Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar found: LinkSwift while EEK found: Application.Win32.WSearch (A)


  • Please log in to reply
28 replies to this topic

#1 chriffan

chriffan

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 09 April 2016 - 03:04 PM

After using several different malware/adware, rootkit, and virus scan tools I attempted to clean up my system of multiple issues. Some of these are recurring and it seems I have an increase in " <====== ATTENTION" entries on the Farbar log from previous scans. Obviously, I don't have the expertise to fix any remaining issues and need help. Here are the 2 Farbar scan logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by xnamex (administrator) on GW01 (09-04-2016 14:06:52)
Running from C:\Users\xnamex\Desktop
Loaded Profiles: xnamex (Available Profiles: xnamex)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\symerr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [400384 2015-03-12] (Seagate)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [839648 2016-03-10] (DivX, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-02-29] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{699D9D75-EC47-4094-9A1F-C4DD8DEE0FE1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-2198574098-558535509-1888455575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?rb=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-01] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.bing.com/?rb=0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Extension: Greasemonkey - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-22]
FF Extension: FlashGot - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-17]
FF Extension: NoScript - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-09]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-03-04]
FF Extension: Adguard AdBlocker - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\adguardadblocker@adguard.com.xpi [2016-03-21]
FF Extension: Card Games - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\jid0-IXmG4qwrVkW0huOdmYFTeeAICBk@jetpack.xpi [2015-11-24]
FF Extension: YouTube™ HD Plus - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2015-11-28]
FF Extension: NoSquint - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\nosquint@urandom.ca.xpi [2015-05-29]
FF Extension: Bluhell Firewall - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-01-21]
FF Extension: gtranslate - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-01-15]
FF Extension: YouTube Flash Video Player - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-25]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon [2016-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.4.24\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-03] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bbcap; C:\Windows\system32\DRIVERS\bbcap.sys [4608 2015-12-08] (Windows ® Codename Longhorn DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\BASHDefs\20160405.001\BHDrvx64.sys [1766640 2016-03-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-03-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-03-29] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\IPSDefs\20160408.001\IDSvia64.sys [767224 2016-02-13] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160408.019\ENG64.SYS [138488 2016-03-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.4.24\Definitions\VirusDefs\20160408.019\EX64.SYS [2148080 2016-03-29] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-03] (Dritek System Inc.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-12-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-06-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-06-10] (Acronis)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-06 16:10 - 2016-04-06 16:10 - 00001878 _____ C:\WINDOWS\system32\.crusader
2016-04-04 15:53 - 2016-04-04 15:55 - 00720224 _____ C:\TDSSKiller.3.1.0.9_04.04.2016_15.53.50_log.txt
2016-04-04 15:50 - 2016-04-04 15:51 - 00008510 _____ C:\TDSSKiller.3.1.0.9_04.04.2016_15.50.56_log.txt
2016-04-03 15:29 - 2016-04-08 11:15 - 00000000 ____D C:\Users\xnamex\AppData\LocalLow\boost_interprocess
2016-04-03 15:29 - 2016-04-03 15:29 - 00000000 ____D C:\Users\xnamex\AppData\Local\DDMSettings
2016-04-02 07:03 - 2016-04-02 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-02 05:27 - 2016-04-02 05:28 - 00706800 _____ C:\TDSSKiller.3.1.0.9_02.04.2016_05.27.08_log.txt
2016-04-02 05:25 - 2016-04-02 05:25 - 00008510 _____ C:\TDSSKiller.3.1.0.9_02.04.2016_05.25.03_log.txt
2016-04-02 03:31 - 2016-04-02 03:32 - 00000258 __RSH C:\Users\xnamex\ntuser.pol
2016-04-01 18:01 - 2016-04-01 18:01 - 00000000 ____D C:\ProgramData\Trend Micro
2016-04-01 17:50 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-04-01 17:47 - 2016-04-01 17:47 - 02527376 _____ (Trend Micro Inc.) C:\Users\xnamex\Downloads\HousecallLauncher64 (1).exe
2016-04-01 14:49 - 2016-04-01 14:49 - 00003640 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2016-04-01 14:49 - 2016-04-01 14:49 - 00001635 _____ C:\Users\xnamex\Desktop\DivX Movies.lnk
2016-04-01 14:49 - 2016-04-01 14:49 - 00001070 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2016-04-01 14:49 - 2016-04-01 14:49 - 00001045 _____ C:\Users\Public\Desktop\DivX Player.lnk
2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Program Files\DivX
2016-04-01 14:48 - 2016-04-01 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-04-01 13:48 - 2016-04-01 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-01 13:48 - 2016-04-01 13:47 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-31 04:26 - 2016-03-31 04:27 - 00000000 ____D C:\ProgramData\Sophos
2016-03-31 04:26 - 2016-03-31 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-31 04:25 - 2016-03-31 04:25 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-03-29 16:50 - 2016-03-29 16:52 - 00661830 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_16.50.31_log.txt
2016-03-29 16:48 - 2016-03-29 16:49 - 00008510 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_16.48.48_log.txt
2016-03-25 12:57 - 2016-03-25 12:57 - 02374144 _____ (Farbar) C:\Users\xnamex\Desktop\FRST64.exe
2016-03-24 05:39 - 2016-03-27 19:11 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-03-24 05:39 - 2016-03-24 05:39 - 00001058 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2016-03-24 05:39 - 2016-03-24 05:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-03-24 05:39 - 2012-05-02 11:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2016-03-24 05:39 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2016-03-24 05:37 - 2016-04-09 13:56 - 00007168 ___SH C:\Users\xnamex\Downloads\Thumbs.db
2016-03-24 05:37 - 2016-03-24 05:37 - 04274096 _____ (BrightFort LLC ) C:\Users\xnamex\Downloads\spywareblastersetup54.exe
2016-03-23 17:45 - 2016-03-23 17:46 - 00009398 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_17.45.54_log.txt
2016-03-23 09:48 - 2016-03-23 09:48 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-23 09:44 - 2016-04-08 15:23 - 00173568 ___SH C:\Users\xnamex\Desktop\Thumbs.db
2016-03-23 05:46 - 2016-03-23 05:46 - 02870984 _____ (ESET) C:\Users\xnamex\Desktop\esetsmartinstaller_enu.exe
2016-03-23 04:16 - 2016-04-06 15:53 - 00146432 ___SH C:\Users\xnamex\Documents\Thumbs.db
2016-03-23 04:09 - 2016-03-23 04:09 - 05658151 _____ (Swearware) C:\Program Files (x86)\ComboFix.exe
2016-03-23 01:27 - 2016-03-23 01:29 - 00665658 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_01.27.17_log.txt
2016-03-22 05:25 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-03-22 05:25 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-22 05:25 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-03-22 05:25 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-03-22 05:25 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-03-22 05:25 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-03-22 05:25 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-22 05:25 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-22 05:25 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-03-22 05:25 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-22 05:25 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-22 05:24 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-22 05:24 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-22 05:24 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-03-22 05:24 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-03-22 05:24 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-03-22 05:24 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-22 05:24 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-03-22 05:24 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-03-22 05:24 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-22 05:24 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-03-22 05:24 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-03-22 05:24 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-03-22 05:24 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-03-22 05:24 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-03-22 05:24 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-22 05:24 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-22 05:24 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-22 05:24 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-03-22 05:24 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-03-22 05:24 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-22 05:24 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-03-22 05:24 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-03-22 05:24 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-03-22 05:24 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-03-22 05:24 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-03-22 05:24 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-22 05:24 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-03-22 05:24 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-22 05:24 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-22 05:24 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-03-22 05:24 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-22 05:24 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-03-22 05:24 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-03-22 05:24 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-03-22 05:24 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-03-22 05:24 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-03-22 05:24 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-03-22 05:24 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-03-22 05:24 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-03-22 05:24 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-03-22 05:23 - 2016-02-06 13:02 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-03-22 05:23 - 2016-02-06 12:35 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-03-22 05:23 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-22 05:23 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-03-22 05:23 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-03-22 05:23 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-03-22 05:23 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-03-22 05:23 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-03-22 05:23 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-03-22 05:23 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-03-22 05:23 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-22 05:23 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-22 05:23 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-03-22 05:22 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-22 05:22 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-22 05:22 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-22 05:22 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-22 05:22 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-22 05:22 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-22 05:22 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-22 05:22 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-03-22 05:22 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-03-22 05:22 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-03-22 05:22 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-03-22 05:22 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-03-22 05:22 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-03-22 05:22 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-03-22 05:22 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-03-22 05:21 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-03-22 03:58 - 2016-03-22 04:01 - 01225828 _____ C:\TDSSKiller.3.1.0.9_22.03.2016_03.58.34_log.txt
2016-03-21 11:57 - 2016-03-23 01:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-21 10:14 - 2016-03-21 10:15 - 00009132 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt
2016-03-21 10:12 - 2016-03-21 10:14 - 01226778 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt
2016-03-19 03:07 - 2016-03-19 03:09 - 00665634 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt
2016-03-19 03:03 - 2016-03-19 03:04 - 00009398 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt
2016-03-12 03:38 - 2016-03-22 02:58 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-12 02:45 - 2016-03-12 02:45 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-12 02:45 - 2016-03-12 02:45 - 00001126 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-12 02:37 - 2016-03-12 02:37 - 00242104 _____ C:\Users\xnamex\Firefox Setup Stub 45.0.exe
2016-03-11 15:14 - 2016-03-11 15:14 - 28777312 _____ (Adlice Software ) C:\Users\xnamex\Downloads\setup (2).exe
2016-03-11 15:06 - 2016-03-11 15:06 - 00000000 ____D C:\SUPERDelete

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 14:06 - 2014-09-05 01:15 - 00000000 ____D C:\FRST
2016-04-09 13:58 - 2013-08-22 22:49 - 00000000 ____D C:\Users\xnamex\AppData\Local\Adobe
2016-04-09 11:13 - 2014-06-04 21:09 - 00000000 ____D C:\Users\xnamex\AppData\Roaming\Free Download Manager
2016-04-09 11:10 - 2014-05-20 13:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-08 19:26 - 2015-12-05 02:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-04-08 19:21 - 2013-07-16 11:51 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2198574098-558535509-1888455575-1001
2016-04-08 17:07 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-08 16:18 - 2016-03-06 09:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-08 16:16 - 2015-11-08 10:24 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-08 15:50 - 2014-07-20 07:36 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-08 12:17 - 2015-05-05 08:22 - 00000000 ____D C:\Users\xnamex\AppData\Roaming\vlc
2016-04-08 09:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-07 12:58 - 2015-07-06 12:25 - 00000000 ____D C:\Users\xnamex\AppData\Roaming\dvdcss
2016-04-07 00:21 - 2015-05-11 15:53 - 00000000 ____D C:\Users\xnamex\Documents\BB FlashBack Movies
2016-04-06 16:16 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-06 16:13 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-06 16:10 - 2015-02-01 03:17 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-05 18:56 - 2014-05-22 23:37 - 00000000 ____D C:\EEK
2016-04-03 15:29 - 2014-05-19 18:23 - 00000000 ____D C:\ProgramData\DivX
2016-04-03 13:23 - 2013-12-31 10:12 - 00000000 ____D C:\Users\xnamex\AppData\Local\NPE
2016-04-02 03:32 - 2014-10-26 21:49 - 00000000 ____D C:\Users\xnamex
2016-04-01 18:37 - 2014-12-07 11:43 - 00630938 _____ C:\Users\xnamex\AppData\Local\census.cache
2016-04-01 18:36 - 2014-12-07 11:43 - 00185822 _____ C:\Users\xnamex\AppData\Local\ars.cache
2016-04-01 18:08 - 2014-12-07 11:40 - 00000010 _____ C:\Users\xnamex\AppData\Local\sponge.last.runtime.cache
2016-04-01 15:04 - 2013-12-31 10:09 - 00091136 _____ C:\Users\xnamex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-01 14:50 - 2014-05-19 18:29 - 00000000 ____D C:\Users\xnamex\AppData\Roaming\DivX
2016-04-01 14:49 - 2014-05-19 18:28 - 00000000 ____D C:\Program Files (x86)\DivX
2016-04-01 13:48 - 2015-09-07 15:04 - 00000000 ____D C:\Users\xnamex\.oracle_jre_usage
2016-04-01 13:48 - 2014-05-30 17:10 - 00000000 ____D C:\ProgramData\Oracle
2016-04-01 13:47 - 2014-08-10 03:37 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-31 09:13 - 2014-12-07 11:35 - 00000000 ____D C:\Users\xnamex\HCBackup
2016-03-31 06:26 - 2014-08-04 07:18 - 00000000 ____D C:\AdwCleaner
2016-03-31 03:25 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-31 02:24 - 2014-05-20 13:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-31 02:22 - 2013-09-16 23:11 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-29 16:46 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-29 02:42 - 2014-07-25 03:26 - 00000000 ____D C:\Users\xnamex\Desktop\mbar
2016-03-29 02:42 - 2014-07-25 03:26 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-28 19:22 - 2013-10-14 09:40 - 00000000 ____D C:\Users\xnamex\AppData\Local\CrashDumps
2016-03-27 19:11 - 2012-12-27 05:10 - 00000000 ____D C:\ProgramData\Temp
2016-03-27 13:13 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-24 23:24 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-23 04:16 - 2015-11-13 16:17 - 00000000 ____D C:\Users\xnamex\Documents\a few pix
2016-03-23 01:11 - 2014-11-01 14:24 - 00000000 ____D C:\Users\xnamex\Documents\First Run - Tube Enhancer Plus_files
2016-03-22 23:59 - 2013-07-16 11:44 - 00000000 ____D C:\Users\xnamex\AppData\Local\Packages
2016-03-22 07:29 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-22 05:39 - 2015-01-18 11:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-22 05:30 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-22 05:28 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-16 11:17 - 2015-05-18 16:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-10 14:09 - 2014-05-20 13:52 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-10 14:08 - 2014-05-20 13:52 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-10 14:08 - 2013-09-16 23:11 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-10-06 11:52 - 2015-10-06 11:52 - 25186399 _____ (Audacity Team                                               ) C:\Program Files (x86)\audacity-win-2.1.1.exe
2016-03-23 04:09 - 2016-03-23 04:09 - 5658151 _____ (Swearware) C:\Program Files (x86)\ComboFix.exe
2015-10-07 01:49 - 2015-10-07 01:50 - 9957947 _____ (                                                            ) C:\Program Files (x86)\ffmpeg-win-2.2.2.exe
2014-05-27 12:10 - 2014-05-27 12:10 - 0921512 _____ (Oracle Corporation) C:\Program Files (x86)\JavaSetup7u55.exe
2015-10-07 01:46 - 2015-10-07 01:46 - 0527423 _____ (                                                            ) C:\Program Files (x86)\Lame_v3.99.3_for_Windows.exe
2016-02-21 11:21 - 2015-12-11 23:50 - 4727984 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\TDSSKiller.exe
2015-12-23 03:30 - 2015-12-23 03:30 - 11543552 _____ () C:\Program Files (x86)\wmm6_win7_64bit.msi
2014-12-07 11:43 - 2016-04-01 18:36 - 0185822 _____ () C:\Users\xnamex\AppData\Local\ars.cache
2014-12-07 11:43 - 2016-04-01 18:37 - 0630938 _____ () C:\Users\xnamex\AppData\Local\census.cache
2013-12-31 10:09 - 2016-04-01 15:04 - 0091136 _____ () C:\Users\xnamex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 11:35 - 2014-12-07 11:35 - 0000036 _____ () C:\Users\xnamex\AppData\Local\housecall.guid.cache
2013-12-26 16:36 - 2014-06-18 03:53 - 0007609 _____ () C:\Users\xnamex\AppData\Local\resmon.resmoncfg
2014-12-07 11:40 - 2016-04-01 18:08 - 0000010 _____ () C:\Users\xnamex\AppData\Local\sponge.last.runtime.cache
2016-01-07 12:39 - 2016-01-14 20:48 - 0000020 ____H () C:\Users\xnamex\AppData\Local\xftredahs.dat

Files to move or delete:
====================
C:\Users\xnamex\directx_mar2009_redist.exe
C:\Users\xnamex\fdminst.exe
C:\Users\xnamex\Firefox Setup Stub 45.0.exe
C:\Users\xnamex\Silverlight_x64.exe


Some files in TEMP:
====================
C:\Users\xnamex\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-09 07:54

==================== End of FRST.txt ============================

 

And the "additional scan"

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by xnamex (2016-04-09 14:07:45)
Running from C:\Users\xnamex\Desktop
Windows 8.1 (X64) (2014-10-27 02:15:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2198574098-558535509-1888455575-500 - Administrator - Disabled)
Guest (S-1-5-21-2198574098-558535509-1888455575-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2198574098-558535509-1888455575-1003 - Limited - Enabled)
xnamex (S-1-5-21-2198574098-558535509-1888455575-1001 - Administrator - Enabled) => C:\Users\xnamex

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAC ACM Codec 1.9 (HKLM-x32\...\AACACM) (Version: 1.9 - fccHandler)
AAC ACM Codec x64 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Blaine's Blends (Translucency and Compositing) (HKLM\...\{2C094D44-8F5E-4F7F-83AE-719B486E7672}) (Version: 2.0.1 - Blaine's Movie Maker Blog)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX ;-) Audio Compressor 4.02 (HKLM-x32\...\DIVXAudioCompressor4.02) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.14.0.3935 - Blueberry)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
K-Lite Mega Codec Pack 10.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.13.0705 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
ShaderTFX version 1.1 (HKLM\...\ShaderTFX_is1) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ECA2FE8-5E13-475C-B3A1-0E7220682FDC} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {1CE5D54B-EF70-49A5-9CB3-FE1969AD058A} - \TidyNetwork Metro -> No File <==== ATTENTION
Task: {26F29407-C7AB-49FD-834D-0A485005C7F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {31DA2B6F-E174-4ACD-87BF-9B7BCE455EFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3B17DAF9-1299-4331-89B5-00C98DA4679D} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {4E54964E-AA24-47E4-817C-A584EABD01B1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {5F641409-9BC8-4B2B-AE9C-06E790D7B2D8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {66C224FA-2C6A-4873-8774-1C357A68DD9F} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC)
Task: {7246ED24-DEDC-4FC2-9677-496B8F328910} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {83C7AFF9-088C-4AC3-B5DB-16B6E4F13C62} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {AA0F398C-788E-4CBC-AA5D-01D1267C630F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
Task: {B454AA0E-18BE-43B0-8842-C56A7E271A36} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {CB3C31F0-AED9-44D9-9437-8C64CF1A1AA3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\xnamex\Documents\Buy Online.lnk -> C:\Program Files\Accessory Store\StartURL.exe () -> hxxp://go.gateway.com/?id=16756
ShortcutWithArgument: C:\Users\xnamex\Desktop\Shortcuts n Scan Tools\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002

==================== Loaded Modules (Whitelisted) ==============

2012-11-02 20:38 - 2012-11-02 20:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-11-02 20:38 - 2012-11-02 20:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
2012-11-02 20:37 - 2012-11-02 20:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
2013-04-03 08:37 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01199013.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07009472.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09830359.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11496083.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11980126.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13066245.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14290675.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14875801.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15101128.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\16389105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17146538.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18353827.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18661625.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18788593.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\24377369.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29263888.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29405276.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31529176.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32975120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33127763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34303917.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34588087.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35366266.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37306567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37698438.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38192888.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40744709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41103970.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46733067.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47087332.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47237907.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49909233.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52884081.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\53949470.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55121977.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56377297.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56654579.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57567528.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58055913.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58653321.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61478501.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62595189.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62675915.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64036247.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64287260.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67007433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67834568.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71019449.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72282977.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75985050.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77089246.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80496355.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81017352.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81125704.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83524349.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83828740.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83866621.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83953777.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\85291042.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\85335402.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91516112.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94664134.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97248415.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01199013.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07009472.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09830359.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11496083.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11980126.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13066245.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14290675.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14875801.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15101128.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\16389105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17146538.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18353827.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18661625.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18788593.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\24377369.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29263888.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29405276.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31529176.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32975120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33127763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34303917.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34588087.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\35366266.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37306567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37698438.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38192888.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40744709.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41103970.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46733067.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47087332.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47237907.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49909233.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52884081.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\53949470.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55121977.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56377297.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56654579.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57567528.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58055913.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58653321.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61478501.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62595189.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62675915.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64036247.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64287260.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67007433.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67834568.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71019449.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72282977.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75985050.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77089246.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\80496355.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81017352.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81125704.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83524349.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83828740.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83866621.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83953777.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\85291042.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\85335402.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91516112.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94664134.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97248415.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\netflix.com -> hxxps://www.netflix.com
IE trusted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\netflix.com -> hxxp://www.netflix.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\1001movie.com -> 1001movie.com

There are 6373 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2016-03-07 16:38 - 00000768 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2198574098-558535509-1888455575-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xnamex\Pictures\Af S.JPG
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-2198574098-558535509-1888455575-1001\...\StartupApproved\Run: => "Uploader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0B42BBC6-FC10-422D-A20B-DC6F8BE818DE}] => (Allow) LPort=1900
FirewallRules: [{ACD1D9AD-5890-4E30-8A18-120BDA5F6404}] => (Allow) LPort=2869
FirewallRules: [{07EED9C0-0047-4A4A-A041-5F1DC5F4D7B5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF2C1506-91B5-4E51-B1D9-78A5F7B7CB61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6BC83448-98B9-472B-BCA6-0C7513934C70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23DB8C55-57B1-4A7B-AF6D-197555A3F54F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E370113C-9763-42D8-9549-8FE40F68035C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69165A90-EEE6-48E2-82C1-D5734EB4F398}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{286A4778-3F49-4816-BC07-80B6A3AB5A36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{460A733C-B168-4012-B1B2-1EC5D24C8857}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\FileExplorer.exe
FirewallRules: [{02A5B7DD-2C1B-410E-AFC2-1C025F45F83B}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
FirewallRules: [{A47E1F46-0C55-4068-813F-2A9366824B6F}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManager.exe
FirewallRules: [{531D019D-1ADC-4733-BD50-EA4EF221F836}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS556F.tmp\SymNRT.exe
FirewallRules: [{109517B2-BEB1-4682-9793-EBD665B554DE}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS556F.tmp\SymNRT.exe
FirewallRules: [{AA00E6BE-1183-4799-B133-AC90449C07F5}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS53D2.tmp\SymNRT.exe
FirewallRules: [{327E7F13-E9A1-4100-9BEC-8950BA7E6CC4}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS53D2.tmp\SymNRT.exe
FirewallRules: [{25000FF4-0B24-4D2B-B80A-EDD4430BC976}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS88E9.tmp\SymNRT.exe
FirewallRules: [{E24CFCD5-F296-4186-9BC0-6A9170176AE0}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS88E9.tmp\SymNRT.exe
FirewallRules: [{50C1578B-CED0-44B4-95F6-3B10C344EAA8}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS339C.tmp\SymNRT.exe
FirewallRules: [{23EC1252-5DA5-44D3-91A1-98E386104E6A}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS339C.tmp\SymNRT.exe
FirewallRules: [{394C9D3A-A86A-4014-B575-C043A546B19E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A52F4F1E-E950-4D25-AB6C-1AA4797B38C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8D7C7C00-633A-438E-8012-02CFE44F1318}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3F5C40CC-5B5E-4F01-A7BC-78E918BBFEA9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{830B98FB-9DCB-46A4-BB08-0E62311359FD}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSFFC5.tmp\SymNRT.exe
FirewallRules: [{64F0F6CC-21BA-4C53-BFC8-84673F15D3F9}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSFFC5.tmp\SymNRT.exe
FirewallRules: [{4989978D-5F32-45C4-9EE0-D1B8277FBF11}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{49B3F29A-B038-4C65-AD6C-2571E9DD7B2F}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{5F20D795-89D8-4F17-B429-51542FE34344}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{AFC51A74-8E92-4398-8A17-F0050D8E334F}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{506D0B3B-A30B-465E-9ADA-A13E5CF9E98D}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{AFD6E0F3-726C-4311-8DB6-538BB4ABF7AE}C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe
FirewallRules: [UDP Query User{92D1BE37-6570-4F38-AE06-AF2C301F6332}C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe
FirewallRules: [TCP Query User{F97B4D30-9D1D-4A2F-B566-1A9B4F00FA22}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [UDP Query User{DE133B3D-4B90-4ADA-BF8F-B3F060D49DCE}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{508CBB6D-7941-406B-A9FD-085CC1EB0F86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9A7345F-BD47-4811-81B3-72045E1BF1AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62D3FCD5-B314-4251-AA5C-2CE75A344BB5}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSCA58.tmp\SymNRT.exe
FirewallRules: [{BB5A081A-6EB6-4E74-99D6-4BDC66A9708B}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSCA58.tmp\SymNRT.exe
FirewallRules: [{9310C802-3768-4751-9C54-377292C96F4D}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS1959.tmp\SymNRT.exe
FirewallRules: [{A21F234B-41A0-4E52-9ABC-B677D60EC3AA}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS1959.tmp\SymNRT.exe

==================== Restore Points =========================

29-03-2016 07:08:44 Checkpoint by HitmanPro
29-03-2016 07:35:59 JRT Pre-Junkware Removal
30-03-2016 13:49:06 JRT Pre-Junkware Removal
01-04-2016 13:27:22 Removed Java 8 Update 73
02-04-2016 05:58:39 JRT Pre-Junkware Removal
03-04-2016 13:13:19 Norton_Power_Eraser_20160403131319067
03-04-2016 14:21:41 JRT Pre-Junkware Removal
05-04-2016 07:36:43 JRT Pre-Junkware Removal
06-04-2016 15:48:12 JRT Pre-Junkware Removal
08-04-2016 15:32:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2016 09:12:07 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/07/2016 04:29:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/07/2016 05:12:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16656906

Error: (04/07/2016 05:12:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16656906

Error: (04/07/2016 05:12:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/06/2016 04:18:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/06/2016 02:10:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15531


System errors:
=============
Error: (04/09/2016 07:55:08 AM) (Source: DCOM) (EventID: 10010) (User: GW01)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/09/2016 07:54:38 AM) (Source: DCOM) (EventID: 10010) (User: GW01)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/09/2016 05:20:05 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/08/2016 01:02:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dritek WMI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.

Error: (04/08/2016 12:09:11 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2016 11:50:02 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/08/2016 09:12:29 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/08/2016 06:46:19 AM) (Source: DCOM) (EventID: 10010) (User: GW01)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/08/2016 06:45:49 AM) (Source: DCOM) (EventID: 10010) (User: GW01)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/08/2016 04:42:39 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 3909.28 MB
Available physical RAM: 2483.52 MB
Total Virtual: 4613.28 MB
Available Virtual: 3060.41 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:448.75 GB) (Free:8.2 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:1397.17 GB) (Free:37.12 GB) NTFS
Drive m: (Movies) (Fixed) (Total:1862.92 GB) (Free:952.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A9FE74C)

Partition: GPT.

========================================================
Disk: 1 (Size: 1397.3 GB) (Disk ID: 2B3A3EA6)
Partition 1: (Active) - (Size=1397.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 8410C6AD)
Partition 1: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thank You

 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 09 April 2016 - 08:02 PM

Hello chriffan and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
You are  using too much security software.This is wrong. Always creates problems.foremost   is your security knowledge level !
=========================

Please Uninstall:

Trend Micro Inc
Sophos Virus Removal Tool

 

And PC restart

====================================================

Step 1:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

 

Step 2:
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Edited by olgun52, 09 April 2016 - 08:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 10 April 2016 - 06:12 AM

Here is the xx scan you asked for. I will run the Farbar scan and mini toolbox as you requested next.

 

Zemana AntiMalware 2.20.179.140 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/4/10
Operating System       : Windows 8.1 64-bit
Processor              : 2X Intel® Pentium® CPU B960 @ 2.20GHz
BIOS Mode              : UEFI
CUID                   : 00065E39A30BCB491C81FF
Scan Type              : Smart Scan
Duration               : 2m 12s
Scanned Objects        : 11443
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : PITA,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
 



#4 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 10 April 2016 - 07:16 AM

And the other logs you requested:

 

Farbar Service Scanner Version: 27-01-2016
Ran by xnamex (administrator) on 10-04-2016 at 07:51:42
Running from "C:\Users\xnamex\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by xnamex (administrator) on 10-04-2016 at 08:01:05
Running from "C:\Users\xnamex\Desktop\Shortcuts n Scan Tools"
Microsoft Windows 8.1  (X64)
Model: NE56R Manufacturer: Gateway
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    localhost
========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_7" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="wireless_6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : gw01
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 2C-D0-5A-3D-AA-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 20-89-84-6C-D7-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 2C-D0-5A-3D-AA-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, April 10, 2016 7:38:38 AM
   Lease Expires . . . . . . . . . . : Sunday, April 10, 2016 8:50:17 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3073:3aff:3f57:fffc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3073:3aff:3f57:fffc%7(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 150994944
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-ED-D8-11-2C-D0-5A-3D-AA-E5
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{699D9D75-EC47-4094-9A1F-C4DD8DEE0FE1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4006:80c::200e
      216.58.219.206


Pinging google.com [216.58.219.238] with 32 bytes of data:
Reply from 216.58.219.238: bytes=32 time=24ms TTL=53
Reply from 216.58.219.238: bytes=32 time=24ms TTL=53

Ping statistics for 216.58.219.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=106ms TTL=43
Reply from 206.190.36.45: bytes=32 time=107ms TTL=43

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 107ms, Average = 106ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...2c d0 5a 3d aa e5 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...20 89 84 6c d7 db ......Broadcom NetLink ™ Gigabit Ethernet
  2...2c d0 5a 3d aa e5 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    281
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    281
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  7    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  7    306 2001::/32                On-link
  7    306 2001:0:9d38:90d7:3073:3aff:3f57:fffc/128
                                    On-link
  7    306 fe80::/64                On-link
  7    306 fe80::3073:3aff:3f57:fffc/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/10/2016 06:48:51 AM) (Source: Microsoft-Windows-AppModel-State) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/10/2016 04:27:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15032

Error: (04/10/2016 04:27:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15032

Error: (04/10/2016 04:27:08 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2016 09:47:31 PM) (Source: Microsoft-Windows-AppModel-State) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2016 09:12:07 AM) (Source: Microsoft-Windows-AppModel-State) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/07/2016 04:29:59 PM) (Source: Microsoft-Windows-AppModel-State) (User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894


System errors:
=============
Error: (04/10/2016 06:31:57 AM) (Source: DCOM) (User: GW01)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/10/2016 06:31:27 AM) (Source: DCOM) (User: GW01)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/10/2016 06:23:28 AM) (Source: DCOM) (User: GW01)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/10/2016 06:22:58 AM) (Source: DCOM) (User: GW01)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/10/2016 04:42:41 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.

Error: (04/09/2016 02:30:54 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/09/2016 07:55:08 AM) (Source: DCOM) (User: GW01)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/09/2016 07:54:38 AM) (Source: DCOM) (User: GW01)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/09/2016 05:20:05 AM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/08/2016 01:02:42 PM) (Source: Service Control Manager) (User: )
Description: The Dritek WMI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/10/2016 06:48:51 AM) (Source: Microsoft-Windows-AppModel-State)(User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/10/2016 04:27:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15032

Error: (04/10/2016 04:27:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15032

Error: (04/10/2016 04:27:08 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/09/2016 09:47:31 PM) (Source: Microsoft-Windows-AppModel-State)(User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15500

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15500

Error: (04/08/2016 01:09:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/08/2016 09:12:07 AM) (Source: Microsoft-Windows-AppModel-State)(User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894

Error: (04/07/2016 04:29:59 PM) (Source: Microsoft-Windows-AppModel-State)(User: GW01)
Description: C:\Users\xnamex\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894


=========================== Installed Programs ============================

AAC ACM Codec 1.9 (HKLM-x32\...\AACACM) (Version: 1.9 - fccHandler)
AAC ACM Codec x64 1.9 (HKLM\...\AACACM) (Version: 1.9 - fccHandler)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Backup Manager v4 (HKLM-x32\...\{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation) Hidden
Blaine's Blends (Translucency and Compositing) (HKLM\...\{2C094D44-8F5E-4F7F-83AE-719B486E7672}) (Version: 2.0.1 - Blaine's Movie Maker Blog)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX ;-) Audio Compressor 4.02 (HKLM-x32\...\DIVXAudioCompressor4.02) (Version:  - )
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.14.0.3935 - Blueberry)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
K-Lite Mega Codec Pack 10.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.13.0705 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
ShaderTFX version 1.1 (HKLM\...\ShaderTFX_is1) (Version:  - )
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.140 - Zemana Ltd.)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 3909.28 MB
Available physical RAM: 2753.45 MB
Total Virtual: 4357.28 MB
Available Virtual: 3068.18 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:448.75 GB) (Free:9.56 GB) NTFS
3 Drive f: (TOSHIBA EXT) (Fixed) (Total:1397.17 GB) (Free:119.17 GB) NTFS
4 Drive m: (Movies) (Fixed) (Total:1862.92 GB) (Free:892.18 GB) NTFS

========================= Users: ========================================

User accounts for \\GW01

Administrator            Guest                    xnamex                    


**** End of log ****
 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 10 April 2016 - 03:55 PM

Hi chriffan,

 

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   34.37KB   9 downloadsand save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 10 April 2016 - 11:25 PM

  Hi Yılmaz,

 

Here is the FRST fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by xnamex (2016-04-10 22:20:07) Run:1
Running from C:\Users\xnamex\Desktop
Loaded Profiles: xnamex (Available Profiles: xnamex)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {1CE5D54B-EF70-49A5-9CB3-FE1969AD058A} - \TidyNetwork Metro -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [134]
FirewallRules: [{531D019D-1ADC-4733-BD50-EA4EF221F836}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS556F.tmp\SymNRT.exe
FirewallRules: [{109517B2-BEB1-4682-9793-EBD665B554DE}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS556F.tmp\SymNRT.exe
FirewallRules: [{AA00E6BE-1183-4799-B133-AC90449C07F5}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS53D2.tmp\SymNRT.exe
FirewallRules: [{327E7F13-E9A1-4100-9BEC-8950BA7E6CC4}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS53D2.tmp\SymNRT.exe
FirewallRules: [{25000FF4-0B24-4D2B-B80A-EDD4430BC976}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS88E9.tmp\SymNRT.exe
FirewallRules: [{E24CFCD5-F296-4186-9BC0-6A9170176AE0}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS88E9.tmp\SymNRT.exe
FirewallRules: [{50C1578B-CED0-44B4-95F6-3B10C344EAA8}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS339C.tmp\SymNRT.exe
FirewallRules: [{23EC1252-5DA5-44D3-91A1-98E386104E6A}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS339C.tmp\SymNRT.exe
FirewallRules: [{830B98FB-9DCB-46A4-BB08-0E62311359FD}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSFFC5.tmp\SymNRT.exe
FirewallRules: [{64F0F6CC-21BA-4C53-BFC8-84673F15D3F9}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSFFC5.tmp\SymNRT.exe
FirewallRules: [TCP Query User{AFD6E0F3-726C-4311-8DB6-538BB4ABF7AE}C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe
FirewallRules: [UDP Query User{92D1BE37-6570-4F38-AE06-AF2C301F6332}C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe
FirewallRules: [TCP Query User{F97B4D30-9D1D-4A2F-B566-1A9B4F00FA22}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [UDP Query User{DE133B3D-4B90-4ADA-BF8F-B3F060D49DCE}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{62D3FCD5-B314-4251-AA5C-2CE75A344BB5}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSCA58.tmp\SymNRT.exe
FirewallRules: [{BB5A081A-6EB6-4E74-99D6-4BDC66A9708B}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zSCA58.tmp\SymNRT.exe
FirewallRules: [{9310C802-3768-4751-9C54-377292C96F4D}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS1959.tmp\SymNRT.exe
FirewallRules: [{A21F234B-41A0-4E52-9ABC-B677D60EC3AA}] => (Allow) C:\Users\xnamex\AppData\Local\Temp\7zS1959.tmp\SymNRT.exe
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKU\S-1-5-21-2198574098-558535509-1888455575-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?rb=0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.bing.com/?rb=0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Extension: Bluhell Firewall - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-01-21]
FF Extension: gtranslate - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi [2016-01-15]
FF Extension: YouTube Flash Video Player - C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2016-03-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
2016-04-04 15:53 - 2016-04-04 15:55 - 00720224 _____ C:\TDSSKiller.3.1.0.9_04.04.2016_15.53.50_log.txt
2016-04-04 15:50 - 2016-04-04 15:51 - 00008510 _____ C:\TDSSKiller.3.1.0.9_04.04.2016_15.50.56_log.txt
2016-04-03 15:29 - 2016-04-08 11:15 - 00000000 ____D C:\Users\xnamex\AppData\LocalLow\boost_interprocess
2016-04-02 05:27 - 2016-04-02 05:28 - 00706800 _____ C:\TDSSKiller.3.1.0.9_02.04.2016_05.27.08_log.txt
2016-04-02 05:25 - 2016-04-02 05:25 - 00008510 _____ C:\TDSSKiller.3.1.0.9_02.04.2016_05.25.03_log.txt
2016-04-01 17:50 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-04-01 17:47 - 2016-04-01 17:47 - 02527376 _____ (Trend Micro Inc.) C:\Users\xnamex\Downloads\HousecallLauncher64 (1).exe
2016-03-31 04:26 - 2016-03-31 04:27 - 00000000 ____D C:\ProgramData\Sophos
2016-03-31 04:26 - 2016-03-31 04:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-31 04:25 - 2016-03-31 04:25 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-03-29 16:50 - 2016-03-29 16:52 - 00661830 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_16.50.31_log.txt
2016-03-29 16:48 - 2016-03-29 16:49 - 00008510 _____ C:\TDSSKiller.3.1.0.9_29.03.2016_16.48.48_log.txt
2016-03-24 05:37 - 2016-04-09 13:56 - 00007168 ___SH C:\Users\xnamex\Downloads\Thumbs.db
2016-03-23 17:45 - 2016-03-23 17:46 - 00009398 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_17.45.54_log.txt
2016-03-23 09:44 - 2016-04-08 15:23 - 00173568 ___SH C:\Users\xnamex\Desktop\Thumbs.db
2016-03-23 04:16 - 2016-04-06 15:53 - 00146432 ___SH C:\Users\xnamex\Documents\Thumbs.db
2016-03-23 04:09 - 2016-03-23 04:09 - 05658151 _____ (Swearware) C:\Program Files (x86)\ComboFix.exe
2016-03-23 01:27 - 2016-03-23 01:29 - 00665658 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_01.27.17_log.txt
2016-03-21 10:14 - 2016-03-21 10:15 - 00009132 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt
2016-03-21 10:12 - 2016-03-21 10:14 - 01226778 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt
2016-03-19 03:07 - 2016-03-19 03:09 - 00665634 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt
2016-03-19 03:03 - 2016-03-19 03:04 - 00009398 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt
2016-03-22 03:58 - 2016-03-22 04:01 - 01225828 _____ C:\TDSSKiller.3.1.0.9_22.03.2016_03.58.34_log.txt
2016-03-21 10:14 - 2016-03-21 10:15 - 00009132 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt
2016-03-21 10:12 - 2016-03-21 10:14 - 01226778 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt
2016-03-19 03:07 - 2016-03-19 03:09 - 00665634 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt
2016-03-19 03:03 - 2016-03-19 03:04 - 00009398 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt
2016-03-21 10:14 - 2016-03-21 10:15 - 00009132 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt
2016-03-21 10:12 - 2016-03-21 10:14 - 01226778 _____ C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt
2016-03-19 03:07 - 2016-03-19 03:09 - 00665634 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt
2016-03-19 03:03 - 2016-03-19 03:04 - 00009398 _____ C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt
2016-03-11 15:14 - 2016-03-11 15:14 - 28777312 _____ (Adlice Software ) C:\Users\xnamex\Downloads\setup (2).exe
2016-03-11 15:06 - 2016-03-11 15:06 - 00000000 ____D C:\SUPERDelete
2016-04-08 12:17 - 2015-05-05 08:22 - 00000000 ____D C:\Users\xnamex\AppData\Roaming\vlc
2016-04-07 12:58 - 2015-07-06 12:25 - 00000000 ____D C:\Users\xnamex\AppData\Roaming\dvdcss
2016-04-01 15:04 - 2013-12-31 10:09 - 00091136 _____ C:\Users\xnamex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Program Files (x86)\ComboFix.exe
C:\Program Files (x86)\JavaSetup7u55.exe
2014-12-07 11:43 - 2016-04-01 18:36 - 0185822 _____ () C:\Users\xnamex\AppData\Local\ars.cache
2014-12-07 11:43 - 2016-04-01 18:37 - 0630938 _____ () C:\Users\xnamex\AppData\Local\census.cache
2014-12-07 11:35 - 2014-12-07 11:35 - 0000036 _____ () C:\Users\xnamex\AppData\Local\housecall.guid.cache
2014-12-07 11:40 - 2016-04-01 18:08 - 0000010 _____ () C:\Users\xnamex\AppData\Local\sponge.last.runtime.cache
2016-01-07 12:39 - 2016-01-14 20:48 - 0000020 ____H () C:\Users\xnamex\AppData\Local\xftredahs.dat
C:\Users\xnamex\directx_mar2009_redist.exe
C:\Users\xnamex\fdminst.exe
C:\Users\xnamex\Firefox Setup Stub 45.0.exe
C:\Users\xnamex\Silverlight_x64.exe
EmptyTemp:
Reboot:

 
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CE5D54B-EF70-49A5-9CB3-FE1969AD058A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CE5D54B-EF70-49A5-9CB3-FE1969AD058A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Metro" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{531D019D-1ADC-4733-BD50-EA4EF221F836} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{109517B2-BEB1-4682-9793-EBD665B554DE} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA00E6BE-1183-4799-B133-AC90449C07F5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{327E7F13-E9A1-4100-9BEC-8950BA7E6CC4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{25000FF4-0B24-4D2B-B80A-EDD4430BC976} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E24CFCD5-F296-4186-9BC0-6A9170176AE0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50C1578B-CED0-44B4-95F6-3B10C344EAA8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23EC1252-5DA5-44D3-91A1-98E386104E6A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{830B98FB-9DCB-46A4-BB08-0E62311359FD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64F0F6CC-21BA-4C53-BFC8-84673F15D3F9} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AFD6E0F3-726C-4311-8DB6-538BB4ABF7AE}C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{92D1BE37-6570-4F38-AE06-AF2C301F6332}C:\program files (x86)\java\jre1.8.0_51\bin\jp2launcher.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F97B4D30-9D1D-4A2F-B566-1A9B4F00FA22}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE133B3D-4B90-4ADA-BF8F-B3F060D49DCE}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62D3FCD5-B314-4251-AA5C-2CE75A344BB5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB5A081A-6EB6-4E74-99D6-4BDC66A9708B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9310C802-3768-4751-9C54-377292C96F4D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A21F234B-41A0-4E52-9ABC-B677D60EC3AA} => value removed successfully
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: ** <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION => restored successfully
HKU\S-1-5-21-2198574098-558535509-1888455575-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
FF ProfilePath: C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default => FRST is scripted not to move this directory.
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => key removed successfully
C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll => moved successfully
C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi => not found.
C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi => not found.
C:\Users\xnamex\AppData\Roaming\Mozilla\Firefox\Profiles\b584bszs.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
C:\TDSSKiller.3.1.0.9_04.04.2016_15.53.50_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_04.04.2016_15.50.56_log.txt => moved successfully
"C:\Users\xnamex\AppData\LocalLow\boost_interprocess" => not found.
C:\TDSSKiller.3.1.0.9_02.04.2016_05.27.08_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_02.04.2016_05.25.03_log.txt => moved successfully
C:\WINDOWS\system32\Drivers\tmcomm.sys => moved successfully
"C:\Users\xnamex\Downloads\HousecallLauncher64 (1).exe" => not found.
C:\ProgramData\Sophos => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos" => not found.
"C:\Program Files (x86)\Sophos" => not found.
C:\TDSSKiller.3.1.0.9_29.03.2016_16.50.31_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_29.03.2016_16.48.48_log.txt => moved successfully
"C:\Users\xnamex\Downloads\Thumbs.db" => not found.
C:\TDSSKiller.3.1.0.9_23.03.2016_17.45.54_log.txt => moved successfully
"C:\Users\xnamex\Desktop\Thumbs.db" => not found.
"C:\Users\xnamex\Documents\Thumbs.db" => not found.
C:\Program Files (x86)\ComboFix.exe => moved successfully
C:\TDSSKiller.3.1.0.9_23.03.2016_01.27.17_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt => moved successfully
C:\TDSSKiller.3.1.0.9_22.03.2016_03.58.34_log.txt => moved successfully
"C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_21.03.2016_10.14.55_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_21.03.2016_10.12.35_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_19.03.2016_03.07.29_log.txt" => not found.
"C:\TDSSKiller.3.1.0.9_19.03.2016_03.03.37_log.txt" => not found.
"C:\Users\xnamex\Downloads\setup (2).exe" => not found.
C:\SUPERDelete => moved successfully
"C:\Users\xnamex\AppData\Roaming\vlc" => not found.
"C:\Users\xnamex\AppData\Roaming\dvdcss" => not found.
"C:\Users\xnamex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
"C:\Program Files (x86)\ComboFix.exe" => not found.
C:\Program Files (x86)\JavaSetup7u55.exe => moved successfully
"C:\Users\xnamex\AppData\Local\ars.cache" => not found.
"C:\Users\xnamex\AppData\Local\census.cache" => not found.
"C:\Users\xnamex\AppData\Local\housecall.guid.cache" => not found.
"C:\Users\xnamex\AppData\Local\sponge.last.runtime.cache" => not found.
"C:\Users\xnamex\AppData\Local\xftredahs.dat" => not found.
"C:\Users\xnamex\directx_mar2009_redist.exe" => not found.
"C:\Users\xnamex\fdminst.exe" => not found.
"C:\Users\xnamex\Firefox Setup Stub 45.0.exe" => not found.
"C:\Users\xnamex\Silverlight_x64.exe" => not found.
EmptyTemp: => 240.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:21:15 ====

 

After reboot I had a notice from super anti-spyware of Internet Explorer home page change. I allowed the change assuming it was a result of the FRST fixlist. If not, please advise.

 

 

  Here is the Malwarebytes scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 4/10/2016 10:55 PM, SYSTEM, GW01, Manual, Rootkit Database, 2016.4.3.1, 2016.4.9.1,
Update, 4/10/2016 10:55 PM, SYSTEM, GW01, Manual, IP Database, 2016.4.4.1, 2016.4.7.1,
Update, 4/10/2016 10:55 PM, SYSTEM, GW01, Manual, Domain Database, 2016.4.7.4, 2016.4.10.2,
Update, 4/10/2016 10:55 PM, SYSTEM, GW01, Manual, Malware Database, 2016.4.7.2, 2016.4.11.1,
Scan, 4/10/2016 11:33 PM, SYSTEM, GW01, Manual, Start:4/10/2016 10:57 PM, Duration:36 min 36 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)



#7 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 11 April 2016 - 07:08 AM

After reboot I had a notice from super anti-spyware of Internet Explorer home page change. I allowed the change assuming it was a result of the FRST fixlist. If not, please advise.

This can be. No problem.
=================================================================
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
=================================================================

Running Chkdsk /r From Command Prompt

--------------------

  • Close any open programs
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot

=================================================================
 
Update Adobe Flash Player

Please update your Adobe Flash Player to the latest version

  • Open İnternet Explorer Browser
  • Download Adobe Flash Player here and save it to your desktop.
  • Do not accept the Optional offers
  • Uncheck "Yes, install McAfee Security Scan Plus + True Key by Intel Security- optional"
  • Close any open browsers
  • Double click on the adobeflashplayer.jpg icon to launch the installation
  • If you are presented with a warning popup select "Run"
  • Once the installation is complete click "Finish"

İmportant Note: Please read. Only this is for the detailed information
Adobe releases the Flash Player 21.0.0.213 emergency update to resolve Critical Vulnerabilities

http://www.bleepingcomputer.com/news/security/adobe-releases-the-flash-player-21-0-0-213-emergency-update-to-resolve-critical-vulnerabilities/

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 11 April 2016 - 05:22 PM

   Yılmaz, here's the Rogue Killer scan result:

 

RogueKiller V12.1.0.0 (x64) [Mar 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : steve [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/11/2016 16:34:36

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{699D9D75-EC47-4094-9A1F-C4DD8DEE0FE1} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{699D9D75-EC47-4094-9A1F-C4DD8DEE0FE1} | DhcpNameServer : 209.18.47.61 209.18.47.62 ([X][X])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] b584bszs.default : user_pref("browser.startup.homepage", "http://www.bing.com/?rb=0"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] 16f3ba251bd6736b6ac2cdaa891ed4bd
[BSP] a21f471b3285aa1968c89724e8b65f8c : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 459522 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 942798848 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 943720448 | Size: 16139 MB
User = LL1 ... OK
User = LL2 ... OK
-----------------------------------

 

I'm not sure if I ran the chkdsk the way you wanted. I opened command prompt as admin and entered: chkdsk c: /r ENTER then pasted: CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10  ENTER. I also tried pasting the script directly after the  c: /r then clicked ENTER.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 12 April 2016 - 02:32 PM

Thank you. No problem.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 12 April 2016 - 03:34 PM

   Hi Yılmaz,

 

On the Eset scan do I deselect the "remove found threats"? I also get a notice to disable Norton A/V prior to scan. I don't know if it matters, but after the chkdsk and restart the Firefox icon in the taskbar would show I clicked on it, but then go back to as if never clicked and Firefox wouldn't open. Did another restart and Firefox did open.

 

Thanks 



#11 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 12 April 2016 - 07:11 PM

''On the Eset scan do I deselect the "remove found threats"?''

Yes,please remove.

 

''I also get a notice to disable Norton A/V prior to scan''

While scanning,disable please.

 

Please firefox update and will is  repair firefox.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 13 April 2016 - 02:23 PM

Eset found no threats. Both Firefox and Flash updated. What's next?



#13 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 13 April 2016 - 07:49 PM

Please, I can see the Eset Log.Because, sometimes the log is  corrupt


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 chriffan

chriffan
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:02 AM

Posted 14 April 2016 - 11:38 AM

Yılmaz, sorry for the delay. There was no option to save a log when the scan finished. Thought I messed up somewhere so ran it again and after 5 and half hours, still no option to save a log. I went to the Eset website looking for a way to save a log and after a couple hours of a futile search, I looked in:  C:\Program Files (x86)\ESET\ESET Online Scanner. Finally found it there. You may (all bleeping computer helpers) want to include that in the instructions. There was no export option to click on. Hopefully other folks won't have to go through what I did.

 

  Here is the log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=init
# utc_time=2016-03-23 01:48:37
# local_time=2016-03-23 09:48:37 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28721
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=updated
# utc_time=2016-03-23 01:55:10
# local_time=2016-03-23 09:55:10 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# engine=28721
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-23 06:03:24
# local_time=2016-03-23 02:03:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 221262789 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 18200143 50443450 0 0
# scanned=250653
# found=1
# cleaned=1
# scan_time=14894
sh=663EABE88645BD1A3783AD0DD02609FBD7909F50 ft=1 fh=ee234901af1c66c5 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\xnamex\AppData\Roaming\Sun\Java\jre1.7.0_55\java_sp.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=init
# utc_time=2016-03-31 03:22:35
# local_time=2016-03-31 11:22:35 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 28842
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=updated
# utc_time=2016-03-31 03:24:48
# local_time=2016-03-31 11:24:48 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# engine=28842
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-31 04:47:11
# local_time=2016-03-31 12:47:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 461181 221949416 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 18886770 51130077 0 0
# scanned=248726
# found=0
# cleaned=0
# scan_time=4942
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=init
# utc_time=2016-04-12 07:50:31
# local_time=2016-04-12 03:50:31 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=init
# utc_time=2016-04-13 05:46:50
# local_time=2016-04-13 01:46:50 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29039
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=updated
# utc_time=2016-04-13 05:49:48
# local_time=2016-04-13 01:49:48 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# engine=29039
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-04-13 11:26:30
# local_time=2016-04-13 07:26:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 223053375 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19990729 52234036 0 0
# scanned=251603
# found=0
# cleaned=0
# scan_time=20201
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=init
# utc_time=2016-04-13 12:09:20
# local_time=2016-04-13 08:09:20 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29045
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# end=updated
# utc_time=2016-04-13 12:27:16
# local_time=2016-04-13 08:27:16 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e034dfb36eae00468a6c2deb658cc874
# engine=29045
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-04-13 05:56:36
# local_time=2016-04-13 01:56:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 0 223076781 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 20014135 52257442 0 0
# scanned=250249
# found=0
# cleaned=0
# scan_time=19760
 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 14 April 2016 - 08:45 PM

Fair enough. Thank you for the suggestion. I'm going to do.

===================================================

How is the PC running now ?

For check, please post new FRST Logs.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users