Installed Python 2.7.11

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/06/2016 09:52:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: StellarsPC-HP)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca

Error: (02/06/2016 09:52:57 PM) (Source: DCOM) (EventID: 10010) (User: StellarsPC-HP)
Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca


CodeIntegrity:
===================================
  Date: 2016-02-03 21:48:22.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-31 12:32:08.523
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:08.351
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:08.258
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:08.148
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:08.055
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:07.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:07.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:06.881
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-01-31 12:32:04.681
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 8174.52 MB
Available physical RAM: 4918.97 MB
Total Virtual: 8686.52 MB
Available Virtual: 5223.45 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.73 GB) (Free:252.47 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.24 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (AGE2_X1) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C99AE8FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 06 February 2016 - 10:12 PM

.Not sure what you mean by the Proxy question... not really familiar with "is there a proxy about your info"

 

proxy.nfl2go.com:1234

Did you set these proxy settings?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 06 February 2016 - 10:15 PM

Oh, sorry. Yes I set those proxy settings.

#8 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 07 February 2016 - 05:21 PM

Hi Warrior50,
 
Remove the following software.

C:\Program Files (x86)\Free Window Registry Repair
Bing Rewards Client Installer
herdProtect Anti-Malware Scanner
Should I Remove It-Reason Software

==================================================================
 
P2P:
I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.
======================================================================================

Step 1:
FRST Script:

Please download this attached  Attached File  Fixlist.txt   9.57KB   7 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

 

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 

Have a great day.


Edited by olgun52, 07 February 2016 - 06:19 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 08 February 2016 - 09:11 PM

Olgun52,

Thanks for taking the time to assist me. I deleted the all of the files you told me to with the exception of "Bing Rewards Client Installer" I couldn't seem to locate it. It also didn't come up in a search....

As far as the P2P. Thank you for the advice and the links I will consider removing uTorrent going forward.

I hope I did steps 1 through 4 correctly. I posted all of the logs below. Let me know what would be the next step.... thanks again



Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by StellarsPC (2016-02-08 18:53:52) Run:1
Running from C:\FRST
Loaded Profiles: StellarsPC (Available Profiles: StellarsPC & Mcx1-STELLARSPC-HP & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Task: {0FFC55D5-EAF2-49DF-88BC-E8D2826B279F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1324562B-3A56-42E6-AA26-C031D8FE6CD7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {279E2C22-0E72-4237-AE0D-32D3EA5E43D6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {463B5444-3F33-48CB-B539-EA5D858E522D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {56866FD5-0BED-48D9-BA4A-91896CACBDBC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7E07C5D2-1EE1-4542-BFD6-AF1CC085A7C4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {82DD6937-AF75-406A-B658-DE1A8566FE79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B15896BE-D1BC-479C-8434-DDDF865F3FB6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B3B758F8-49A4-4230-81BD-5C5C8096696D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C0321E92-3E59-4139-8628-DA9C1903B3DC} - \boosterpop -> No File <==== ATTENTION
Task: {C18052DE-950B-4A4D-8483-E69921D857BA} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] ()
Task: {CE06253C-1B63-4C48-A8AF-C1DEF8048284} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E2CDD59E-24F8-47B5-84A2-CA7A9F394247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F396CEF0-40D7-4B6D-99AF-876F725816AE} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615piz"
Task: C:\WINDOWS\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope ComcastSearch URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search
SearchScopes: HKLM -> ComcastSearch URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search
SearchScopes: HKLM -> {02DAE60D-991B-4B0D-8A41-4A844FECF688} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM-x32 -> {02DAE60D-991B-4B0D-8A41-4A844FECF688} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> ComcastSearch URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfactiv_self_search
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {02DAE60D-991B-4B0D-8A41-4A844FECF688} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111202&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3863878881-14844189-1490774679-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
FF ProfilePath: C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-14]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-01-26] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-26] [not signed]
U3 idsvc; no ImagePath
2016-01-27 00:25 - 2016-01-27 00:26 - 368009078 _____ C:\Users\StellarsPC\Desktop\registry save.reg
2016-01-27 00:19 - 2016-02-06 16:52 - 00001344 _____ C:\Users\StellarsPC\Desktop\Should I Remove It.lnk
2016-01-27 00:19 - 2016-01-27 00:19 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2016-01-27 00:19 - 2016-01-27 00:19 - 00000000 ____D C:\Program Files (x86)\Reason
2016-01-27 00:12 - 2016-01-27 00:12 - 02178872 _____ (Reason Software Company Inc.) C:\Users\StellarsPC\Downloads\ShouldIRemoveIt_Setup.exe
2016-01-25 17:52 - 2016-01-25 17:52 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\RepairTasks
2016-01-23 15:30 - 2016-01-23 16:35 - 00000297 _____ C:\Users\StellarsPC\AppData\Local\.meteorsession
2016-01-23 15:25 - 2016-01-23 15:25 - 00000000 ____D C:\Users\StellarsPC\AppData\Local\PaxHeader
2016-01-23 15:23 - 2016-01-23 15:23 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\java
2016-01-23 10:19 - 2016-01-27 07:23 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\FileBot
2016-01-22 20:18 - 2016-01-23 05:59 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\CouchPotato
C:\WINDOWS\Tasks\HPCeeScheduleForStellarsPC.job
2016-02-06 14:23 - 2014-08-03 10:33 - 00000000 __SHD C:\Users\StellarsPC\AppData\Local\EmieUserList
2016-02-06 14:23 - 2014-08-03 10:33 - 00000000 __SHD C:\Users\StellarsPC\AppData\Local\EmieSiteList
2016-02-05 17:48 - 2011-09-18 17:49 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\uTorrent
2016-01-31 17:25 - 2011-09-22 22:25 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\Apple Computer
2016-01-31 12:46 - 2011-09-24 16:53 - 00000000 ____D C:\Users\StellarsPC\AppData\Roaming\vlc
C:\Users\StellarsPC\AppData\Local\TSVNCache
C:\WINDOWS\SysWOW64\AI_RecycleBin
C:\ProgramData\Package Cache
2013-05-21 06:34 - 2014-06-25 01:20 - 0003737 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2016-01-23 15:30 - 2016-01-23 16:35 - 0000297 _____ () C:\Users\StellarsPC\AppData\Local\.meteorsession
2011-09-30 15:02 - 2014-05-29 13:35 - 0004260 _____ () C:\ProgramData\lxdu.log
2011-09-30 15:12 - 2012-09-09 19:12 - 0000887 _____ () C:\ProgramData\lxduDiagnostics.log
2012-01-19 18:52 - 2014-05-27 18:24 - 0008490 _____ () C:\ProgramData\lxduJSW.log
2014-05-29 13:42 - 2014-05-29 13:42 - 1421900 _____ () C:\ProgramData\SPL4A95.tmp
2013-12-17 23:26 - 2013-12-17 23:26 - 1613652 _____ () C:\ProgramData\SPL4B23.tmp
2014-06-30 12:34 - 2014-06-30 12:34 - 2188297 _____ () C:\ProgramData\SPL7F86.tmp
2014-05-03 02:15 - 2014-05-03 02:15 - 0446495 _____ () C:\ProgramData\SPLBC1D.tmp
2013-12-17 22:41 - 2013-12-17 22:41 - 1614720 _____ () C:\ProgramData\SPLD17.tmp
C:\Users\StellarsPC\AppData\Local\Temp\7za.exe
C:\Users\StellarsPC\AppData\Local\Temp\avguirn_081644869246.exe
C:\Users\StellarsPC\AppData\Local\Temp\avguirn_081958593532.exe
C:\Users\StellarsPC\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\StellarsPC\AppData\Local\Temp\msvcp120.dll
C:\Users\StellarsPC\AppData\Local\Temp\msvcr120.dll
C:\Users\StellarsPC\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\StellarsPC\AppData\Local\Temp\sqlite3.dll
C:\Users\StellarsPC\AppData\Local\Temp\xmlUpdater.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
Hosts:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FFC55D5-EAF2-49DF-88BC-E8D2826B279F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FFC55D5-EAF2-49DF-88BC-E8D2826B279F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1324562B-3A56-42E6-AA26-C031D8FE6CD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1324562B-3A56-42E6-AA26-C031D8FE6CD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{279E2C22-0E72-4237-AE0D-32D3EA5E43D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{279E2C22-0E72-4237-AE0D-32D3EA5E43D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{463B5444-3F33-48CB-B539-EA5D858E522D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{463B5444-3F33-48CB-B539-EA5D858E522D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56866FD5-0BED-48D9-BA4A-91896CACBDBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56866FD5-0BED-48D9-BA4A-91896CACBDBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E07C5D2-1EE1-4542-BFD6-AF1CC085A7C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E07C5D2-1EE1-4542-BFD6-AF1CC085A7C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82DD6937-AF75-406A-B658-DE1A8566FE79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DD6937-AF75-406A-B658-DE1A8566FE79}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B15896BE-D1BC-479C-8434-DDDF865F3FB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B15896BE-D1BC-479C-8434-DDDF865F3FB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3B758F8-49A4-4230-81BD-5C5C8096696D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3B758F8-49A4-4230-81BD-5C5C8096696D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0321E92-3E59-4139-8628-DA9C1903B3DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0321E92-3E59-4139-8628-DA9C1903B3DC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C18052DE-950B-4A4D-8483-E69921D857BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C18052DE-950B-4A4D-8483-E69921D857BA}" => key removed successfully
C:\WINDOWS\System32\Tasks\0715avUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0715avUpdateInfo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE06253C-1B63-4C48-A8AF-C1DEF8048284}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE06253C-1B63-4C48-A8AF-C1DEF8048284}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2CDD59E-24F8-47B5-84A2-CA7A9F394247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2CDD59E-24F8-47B5-84A2-CA7A9F394247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F396CEF0-40D7-4B6D-99AF-876F725816AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F396CEF0-40D7-4B6D-99AF-876F725816AE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => key not found.
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3863878881-14844189-1490774679-1000\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0615piz" => value not found.
C:\WINDOWS\Tasks\0715avUpdateInfo.job => moved successfully
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-3863878881-14844189-1490774679-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ComcastSearch" => key removed successfully
HKCR\CLSID\ComcastSearch => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02DAE60D-991B-4B0D-8A41-4A844FECF688}" => key removed successfully
HKCR\CLSID\{02DAE60D-991B-4B0D-8A41-4A844FECF688} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{02DAE60D-991B-4B0D-8A41-4A844FECF688}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02DAE60D-991B-4B0D-8A41-4A844FECF688} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ComcastSearch" => key removed successfully
HKCR\CLSID\ComcastSearch => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02DAE60D-991B-4B0D-8A41-4A844FECF688}" => key removed successfully
HKCR\CLSID\{02DAE60D-991B-4B0D-8A41-4A844FECF688} => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}" => key removed successfully
HKCR\CLSID\{9B97950D-482C-1D79-568F-FC7B9D40C785} => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-3863878881-14844189-1490774679-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
FF ProfilePath: C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020 => FRST is scripted not to move this directory.
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully
idsvc => service removed successfully
C:\Users\StellarsPC\Desktop\registry save.reg => moved successfully
C:\Users\StellarsPC\Desktop\Should I Remove It.lnk => moved successfully
C:\Users\StellarsPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It => moved successfully
"C:\Program Files (x86)\Reason" => not found.
C:\Users\StellarsPC\Downloads\ShouldIRemoveIt_Setup.exe => moved successfully
C:\Users\StellarsPC\AppData\Local\RepairTasks => moved successfully
C:\Users\StellarsPC\AppData\Local\.meteorsession => moved successfully
C:\Users\StellarsPC\AppData\Local\PaxHeader => moved successfully
C:\Users\StellarsPC\AppData\Roaming\java => moved successfully
C:\Users\StellarsPC\AppData\Roaming\FileBot => moved successfully
C:\Users\StellarsPC\AppData\Roaming\CouchPotato => moved successfully
C:\WINDOWS\Tasks\HPCeeScheduleForStellarsPC.job => moved successfully
C:\Users\StellarsPC\AppData\Local\EmieUserList => moved successfully
C:\Users\StellarsPC\AppData\Local\EmieSiteList => moved successfully
C:\Users\StellarsPC\AppData\Roaming\uTorrent => moved successfully
C:\Users\StellarsPC\AppData\Roaming\Apple Computer => moved successfully
C:\Users\StellarsPC\AppData\Roaming\vlc => moved successfully
C:\Users\StellarsPC\AppData\Local\TSVNCache => moved successfully
C:\WINDOWS\SysWOW64\AI_RecycleBin => moved successfully
C:\ProgramData\Package Cache => moved successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
"C:\Users\StellarsPC\AppData\Local\.meteorsession" => not found.
C:\ProgramData\lxdu.log => moved successfully
C:\ProgramData\lxduDiagnostics.log => moved successfully
C:\ProgramData\lxduJSW.log => moved successfully
C:\ProgramData\SPL4A95.tmp => moved successfully
C:\ProgramData\SPL4B23.tmp => moved successfully
C:\ProgramData\SPL7F86.tmp => moved successfully
C:\ProgramData\SPLBC1D.tmp => moved successfully
C:\ProgramData\SPLD17.tmp => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\7za.exe => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\avguirn_081644869246.exe => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\avguirn_081958593532.exe => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\msvcp120.dll => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\pc-decrapifier.exe => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\StellarsPC\AppData\Local\Temp\xmlUpdater.exe => moved successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{623034B7-C575-4E3D-8C55-44751B657FEA} canceled.
{C845551B-DB92-4B6C-949B-4E6D8D0C9A40} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:55:40 ====






# AdwCleaner v5.031 - Logfile created 26/01/2016 at 23:52:22
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : StellarsPC - STELLARSPC-HP
# Running from : C:\Users\StellarsPC\Downloads\adwcleaner_5.031.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AGI
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Portable Booster
[-] Folder Deleted : C:\Program Files (x86)\ReactorExtender
[-] Folder Deleted : C:\ProgramData\AGI
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\Users\StellarsPC\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\StellarsPC\AppData\Local\StartNow
[-] Folder Deleted : C:\Users\StellarsPC\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\StellarsPC\AppData\LocalLow\AGI
[-] Folder Deleted : C:\Users\StellarsPC\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\StellarsPC\AppData\Roaming\pccustubinstaller
[-] Folder Deleted : C:\Users\StellarsPC\AppData\Roaming\SearchProtect

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\searchplugins\safeguard-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : IEError
[-] Task Deleted : AI_Updater

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\68638585-8c21-0f4c-4f5b-5fcbdbf1f7a2
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\AGI
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\PIP
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Zugo
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\AGI
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\S-1-5-21-3863878881-14844189-1490774679-500\Software\AGI
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKCU\Software\Classes\pokki

***** [ Web browsers ] *****

[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.FF19Solved", "true");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.UserID", "UN18941265562772219");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.fullUserID", "UN18941265562772219.IN.20140103110619");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.installDate", "03/01/2014 11:06:20");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.installSessionId", "{DBACA21B-EC32-4928-A0E2-A5959AC0E587}");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.installSp", "TRUE");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.keyword", "true");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.originalHomepage", "hxxp://www.msn.com/");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.originalSearchEngine", "Bing");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.originalSearchEngineName", "Bing");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.searchRevert", "true");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.searchUserMode", "2");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.smartbar.homepage", "true");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.toolbarInstallDate", "03-01-2014 11:06:19");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.versionFromInstaller", "10.23.0.722");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("CT3306061.xpeMode", "0");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN18941265562772219&UM=2&UP=SP1BD985BB-57F7-450A-ADF3-CD09A5A704E5");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=21888&r=2015/03/03&hid=11333966050720926999&lg=EN&cc=US&unqvl=84&l=1&q=");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.param.yahoo-fr", "chr-greentree_ff&ilc=12&type=714647");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("extensions.IWy4CtacMZH4MFYn.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjwHrHr4qTgEqja6rTa4rTg4pjU\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("extensions.M4feqORK28h9PKIF.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjwHrHr4qTgEqja6rTa4rTg4pjU\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN18941265562772219&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN18941265562772219&UM=2&q=");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "AWHEIVOUMTUAO2V+KDBZX9TSNWO2BVV0VIIQN/EDXQXHXE77/P+OR0HIQM0KQDCF7DCHUQ5PYID84LVO49DIGA");
[-] [C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js] [Preference] Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN18941265562772219&UM=2&SearchSource=13");
[-] [C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15310 bytes] ##########
# AdwCleaner v5.033 - Logfile created 08/02/2016 at 19:06:22
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : StellarsPC - STELLARSPC-HP
# Running from : C:\Users\StellarsPC\Downloads\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\ProgramData\Avg_Update_0715av
[-] Folder Deleted : C:\ProgramData\{9eea057c-192c-33ee-9eea-a057c19215f0}

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils

***** [ Web browsers ] *****

[-] [C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\StellarsPC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [16645 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by StellarsPC (Administrator) on Mon 02/08/2016 at 19:48:32.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 39

Successfully deleted: C:\ai_recyclebin (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{02E002E1-840C-4835-ADBF-DABF2A126855} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{0FB70188-3B9F-485F-B0DA-240670CAF2D4} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{1182C66C-B576-4ACA-9B25-0F099E6722E2} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{239CECA4-2E3E-4579-A281-A23EBA5E4600} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{308BEF5F-6C66-4ADA-9B4F-5ECBB7384CDE} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{3ED493E8-255C-4B18-B557-2B5D739466D2} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{42083A41-02AF-4521-841E-2D6645CD77A4} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{51A179EE-1D4D-4848-B551-06FC9DDDAFA6} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{52DC7439-6F00-404C-8EE9-C2F4780DF00F} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{6216D33F-F1C8-42B3-BE10-E0BDDA6B0107} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{71FCF31F-62AB-4B66-8E0A-40710CE48FD7} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{7F1EF26D-16E0-4D31-8133-1EE57AE9B9C1} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{984C66EA-1240-480F-9EDD-3E4CC8C25406} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{AF00A8C5-578C-4A02-AF94-21DEBCD4E6BE} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{B1298B43-D962-402F-ADAD-8F7B492ABB12} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{B8EF86AE-3B9D-439D-8500-63722AA20192} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{C43138B9-0690-4C3C-9FDE-B0773F4E8EE3} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{CF63AB09-2A03-4C45-B34A-371569E0A43F} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{D49423BF-BF23-41B4-8367-0580F43640A7} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{D90C9168-BF99-4A33-BF77-BBDBD8B9C1CC} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{E358CEF6-4566-420E-9C4C-0D380410AA0A} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{E419F86D-D1FA-4B7A-9A97-70E612BCDAA2} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{E4EEDF2D-20EB-4BC5-AEAE-B57FEEB657A5} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{F3C149BB-F0D5-4C41-8668-974596ABC10F} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{F51A2585-AE68-4F6E-A5BF-7DEC80D97536} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{F90B1C5B-7B00-4104-B7BA-45DD08EFA05D} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{F946D9B6-AFF7-41DB-A930-FEC13FA76CD1} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\{FB408CC9-8FA5-4BA2-89B0-CA874FB37CD1} (Empty Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Roaming\2912 (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi (File)
Successfully deleted: C:\Program Files (x86)\pc drivers headquarters (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1C7JSQSC (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45VU8N2R (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFCNNR4Y (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6XMF350 (Folder)
Successfully deleted: C:\Users\StellarsPC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPTRR0HL (Folder)
Successfully deleted: C:\WINDOWS\SysWOW64\sho43F0.tmp (File)

Deleted the following from C:\Users\StellarsPC\AppData\Roaming\Mozilla\Firefox\Profiles\7j3a24qy.default-1361043797020\prefs.js
user_pref(extensions.IWy4CtacMZH4MFYn.url, hxxp://syncjpi.info/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsFpdY5tMqLDe49CNU0llrMCMlNhd9FqjaHrdrFqjr5qjgMBzqUojw8rdrErHw8qdsHrSh7hfs0pihP



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/08/2016 at 19:51:06.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~











Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/8/2016
Scan Time: 7:53 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.08.05
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: StellarsPC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 518982
Time Elapsed: 31 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




 



#10 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 09 February 2016 - 02:34 PM

Olgun52,
Thanks for taking the time to assist me....

You're welcome. I also thank you.

==========================================

Thank you for the Logs. Please do the following.

  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

==========================================================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program.
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Include All Browser Extensions > Tick the box next
  • Smart scan settings to replace as deep scan
  • Close all open files, folders and browsers
  • Click scan now and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.

Note: I created this new guide. Hopefully the language a mistake is not .


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 09 February 2016 - 05:39 PM

Olgun52,

 

I cleared out the java stuff and also ran the Zemana deep scan. Here is the report.

 

Zemana AntiMalware 2.19.2.852 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/2/9
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-2600S CPU @ 2.80GHz
BIOS Mode              : Legacy
CUID                   : 00DE0F0F9963FE49A0462D
Scan Type              : Deep Scan
Duration               : 26m 12s
Scanned Objects        : 398095
Detected Objects       : 15
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Yes
Include All Extensions : Yes
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Hewlett-Packard Company CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BA98DBA730139DE63826C2078C250E5D749664BD\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BA98DBA730139DE63826C2078C250E5D749664BD\Blob = 0400000001000000100000000EC8FB64635B259EBE781C4B13024283140000000100000014000000056E34835B4F6EC294129D4362DE1BD97031FEBF030000000100000014000000BA98DBA730139DE63826C2078C250E5D749664BD0200000001000000BC0000001C0000006C0000000100000020000000000000000000000001000000340034006100390031003800370064002D0031006100340062002D0034003800610064002D0061003700370035002D0037003700330065003800620034006200300064006200300000000000000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F007600690064006500720000000F000000010000001400000001BB28B82F158C430F94491D9AE2D8E3B4BBD417190000000100000010000000806587141295FF482E1302C85E1947632000000001000000D1020000308202CD30820236A0030201020208595F58B8282BBF97300D06092A864886F70D01010505003032310B3009060355040613025553312330210603550403131A4865776C6574742D5061636B61726420436F6D70616E79204341301E170D3132303330313031323033325A170D3231303232373031323033325A3032310B3009060355040613025553312330210603550403131A4865776C6574742D5061636B61726420436F6D70616E7920434130819F300D06092A864886F70D010101050003818D0030818902818100EEF3A3FCF5EDDB82218E6657ACD34BF076549DFC7C7FFB929D21D772A21BE5069E302ECC72EF0119D1DCFA24196EC897E9EE3A75FA77F230498677071A8A50946469E38402769F3879066E38F66D933F9B79F3C160544178044236178023F4E36DCD9FE2FF2C5AADFC789F899B101B6633C2FD3543DB8DC5CB1DAE0C4804576F0203010001A381EB3081E8300E0603551D0F0101FF04040302010630120603551D130101FF040830060101FF020104301106096086480186F8420101040403020106301D0603551D0E04160414056E34835B4F6EC294129D4362DE1BD97031FEBF30610603551D23045A30588014056E34835B4F6EC294129D4362DE1BD97031FEBFA136A4343032310B3009060355040613025553312330210603550403131A4865776C6574742D5061636B61726420436F6D70616E792043418208595F58B8282BBF97302D06096086480186F842010D0420161E436572746966696361746520697373756564206279204C6F674D65496E2E300D06092A864886F70D010105050003818100E452F51463D60EBE6E664ED92A559D18564B491576A0C9496FBCA8701DA237EA511ABD62A81460C0EF9B104E9D27CD0EA2F1B835675D0DEBB150307D27974F3A2C5679E9C76CB3291B3729F28095B6DCC0881FD781B2F84C4ED7D9B226E07AC0A946E59DC0D3ED6194C03A0FA3C7848ABCA16DDCDC3F7A8B9EE9BA677A6E23A8

VeriSign Class 3 Code Signing 2009-2 CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob = 0F000000010000001400000003F55B4DB5C35C83945318021724039001E009DA190000000100000010000000C763A218002B666458293666AF69E0960300000001000000140000005557C0953FBD9F93745B214FB2483E9369B597F0140000000100000014000000B9ADA723835784199FC276D5825FA7C23E48FF3204000000010000001000000099B1C78A5C6B6AEFC006A4CE425DB1ED2000000001000000E7040000308204E3308203CBA0030201020210109F1DAAAFB83315A6B64A6EED82D816300D06092A864886F70D01010505003081B6310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F7270612028632930393130302E06035504031327566572695369676E20436C617373203320436F6465205369676E696E6720323030392D32204341301E170D3039313130343030303030305A170D3132313130333233353935395A3081A0310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65204369747931143012060355040A140B445420536F6674204C7464313E303C060355040B13354469676974616C20494420436C6173732033202D204D6963726F736F667420536F6674776172652056616C69646174696F6E207632311430120603550403140B445420536F6674204C746430819F300D06092A864886F70D010101050003818D003081890281810098D43C8BDBF9ABF7B0628E0F5C146E0A20D1177F550643082387488EE46B0270ECF7BD62C4C5F14D3FA8568F9CCEEA469BF325CEA2065E76369298C78194B8252461C5E59E24A024947858009AFD811564366E756A85089E52C116B191829AE93AEC4747D99F2301A3DEFC43266B466F4F19293658594BD9A98BE92D245B2F2F0203010001A38201833082017F30090603551D1304023000300E0603551D0F0101FF04040302078030440603551D1F043D303B3039A037A0358633687474703A2F2F637363332D323030392D322D63726C2E766572697369676E2E636F6D2F435343332D323030392D322E63726C30440603551D20043D303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F72706130130603551D25040C300A06082B06010505070303307506082B0601050507010104693067302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303F06082B060105050730028633687474703A2F2F637363332D323030392D322D6169612E766572697369676E2E636F6D2F435343332D323030392D322E636572301F0603551D2304183016801497D06BA82670C8A13F941F082DC4359BA4A11EF2301106096086480186F84201010404030204103016060A2B06010401823702011B040830060101000101FF300D06092A864886F70D010105050003820101006B0B1C2813CAE3A009B57810C2DA153DB4342DA632717A0374BAE9A489F87877DAEF4A72A960BAFD1A41E2A08C6B17BD39DEA86D5C52DDB4CAA00A57DF07F3766103DE0D8FF3C8396D86C9F8BAB4C90F13A13212CED23339697F48B67541173AF9B17D83C5178982D556F4C56BBCB1A764B2CF70667B95AAF44C4A12E74D3BA4BB93FB9FA414AF5638E89CCEE9A40C47857C61FF8C57551BE1959E60C10DE477AD52457CBA23DB9753BF5FB5E2C31F13619AACA720A2C287DBE0D91C29F5D8862E203476D126A4922FFDC5FDB63EFFEA611582485AF7F28209C4BB133ED0CA06316DEA5FB40058F94B52245DEAF8DD5173CC18955870F6388C73EC8135699D89

Proxy Server (User)
Status             : Scanned
Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = proxy.nfl2go.com:1234

Default
Status             : Scanned
Object             : %programfiles%\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Default

Adblock Plus
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\7j3a24qy.default-1361043797020\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
MD5                : F4741D13447199718BB610E392A9DECD
Publisher          : -
Size               : 1001911
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Adblock Plus
                File - %appdata%\mozilla\firefox\profiles\7j3a24qy.default-1361043797020\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Gmail
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Gmail

Chrome Web Store Payments
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Chrome Web Store Payments

CouchPotato
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\jochingjncojldfclaicaomboafaiong
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - CouchPotato

Google Docs Offline
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Google Docs Offline

Google Sheets
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\felcaaldnbdncclmgdcncolpebgiejap
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Google Sheets

Google Search
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Google Search

YouTube
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - YouTube

Google Drive
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\apdfllckaahabafndbhieahigkjlhalf
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Google Drive

Google Docs
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\aohghmighlieiainnegkcijnfilokake
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Google Docs

Google Slides
Status             : Scanned
Object             : %localappdata%\google\chrome\user data\default\extensions\aapocclcgogkmnckokdopfmhonfmgoek
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Browser Extension
Cleaning Action    : Repair
Traces             :
                Browser Extension - Google Slides


Cleaning Result
-------------------------------------------------------
Cleaned               : 15
Reported as safe      : 0
Failed                : 0
 



#12 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 10 February 2016 - 10:03 AM

Hi Warrior50,

Thank you. Please do;

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 10 February 2016 - 04:24 PM

Olgun52,

 

Here is the rogue killer report

 

 

 

 

RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : StellarsPC [Administrator]
Started from : C:\Users\StellarsPC\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/10/2016 16:20:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\VideoConverter -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[PUP][Folder] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found
[PUP][Folder] C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} -> Found
[PUP][Folder] C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} -> Found
[PUP][Folder] C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} -> Found
[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] 7j3a24qy.default-1361043797020 : user_pref("network.proxy.http", "proxy.nfl2go.com"); -> Found
[PUM.Proxy][FIREFX:Config] 7j3a24qy.default-1361043797020 : user_pref("network.proxy.http_port", 1234); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 3ae9c6f2d5b3f93f5de4e0fe8dd60974
[BSP] 62672c14592b948487885038584a20cd : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941803 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1929019392 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929940992 | Size: 11514 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Lexmark USB Mass Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 



#14 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:03 PM

Posted 10 February 2016 - 04:55 PM

Hi,

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUP][Folder] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} -> Found
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found
[PUP][Folder] C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} -> Found
[PUP][Folder] C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} -> Found
[PUP][Folder] C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} -> Found
[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

=====================================================================================
Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

===================================================================================
Run sfc /scannow from Elevated Command

  • Click Start and Type cmd
  • Right click on cmd.jpg and select runasadministrator.jpg
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Type the following at the Command Prompt and press Enter
    sfc /scannow
  • Upon completion, if you are notified corrupted files were found and repaired please do the following
  • Navigate to the following location, zip the file and attach it to your response

    C:\Windows\Logs\CBS\CBS.log
  • If sfc /scannow detected corrupted files please reboot your computer to see if you notice any difference
  • Then reboot and let me know how it is.

NOTE: This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
==================================

 

How is now ?
 


Edited by olgun52, 10 February 2016 - 04:55 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 Warrior50

Warrior50
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 11 February 2016 - 10:34 AM

Olgun 52,
 
I have attached the two seperate reports/logs. I can't seem to find where to attach the zip of the sfc scan? Am I losing it?  I am still getting the MMC has detected a snap in error and will unload it when I try to access Computer management. Overall, the PC seems to be running smoothly. I have that issue and another one which I think is seperate. It is when I try to open itunes I get a Error 7 windows error 126.... not sure if that is related.

 

 
 
RogueKiller V11.0.11.0 [Feb  8 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : StellarsPC [Administrator]
Started from : C:\Users\StellarsPC\Desktop\RogueKiller.exe
Mode : Delete -- Date : 02/10/2016 21:11:28

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\VideoConverter -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[PUP][Folder] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} -> Deleted
[PUP][File] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}\0x0409.ini -> Deleted
[PUP][File] C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}\HP Support Assistant.msi -> Deleted
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Deleted
[PUP][Folder] C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} -> Deleted
[PUP][Folder] C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} -> Deleted
[PUP][Folder] C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} -> Deleted
[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] 7j3a24qy.default-1361043797020 : user_pref("network.proxy.http", "proxy.nfl2go.com"); -> Not selected
[PUM.Proxy][FIREFX:Config] 7j3a24qy.default-1361043797020 : user_pref("network.proxy.http_port", 1234); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 3ae9c6f2d5b3f93f5de4e0fe8dd60974
[BSP] 62672c14592b948487885038584a20cd : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941803 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1929019392 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929940992 | Size: 11514 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Lexmark USB Mass Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
C:\Users\StellarsPC\Documents\MAGIX Downloads\Installationsmanager\slideshow_maker_2_en-us_110128_2_0_0_8.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    
C:\Documents and Settings\StellarsPC\Documents\MAGIX Downloads\Installationsmanager\slideshow_maker_2_en-us_110128_2_0_0_8.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted
C:\FRST\Quarantine\C\Users\StellarsPC\AppData\Roaming\uTorrent\updates\3.3.1_30003.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting
C:\FRST\Quarantine\C\Users\StellarsPC\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe    a variant of Win32/OpenCandy.A potentially unsafe application    cleaned by deleting
C:\FRST\Quarantine\C\Users\StellarsPC\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe    a variant of Win32/OpenCandy.A potentially unsafe application    cleaned by deleting
C:\swsetup\ISOs\Vision Diagnostics.ISO    HTML/Iframe.B trojan    deleted
C:\Windows\Installer\18d8cf35.msi    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted
C:\Windows\Installer\18d8cf39.msi    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users