Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNSunlocker, among other things.


  • This topic is locked This topic is locked
16 replies to this topic

#1 jaxsta

jaxsta

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 March 2016 - 08:57 PM

I was lucky enough to come back from holidays to find someone had infected my PC.
I ran Adwcleaner and have attached the log from that.
I've also run Farbar and have attached the logs from that.
Please help me remove these annoying pups!
Malwarebytes and Adaware seem to pick them up but they continue to return.
Thanks in advance!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by jac (administrator) on JAC-PC (08-03-2016 12:49:08)
Running from C:\Users\Jac.000\Downloads
Loaded Profiles: QBDataServiceUser24 & jac (Available Profiles: Jac & QBDataServiceUser24 & Administrator & jac & Support & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(PrintFleet Inc) C:\Program Files (x86)\Printer DCA\PrinterDCA.Service.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\Reckon Accounts 2015\QBDBMgrN.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
() C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
(Spotify Ltd) C:\Users\Jac.000\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(FUJIFILM Corporation) C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\NielsenOnline64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598912 2015-05-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [116088 2015-09-03] (The Nielsen Company)
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Run: [Weather Tracker3] => C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe [2955790 2008-05-16] ()
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Run: [Spotify Web Helper] => C:\Users\Jac.000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-03] (Spotify Ltd)
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk [2016-01-19]
ShortcutTarget: ExifLauncher2.lnk -> C:\Program Files (x86)\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
Startup: C:\Users\Jac.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Printer DCA.lnk [2016-01-19]
ShortcutTarget: Printer DCA.lnk -> C:\Program Files (x86)\Printer DCA\PrinterDCA.exe (PrintFleet Inc)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restartsdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.6 192.168.1.1 8.8.8.8
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{50C9D884-D5EA-4BA5-8CB5-CA5D4A1EBE4F}: [DhcpNameServer] 10.4.182.22 10.4.81.105
Tcpip\..\Interfaces\{BCF2FA87-6019-4E19-8DBD-8795B38CFA20}: [DhcpNameServer] 192.168.1.6 192.168.1.1 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://au.yahoo.com/
SearchScopes: HKLM -> DefaultScope {92A9F246-4F23-4624-9BF5-CAFFAD1A55D6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {92A9F246-4F23-4624-9BF5-CAFFAD1A55D6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {793435B8-4BD0-4AD7-992E-7FDA316CD82F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {793435B8-4BD0-4AD7-992E-7FDA316CD82F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {25AC1CF6-0B89-4B23-A9C2-399EBA6B99A7} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {793435B8-4BD0-4AD7-992E-7FDA316CD82F} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {92A9F246-4F23-4624-9BF5-CAFFAD1A55D6} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-02-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1399332279586
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jac.000\AppData\Roaming\Mozilla\Firefox\Profiles\tjeg7dcx.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1453156773&z=dc7d8fdbd2b0ede57c09819g6zdw4c1gewbqdmam9c&from=exp1&uid=st500dm002-1bd142_z3txkhnmxxxxz3txkhnm
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [2007-03-10] (Yahoo! Inc.)
FF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi [2016-03-08]
FF Extension: No Name - C:\Users\Jac.000\AppData\Roaming\Mozilla\Firefox\Profiles\tjeg7dcx.default\extensions\deskCutv2@gmail.com [not found]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2016-02-29]
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-30]
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbgodfidfimmjgeapafonbdkkkndpmp [2014-05-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Store) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogifjbmmfhbbajgajkbkehoeddlbdane [2016-03-01]
CHR Extension: (Gmail) - C:\Users\Jac.000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321976 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [5176832 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [198616 2015-05-19] (AVG Technologies CZ, s.r.o.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-08] (Macrovision Europe Ltd.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-13] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2965368 2015-09-03] (The Nielsen Company)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Printer DCA; C:\Program Files (x86)\Printer DCA\PrinterDCA.Service.exe [80472 2015-05-12] (PrintFleet Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2015-03-03] (Intuit) [File not signed]
R2 QuickBooksDB24; C:\Program Files (x86)\Intuit\Reckon Accounts 2015\QBDBMgrN.exe [126832 2015-03-03] (iAnywhere Solutions, Inc.) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-21] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [15224 2015-09-03] (The Nielsen Company)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127752 2015-05-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [32008 2015-05-19] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28936 2015-05-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307464 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [49416 2015-11-18] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [39176 2015-05-19] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384776 2015-05-19] (AVG Technologies CZ, s.r.o.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-07-13] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-24] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-13] (Intel Corporation)
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [26488 2015-09-03] (The Nielsen Company)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 12:44 - 2016-03-08 12:44 - 00042990 _____ C:\Users\Jac.000\Desktop\AdwCleaner[S2].txt
2016-03-08 11:51 - 2016-03-08 12:44 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 11:51 - 2016-03-08 11:51 - 01524224 _____ C:\Users\Jac.000\Downloads\adwcleaner_5.101.exe
2016-03-07 13:46 - 2016-03-08 12:49 - 00025004 _____ C:\Users\Jac.000\Downloads\FRST.txt
2016-03-07 13:46 - 2016-03-07 13:47 - 00047681 _____ C:\Users\Jac.000\Downloads\Addition.txt
2016-03-07 13:45 - 2016-03-08 12:49 - 00000000 ____D C:\FRST
2016-03-07 11:02 - 2016-03-07 11:02 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\LavasoftStatistics
2016-03-07 11:02 - 2016-03-07 11:02 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\Lavasoft
2016-03-07 11:02 - 2016-03-07 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-03-07 11:01 - 2016-03-07 11:01 - 00000000 ____D C:\Program Files\Lavasoft
2016-03-07 11:01 - 2016-03-07 11:01 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-03-07 11:00 - 2016-03-07 11:00 - 02085168 _____ C:\Users\Jac.000\Downloads\Adaware_Installer (1).exe
2016-03-07 11:00 - 2016-03-07 11:00 - 00000000 ____D C:\ProgramData\Lavasoft
2016-03-07 10:51 - 2016-03-07 10:51 - 02374144 _____ (Farbar) C:\Users\Jac.000\Downloads\FRST64.exe
2016-03-07 10:33 - 2016-03-07 10:33 - 00302721 _____ C:\Users\Jac.000\Desktop\6901.pdf
2016-03-04 13:52 - 2016-03-04 14:16 - 00049248 _____ C:\Users\Jac.000\Desktop\delatite.eps
2016-03-03 13:16 - 2016-03-03 13:16 - 00000542 _____ C:\Users\Jac.000\Downloads\radiotab_http.asx
2016-03-02 15:29 - 2016-03-02 15:29 - 01782990 _____ C:\Users\Jac.000\Downloads\2008-572.pdf
2016-02-29 09:44 - 2016-02-29 09:44 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-29 09:43 - 2016-02-29 10:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-29 09:43 - 2016-02-29 09:43 - 11441744 _____ (SurfRight B.V.) C:\Users\Jac.000\Downloads\HitmanPro_x64.exe
2016-02-29 09:35 - 2016-02-29 10:44 - 00000000 ____D C:\Users\Jac.000\Desktop\New folder (2)
2016-02-29 08:58 - 2016-02-29 08:59 - 11735568 _____ C:\Users\Jac.000\Downloads\Criniti's Southbank Signage.zip
2016-02-16 13:52 - 2016-02-16 13:52 - 00033056 _____ C:\Users\Jac.000\Downloads\CallsYetToBeBilled_Service_0417533941 (3).csv
2016-02-16 11:55 - 2016-02-16 11:55 - 00176113 _____ C:\Users\Jac.000\Downloads\manifest_conn_8219416.pdf
2016-02-16 11:55 - 2016-02-16 11:55 - 00031984 _____ C:\Users\Jac.000\Downloads\labels_8219416.pdf
2016-02-12 13:36 - 2016-02-12 13:36 - 84602040 _____ (Adobe Systems Incorporated) C:\Users\Jac.000\Downloads\AcroRdrDC1501020056_en_US.exe
2016-02-12 13:30 - 2016-02-12 13:30 - 01193696 _____ (Adobe Systems Incorporated) C:\Users\Jac.000\Downloads\readerdc_uk_ha_install (1).exe
2016-02-11 11:24 - 2016-02-11 11:24 - 00091731 _____ C:\Users\Jac.000\Downloads\order-1073034.pdf
2016-02-08 13:29 - 2016-02-08 13:34 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\HightailExpress
2016-02-08 13:29 - 2016-02-08 13:29 - 00001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail.lnk
2016-02-08 13:29 - 2016-02-08 13:29 - 00000000 ____D C:\Program Files (x86)\Hightail
2016-02-08 13:21 - 2016-02-08 13:25 - 25057072 _____ (Hightail ) C:\Users\Jac.000\Downloads\HightailExpress-2_15_0.exe
2016-02-08 13:21 - 2016-02-08 13:21 - 00003174 _____ C:\Windows\System32\Tasks\{5A12D187-B10D-427C-8D7F-FF1D4065A7BA}
2016-02-08 13:17 - 2016-02-08 13:19 - 12351032 _____ (Hightail, inc) C:\Users\Jac.000\Downloads\HightailForOutlook-3.2.0.3245.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 12:47 - 2014-05-05 15:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-08 12:46 - 2014-05-05 13:09 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2016-03-08 12:46 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 12:40 - 2009-07-14 15:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 12:40 - 2009-07-14 15:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-08 12:31 - 2014-05-05 15:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-08 10:15 - 2014-05-06 15:08 - 00000000 ____D C:\Users\Jac.000\AppData\Local\Spotify
2016-03-08 10:14 - 2014-05-06 15:07 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\Spotify
2016-03-08 09:42 - 2014-05-05 16:42 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2016-03-08 09:40 - 2015-07-15 14:32 - 00000000 _____ C:\Users\Jac.000\Documents\RA2015Port
2016-03-07 12:36 - 2014-05-23 15:10 - 00000000 ____D C:\Users\Jac.000\AppData\Local\CrashDumps
2016-03-07 11:12 - 2016-01-21 14:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-07 11:10 - 2015-05-18 09:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-07 10:55 - 2009-07-14 15:45 - 00000000 ____D C:\Windows\Setup
2016-03-04 09:15 - 2012-01-11 08:51 - 00000000 ____D C:\Users\Jac.000\Documents\Jac
2016-03-01 08:50 - 2015-08-06 09:26 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-02-29 13:33 - 2015-04-08 14:56 - 00000000 ____D C:\Program Files (x86)\betternet
2016-02-29 10:25 - 2015-12-21 12:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-29 10:23 - 2014-01-12 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-29 10:06 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\Vss
2016-02-22 15:33 - 2014-12-15 13:58 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-18 13:30 - 2014-09-22 10:51 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\Nitro PDF
2016-02-18 08:33 - 2015-11-19 08:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 13:51 - 2009-07-14 16:13 - 00788134 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-16 13:51 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2016-02-16 11:04 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-16 09:32 - 2014-05-14 16:57 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\uTorrent
2016-02-15 08:26 - 2014-01-12 20:56 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-15 08:26 - 2014-01-12 20:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-12 12:15 - 2014-05-05 14:10 - 00000000 ____D C:\Users\Jac.000\AppData\Roaming\Adobe
2016-02-11 09:45 - 2016-01-27 16:14 - 02191774 _____ C:\Users\Jac.000\Desktop\label.cdr
2016-02-08 13:28 - 2014-06-30 09:54 - 00000000 ____D C:\Users\Jac.000\AppData\Local\Downloaded Installations

==================== Files in the root of some directories =======

2015-05-20 13:21 - 2015-05-20 13:21 - 0000214 _____ () C:\Users\Jac.000\AppData\Roaming\JAC-PC.MTBF.txt
2014-09-26 15:26 - 2015-02-19 16:01 - 0001057 _____ () C:\Users\Jac.000\AppData\Roaming\vso_ts_preview.xml
2015-08-24 12:45 - 2015-10-07 11:26 - 0007622 _____ () C:\Users\Jac.000\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\administrator.CAMDENNEON\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Jac.000\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jac.000\AppData\Local\Temp\Execute2App.exe
C:\Users\Jac.000\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Jac.000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jac.000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jac.000\AppData\Local\Temp\Kies3RemoveAll.exe
C:\Users\Jac.000\AppData\Local\Temp\msvcp90.dll
C:\Users\Jac.000\AppData\Local\Temp\msvcr90.dll
C:\Users\Jac.000\AppData\Local\Temp\qbinstal.dll
C:\Users\Jac.000\AppData\Local\Temp\sqlite3.dll
C:\Users\Jac.000\AppData\Local\Temp\stlport_r50.dll
C:\Users\Jac.000\AppData\Local\Temp\yvertr.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-01 10:32

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by jac (2016-03-07 13:46:39)
Running from C:\Users\Jac.000\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-05-05 02:04:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2430836748-2867125501-803252372-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2430836748-2867125501-803252372-501 - Limited - Disabled)
Jac (S-1-5-21-2430836748-2867125501-803252372-1000 - Administrator - Enabled) => C:\Users\Jac
QBDataServiceUser24 (S-1-5-21-2430836748-2867125501-803252372-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser24

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: AVG Internet Security Business Edition 2012 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security Business Edition 2012 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security Business Edition 2012 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Advanced PDF Password Recovery (HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Advanced PDF Password Recovery) (Version: 5.0 - ElcomSoft Co. Ltd.)
Amazon Kindle (HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{AFC15190-0A9A-C2C0-B28D-BB2A188506B7}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2265 - AVG Technologies)
AVG 2012 (Version: 12.0.4365 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2265 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
calibre 64bit (HKLM\...\{53078727-80C2-4F4F-9E36-093133F73F3B}) (Version: 1.36.0 - Kovid Goyal)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
EN (x32 Version: 13.0 - Corel Corporation) Hidden
FastStone Image Viewer 5.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
FinePixViewer Resource (HKLM-x32\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.5 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.5 - FUJIFILM Corporation)
FinePixViewer YTUPL (HKLM-x32\...\{65EB09A3-993B-401E-8936-C9708CBFAB26}) (Version: 1.0 - FUJIFILM Corporation)
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hightail Express (HKLM-x32\...\{713070E1-C384-4BA1-8747-81D73846DBA0}) (Version: 2.15.0 - Hightail)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MyDriveConnect 4.0.6.2383 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.6.2383 - TomTom)
Nielsen (HKLM-x32\...\NetSight) (Version: - )
Nitro Pro 8 (HKLM\...\{522D6D76-B109-4C83-BA3C-D26D08391EBC}) (Version: 8.0.10.7 - Nitro)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Pinnacle Studio 18 - Install Manager (HKLM\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.234 - Corel Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Printer DCA (HKLM-x32\...\{9AA817F6-2017-4984-9669-E13DD07CE72A}) (Version: 4.4.30213 - PrintFleet Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
Reckon Accounts Premier: Accountant Edition 2015 (HKLM-x32\...\{0999E133-4B10-4801-B373-18C9BB2B98EA}) (Version: - Reckon Ltd)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SignLab DesignPro (C:\CADlink\SignLab 9.1) (HKLM-x32\...\{93F8AEAC-FF33-4305-8616-63973FE5AEFF}) (Version: 9.1 - CADlink Technology Corporations)
Spotify (HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.62 - NesterSoft Inc.)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Weatherzone Tracker v2.03 (HKLM-x32\...\Weatherzone Tracker_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)
Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )
YouSendIt Plug-in for Outlook (HKLM-x32\...\InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116}) (Version: 2.15.0 - YouSendIt)
YouSendIt Plug-in for Outlook (x32 Version: 2.15.0 - YouSendIt) Hidden
Youtube Music Downloader 8.4 (HKLM-x32\...\{00AA23A3-F4F7-4805-AA6B-4C2A74F3AB2B}_is1) (Version: 8.4 - YoutubeMusicDownloader.us LLC.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3C5A1AA6-C222-425B-9ED8-A865C401CD54} - System32\Tasks\{73CF6137-2C5D-C59B-3721-4EE37810AB23} => C:\Windows\system32\regsvr32.exe [2009-07-14] (Microsoft Corporation)
Task: {4047FACF-2FDF-4917-84E3-E6AC923960CC} - System32\Tasks\{5A12D187-B10D-427C-8D7F-FF1D4065A7BA} => pcalua.exe -a C:\Users\Jac.000\Downloads\HightailForOutlook-3.2.0.3245.exe -d C:\Users\Jac.000\Downloads
Task: {65A579D3-8911-42DE-8D32-38942C6EE9EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9CD55162-3770-46B8-9FE6-519B7B77239D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {A783D368-0E32-402C-A23A-8B1A60C04421} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {ACF97DEE-132B-4004-9D42-5F0397048EF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C616761D-6867-4864-B4B3-0C7B21F686A2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {CFADAD0A-6920-4D6A-ACC9-A21E966F1B4C} - \{04780847-047D-0D7D-7E11-090F0A09117E} -> No File <==== ATTENTION
Task: {FF75C477-DF19-4FF0-85F2-029D3CFE5F63} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-06 09:27 - 2011-03-01 09:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-21 12:53 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-29 07:59 - 2016-02-05 00:53 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-05-05 14:25 - 2008-05-16 15:41 - 02955790 _____ () C:\Program Files (x86)\Weatherzone Tracker\weather_tracker.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2014-05-05 14:26 - 2016-03-07 10:57 - 00126976 _____ () C:\Users\Jac.000\AppData\Local\Temp\mProjector2783293641\mPlayer.3.1.1e.dll
2014-05-05 14:26 - 2016-03-07 10:57 - 00012288 _____ () C:\Users\Jac.000\AppData\Local\Temp\mProjector2783293641\File.3.1.1e.mfx
2014-05-05 14:26 - 2016-03-07 10:57 - 00011776 _____ () C:\Users\Jac.000\AppData\Local\Temp\mProjector2783293641\Registry.3.1.1e.mfx
2014-05-05 14:26 - 2016-03-07 10:57 - 00027136 _____ () C:\Users\Jac.000\AppData\Local\Temp\mProjector2783293641\System.3.1.1e.mfx
2014-05-05 14:26 - 2016-03-07 10:57 - 00192512 _____ () C:\Users\Jac.000\AppData\Local\Temp\mProjector2783293641\Flash6MovieV2.3.1.1e.mvx
2015-12-07 08:12 - 2015-09-03 14:32 - 00568184 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\communication.dll
2015-09-17 16:37 - 2015-09-03 14:34 - 00568184 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\nsmmc.dll
2014-07-03 10:36 - 2007-02-16 21:01 - 00081920 _____ () C:\Program Files (x86)\FinePixViewer\wia_register_event.dll
2014-05-05 16:57 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-12-07 08:12 - 2015-09-03 14:33 - 00648056 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npchromeinstaller.dll
2015-12-07 08:12 - 2015-09-03 14:33 - 00855928 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npfirefoxprocessor.dll
2015-12-07 08:12 - 2015-09-03 14:33 - 00160120 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npsp1.dll
2015-12-07 08:12 - 2015-09-03 14:33 - 00237944 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npsurvey.dll
2015-12-07 08:12 - 2015-09-03 14:33 - 00233848 _____ () C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\npwmi.dll
2014-01-12 21:02 - 2013-09-13 08:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-02-29 07:59 - 2016-02-05 00:24 - 01073856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-02-29 07:59 - 2016-02-29 08:00 - 00464584 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2014-05-05 15:56 - 2010-07-06 11:10 - 00238592 _____ () c:\program files (x86)\corel\coreldraw graphics suite 13\draw\Plugins\corToSignLab.cpg

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3246 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3347 [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\Control Panel\Desktop\\Wallpaper -> C:\Users\Jac.000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.6 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{33833D2C-54D5-492D-8896-0DEBCEC76270}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ECF61024-E43F-49F4-BBB5-43488298C277}] => (Allow) LPort=2869
FirewallRules: [{425CB2F4-6845-4BDA-A46A-6D734E0CB5AE}] => (Allow) LPort=1900
FirewallRules: [{F9B23BBF-E6E6-4DE1-B787-ABF28AE77B4E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A861E85D-B55C-4B78-B0F7-E1596F09DC13}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{92DA32A7-77D5-4017-8962-B8A3CD04DB23}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{56159CC5-303E-4ED9-95C3-58A7BA917C39}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [TCP Query User{11856618-F18E-4F0D-82B7-CE3BE90435A9}C:\users\jac.000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jac.000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AFFF2581-02F1-4937-9893-39B4593C0D2A}C:\users\jac.000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jac.000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{21616212-0FBB-408F-A7BF-9C340335EC4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B7CE707-7BAB-48BC-81C7-979EED671B21}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5D49C4E-4753-4DDB-A812-5C6C1F012BDF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D2A178FE-34F0-4B5F-8E92-5F91FAB6496B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F7B6F07A-C6C7-41B4-866A-7C3855183572}] => (Allow) C:\Users\Jac.000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7DB3204C-F3A7-4AE3-9246-47505EE980AB}] => (Allow) C:\Users\Jac.000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D27F4D37-D664-445E-94E4-C771FFEC300E}C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe] => (Allow) C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe
FirewallRules: [UDP Query User{02882CE6-FC2B-4FDC-A7F6-606CB2A42446}C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe] => (Allow) C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe
FirewallRules: [TCP Query User{BE5C1A31-F222-4E26-8594-A4C137EC7A4F}C:\program files (x86)\netgear\stora desktop applications\quickconnect\axentrasmartshortcut.exe] => (Allow) C:\program files (x86)\netgear\stora desktop applications\quickconnect\axentrasmartshortcut.exe
FirewallRules: [UDP Query User{675EC1C4-81D3-4145-857F-420F9C4A3536}C:\program files (x86)\netgear\stora desktop applications\quickconnect\axentrasmartshortcut.exe] => (Allow) C:\program files (x86)\netgear\stora desktop applications\quickconnect\axentrasmartshortcut.exe
FirewallRules: [TCP Query User{14C11B82-4261-4C43-BEFF-08FEEC1D66FE}C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe] => (Allow) C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe
FirewallRules: [UDP Query User{C28B1E1B-21F2-4998-B015-1C79BA74A0EF}C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe] => (Allow) C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe
FirewallRules: [{F5968209-0775-445F-A8A7-57B39AE9EA5C}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{0C540110-D7DF-465B-B450-33E1CDC354D9}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{96AF4BE3-9405-4060-854C-5EAC2A1B85A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{D8057542-15AE-4F3B-9475-42105780374F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{F5C01013-896E-4993-9AAF-08A8206DF525}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
FirewallRules: [{83AA5206-0135-4402-881F-41D42E7AF9CB}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
FirewallRules: [{1A935AFA-5F0F-4BA8-8E96-69E85A66CCBE}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{FF9BA358-4A3B-4123-A074-9F227196DD9D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{E968418E-D6FC-4403-B5B3-04D368C6EF76}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{58F25580-3E1F-4034-9FB4-7D05BDC34CC2}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{65880780-550B-4A27-A7CD-43B4B1F6632B}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{56608068-A75E-40D5-9079-99C753EFAF90}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{B71DDD66-EE7D-4879-9018-96E38DB01EA9}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{36FF9BB4-AF45-4E5D-A535-85F9EFDBB391}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{C01F6FA2-B684-4713-8046-A5D284BF5721}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{35AFCAD4-A4F0-44BB-B7A5-A485507EA407}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CBCEB7FC-AD20-4819-96E0-C49F85A0D14E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{922B6A81-FCE7-4961-9264-25E41E317640}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{17568A11-74F5-4D3F-ABF7-671E69F65730}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{169D23DD-F78E-485C-99BD-2A1920241EB0}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{AD9F07B2-7EAB-486B-BB9C-99721A764E03}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60BC97AA-F3FB-4063-8FAC-92DA6292E950}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5D498D6-2817-42BF-A232-24CDAC19F070}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F893A926-905C-4991-97AD-5649DC17E82A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E85278B5-14C3-40C6-8FFF-DC32B05D13AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A074CDBF-8B0A-4B9E-8A5C-B4739616717F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3D38CBD8-23F5-4AA8-8E05-AAE7B9569335}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D8288BDA-BEA3-4C36-B7D3-61ACE39A1BFB}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{E5E97A22-87DF-492F-854C-D9C97C0F5245}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{8988517C-AA89-496F-AD1F-0A70549646C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{444192B6-13AA-4A39-9C41-9CBBF26BD773}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{AB831B30-A661-4F0C-B586-AAC4F855E334}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
FirewallRules: [{B64023F2-4069-43A8-AD8C-4BDA2B135A5D}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
FirewallRules: [{C80AE178-DEF4-49C8-9407-F2BF0007BAE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{159A2C33-59AF-4C47-BB3E-630D69F3932B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{F34C2984-5DD3-46E0-A90F-5E6FB1B83EB9}] => (Allow) C:\Users\Jac.000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{6AD73291-77C1-4177-BDF7-D379E9D94DB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DD12EF9D-D0F5-4956-8F9A-9411932CD17B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-02-2016 00:00:01 Scheduled Checkpoint
03-03-2016 16:52:07 Scheduled Checkpoint
07-03-2016 11:00:36 AA11

==================== Faulty Device Manager Devices =============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2016 12:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x3daea000
Faulting process id: 0x2358
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/07/2016 10:57:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2016 10:56:44 AM) (Source: PrintFleet Enterprise) (EventID: 0) (User: )
Description: Process: PrinterDCA.Service
Level: Error
Time: 2016-03-07 10:56:44.6098
[PrinterDCA.Service] This DCA has not been activated! Please activate to use the DCA's functionality

Process ID: 1988
Thread ID: 11

Error: (03/07/2016 10:56:34 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (03/07/2016 07:59:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2016 07:59:17 AM) (Source: PrintFleet Enterprise) (EventID: 0) (User: )
Description: Process: PrinterDCA.Service
Level: Error
Time: 2016-03-07 07:59:17.8174
[PrinterDCA.Service] This DCA has not been activated! Please activate to use the DCA's functionality

Process ID: 2360
Thread ID: 9

Error: (03/07/2016 07:58:39 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (03/04/2016 01:38:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CorelDRW.exe version 13.0.0.576 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ed0

Start Time: 01d174cbb957ac58

Termination Time: 23

Application Path: C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe

Report Id: 266564a3-e1b2-11e5-9060-f8b156c932db

Error: (03/04/2016 12:39:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2a76f000
Faulting process id: 0x1bd4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/03/2016 03:17:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17689, time stamp: 0x54e68526
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2ecf5000
Faulting process id: 0x1fb8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3


System errors:
=============
Error: (03/07/2016 10:56:30 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

Error: (03/07/2016 10:56:24 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CAMDENNEON due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/07/2016 10:54:58 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CAMDENNEON due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/07/2016 09:44:00 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1054) (User: CAMDENNEON)
Description: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

Error: (03/07/2016 09:34:39 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1054) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

Error: (03/04/2016 12:35:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/03/2016 08:02:12 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CAMDENNEON due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/01/2016 12:32:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/01/2016 12:32:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/01/2016 12:32:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


CodeIntegrity:
===================================
Date: 2014-05-05 13:32:03.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-05 13:32:03.200
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-05 13:32:03.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-05 13:32:03.145
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\vscore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 47%
Total physical RAM: 8134.18 MB
Available physical RAM: 4259.33 MB
Total Virtual: 16266.56 MB
Available Virtual: 12502.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.47 GB) (Free:265.87 GB) NTFS
Drive f: (CADLINK) (Removable) (Total:1.84 GB) (Free:1.84 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6A2222F5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1.8 GB) (Disk ID: 69737369)
No partition Table on disk 2.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 07 March 2016 - 09:18 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 07 March 2016 - 09:35 PM

Greetings jaxsta and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Welcome back, I guess. :)

Please consider and do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Ad-Aware Antivirus (you should only have one Antivirus program installed)
Spybot - Search and Destroy

  • Reboot your computer
===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {25AC1CF6-0B89-4B23-A9C2-399EBA6B99A7} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {793435B8-4BD0-4AD7-992E-7FDA316CD82F} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {92A9F246-4F23-4624-9BF5-CAFFAD1A55D6} URL =
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
C:\Users\administrator.CAMDENNEON\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Jac.000\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jac.000\AppData\Local\Temp\Execute2App.exe
C:\Users\Jac.000\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Jac.000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jac.000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jac.000\AppData\Local\Temp\Kies3RemoveAll.exe
C:\Users\Jac.000\AppData\Local\Temp\msvcp90.dll
C:\Users\Jac.000\AppData\Local\Temp\msvcr90.dll
C:\Users\Jac.000\AppData\Local\Temp\qbinstal.dll
C:\Users\Jac.000\AppData\Local\Temp\sqlite3.dll
C:\Users\Jac.000\AppData\Local\Temp\stlport_r50.dll
C:\Users\Jac.000\AppData\Local\Temp\yvertr.dll
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3246 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3347 [0]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk - Running Commands and Performing a Scan

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected
  • Click More Options and place a check mark in the following boxes:

Do a Deep Scan
Auto Clean

  • Click Run Script and wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Zoek log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 March 2016 - 10:38 PM

Hi Gary!
Thanks for getting back to me.
I followed your instructions as close as I could as follows:

 

Removed:
Ad-Aware
utorrent

I could not find spybot - search and destroy in the list.

Farbar log as per below

 

Zoek - I had issues with this,
I downloaded to desktop then right clicked and ran as administrator. It took well over a minute to run. After selecting options as mentioned and clicking run script I got a pop up message - error running script, continue? I selected yes.
After a while I got an error message - the system cannot find the path specified and and empty notepad window.

 

System summary as attached.

Awaiting your response :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by jac (2016-03-08 13:47:00) Run:1
Running from C:\Users\Jac.000\Desktop
Loaded Profiles: QBDataServiceUser24 & jac (Available Profiles: Jac & QBDataServiceUser24 & Administrator & jac & Support & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {25AC1CF6-0B89-4B23-A9C2-399EBA6B99A7} URL =
SearchScopes: HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {793435B8-4BD0-4AD7-992E-7FDA316CD82F} URL =
SearchScopes:
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {92A9F246-4F23-4624-9BF5-CAFFAD1A55D6} URL =
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
C:\Users\administrator.CAMDENNEON\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Jac.000\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jac.000\AppData\Local\Temp\Execute2App.exe
C:\Users\Jac.000\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Jac.000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jac.000\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jac.000\AppData\Local\Temp\Kies3RemoveAll.exe
C:\Users\Jac.000\AppData\Local\Temp\msvcp90.dll
C:\Users\Jac.000\AppData\Local\Temp\msvcr90.dll
C:\Users\Jac.000\AppData\Local\Temp\qbinstal.dll
C:\Users\Jac.000\AppData\Local\Temp\sqlite3.dll
C:\Users\Jac.000\AppData\Local\Temp\stlport_r50.dll
C:\Users\Jac.000\AppData\Local\Temp\yvertr.dll
AlternateDataStreams:
C:\Windows\SysWOW64\MSIHANDLE:3204 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3246 [0]
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3347 [0]
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25AC1CF6-0B89-4B23-A9C2-399EBA6B99A7}" => key removed successfully
HKCR\CLSID\{25AC1CF6-0B89-4B23-A9C2-399EBA6B99A7} => key not found. 
"HKU\S-1-5-21-3514357735-2482569675-2395232173-1149\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{793435B8-4BD0-4AD7-992E-7FDA316CD82F}" => key removed successfully
HKCR\CLSID\{793435B8-4BD0-4AD7-992E-7FDA316CD82F} => key not found. 
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3514357735-2482569675-2395232173-1149 -> {92A9F246-4F23-4624-9BF5-CAFFAD1A55D6} URL = => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
C:\Users\administrator.CAMDENNEON\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\AcDeltree.exe => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\Execute2App.exe => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\jre-8u31-windows-au.exe => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\Kies3RemoveAll.exe => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\msvcp90.dll => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\msvcr90.dll => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\qbinstal.dll => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\stlport_r50.dll => moved successfully
C:\Users\Jac.000\AppData\Local\Temp\yvertr.dll => moved successfully
AlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\Windows\SysWOW64\MSIHANDLE:3204 [0]" => not found.
C:\Windows\SysWOW64\MSIHANDLE => ":3246" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3347" ADS removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:47:23 ====

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 08 March 2016 - 09:56 AM

Greetings,

Could you update me regarding your computer performance?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 March 2016 - 04:00 PM

Hi Gary,

I've tried to avoid using the internet just in case however I've not noticed anything that shouldn't be there presently.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 08 March 2016 - 08:31 PM

Great, thanks.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 March 2016 - 11:02 PM

Hi Gary,

 

eset log:

 

C:\Users\Jac.000\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\zoek\in\RECYCLE.BIN\S-1-5-21-3514357735-2482569675-2395232173-1149\$R9H4JIX.mp4 Win32/CoinMiner.YG trojan deleted
C:\zoek\in\USERTEMP\Hotspot Shield\html\scripts\AskToolbar.js Win32/Bundled.Toolbar.Ask.L potentially unsafe application cleaned by deleting
C:\zoek\in\USERTEMP\HYD5523.tmp.1457404710\HTA\install.1457404710.zip a variant of Win32/OpenCandy.G potentially unsafe application deleted
C:\zoek\in\USERTEMP\HYD5523.tmp.1457404710_permissionsCopy\updates\3.4.1_31139.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
C:\zoek\in\USERTEMP\HYD5523.tmp.1457404710_permissionsCopy\updates\3.4.2_38656.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\zoek\in\USERTEMP\tmp7z_0\FirefixTab#0.1.13.xpi JS/Lightning.A potentially unwanted application deleted
C:\zoek_backup\C_Users_Jac.000_Downloads_HSS-3.42-install-hss-686-conduit.exe.vir Win32/Toolbar.Conduit potentially unwanted application deleted
C:\zoek_backup\C_Users_Jac.000_Downloads_Youtube_Music_Downloader_Setup.exe.vir a variant of Win32/OpenCandy.A potentially unsafe application deleted
 
 
Security check log:
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security Business Edition 2012   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Adobe Flash Player 18.0.0.160 Flash Player out of Date!  
 Mozilla Firefox 40.0.3 Firefox out of Date!  
 Google Chrome (48.0.2564.109) 
 Google Chrome (48.0.2564.116) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
 NetRatingsNetSight NetSight nielsenonline.exe  
 NetRatingsNetSight NetSight meter2 NielsenOnline64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
 
System seems to be running well, no pop ups or redirections today!

Jac


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 08 March 2016 - 11:07 PM

We are doing well. Let's update 2 programs. The Java doesn't need to be updated.

===================================================

Update Adobe Flash Player

--------------------
  • Download Adobe Flash Player here and save it to your desktop. Uncheck "Yes, install McAfee Security Scan Plus - optional"
  • Close any open browsers
  • Click on Install Now
  • Click Save File and save the file to your Desktop
  • Double click the Desktop icon
  • Select either Allow Adobe to install updates (recommended) or Notify me to install updates then click Next
  • When completed click Finish
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs update properly?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 March 2016 - 11:15 PM

Hi Gary,

Can I just uninstall firefox? I don't actually use it.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 08 March 2016 - 11:21 PM

Absolutely.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 March 2016 - 11:34 PM

I've unsintalled firefox, and tried to update Flash player.
The page I was directed to says this:

Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 08 March 2016 - 11:38 PM

OK, are you having any issues or have any questions before I post some final information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 March 2016 - 11:40 PM

Everything seems to be running great!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:36 PM

Posted 08 March 2016 - 11:41 PM

Very good.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 jaxsta

jaxsta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 08 March 2016 - 11:42 PM

Thanks Gary!
Your help and prompt responses are very much appreciated.
Is there somewhere I can post some positive feedback for you?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users