Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% cpu usage, can't download win updates, slow comp and internet browser


  • Please log in to reply
76 replies to this topic

#1 sheen25

sheen25

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 27 April 2016 - 04:02 PM

Hi! I'm using a samsung  laptop with windows 7 32 bit os and  intel icore i3 processor  with 4gb ram.

 

The other week, I started experiencing this slow computer and browsing. Then I started to check on the processes and services that is running through the task manager. I saw that there is 100% cpu usage even if I am only using vlc. I ran rkill and it terminated one malware process called rezip.exe. I usually ran rkill whenever I feel like scanning my computer for viruses or malware then I use jrt, mbam and adware cleaner then emsisoft anti malware; and it's the first time I've encountered that rezip.exe being terminated by rkill. Then last week, as I did the same to somehow eliminate the malware, it detected a missing service called tbs. So in an effort to resolve this on my own, after I ran rkill, I ran jrt, then adware cleaner,  and mbam. but nothing was found. Then I started to search the internet for whatever the culprit maybe. I saw that a some malwares and rootkits can bypass an outdated program and enter your system so I have decided to download updates for windows. Over 3 days, I tried to do the same thing, but nothing was found and the win update downloader won't download anything and because of the length of time of waiting I leave my laptop on while I hope to update it when I wake up the next day. I also tried to download updates for NVIDIA  since it is my graphics driver and it always pops in the taskbar but I can't seem to download updates from it too. I did a search of rezip.exe and I learned that it can trace mouse and keyboard strokes. Should I remove it? I only disabled it from services so it won't run automatically when I start my computer.

 

Last sunday, april 24, I ran adware cleaner and it found this:

 

# AdwCleaner v5.113 - Logfile created 26/04/2016 at 01:46:43
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (X86)
# Username : nic j melycan - NICJMELICAN
# Running from : D:\Preference U\edex\HKUSTx EBA102x English for Doing Business in Asia - Writing\week 2\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [929 bytes] - [26/04/2016 01:46:43]
C:\AdwCleaner\AdwCleaner[C31].txt - [1405 bytes] - [26/08/2015 03:53:18]
C:\AdwCleaner\AdwCleaner[C33].txt - [1410 bytes] - [13/10/2015 21:25:21]
C:\AdwCleaner\AdwCleaner[C34].txt - [1410 bytes] - [19/10/2015 19:52:09]
C:\AdwCleaner\AdwCleaner[C35].txt - [2796 bytes] - [24/10/2015 00:17:50]
C:\AdwCleaner\AdwCleaner[C36].txt - [859 bytes] - [29/11/2015 06:46:20]
C:\AdwCleaner\AdwCleaner[C37].txt - [1719 bytes] - [06/12/2015 03:41:32]
C:\AdwCleaner\AdwCleaner[C38].txt - [859 bytes] - [06/01/2016 19:07:21]
C:\AdwCleaner\AdwCleaner[C39].txt - [859 bytes] - [10/01/2016 18:03:15]
C:\AdwCleaner\AdwCleaner[C40].txt - [859 bytes] - [15/01/2016 15:46:11]
C:\AdwCleaner\AdwCleaner[C41].txt - [859 bytes] - [20/01/2016 01:01:08]
C:\AdwCleaner\AdwCleaner[C42].txt - [859 bytes] - [23/01/2016 00:05:33]
C:\AdwCleaner\AdwCleaner[C43].txt - [859 bytes] - [24/01/2016 19:50:13]
C:\AdwCleaner\AdwCleaner[C44].txt - [2765 bytes] - [31/01/2016 01:17:08]
C:\AdwCleaner\AdwCleaner[C45].txt - [1414 bytes] - [01/02/2016 00:45:10]
C:\AdwCleaner\AdwCleaner[C46].txt - [975 bytes] - [19/02/2016 05:54:36]
C:\AdwCleaner\AdwCleaner[C47].txt - [975 bytes] - [10/03/2016 22:55:32]
C:\AdwCleaner\AdwCleaner[C48].txt - [975 bytes] - [11/03/2016 23:39:37]
C:\AdwCleaner\AdwCleaner[R10].txt - [2377 bytes] - [12/03/2014 19:32:42]
C:\AdwCleaner\AdwCleaner[R11].txt - [2498 bytes] - [01/04/2014 04:52:42]
C:\AdwCleaner\AdwCleaner[R12].txt - [2619 bytes] - [04/04/2014 13:42:54]
C:\AdwCleaner\AdwCleaner[R13].txt - [2740 bytes] - [06/04/2014 23:04:10]
C:\AdwCleaner\AdwCleaner[R14].txt - [2861 bytes] - [24/04/2014 14:35:56]
C:\AdwCleaner\AdwCleaner[R15].txt - [2982 bytes] - [28/05/2014 18:01:40]
C:\AdwCleaner\AdwCleaner[R16].txt - [3701 bytes] - [06/06/2014 01:18:18]
C:\AdwCleaner\AdwCleaner[R17].txt - [3225 bytes] - [09/06/2014 21:37:02]
C:\AdwCleaner\AdwCleaner[R18].txt - [3347 bytes] - [13/06/2014 22:01:41]
C:\AdwCleaner\AdwCleaner[R19].txt - [3469 bytes] - [14/07/2014 11:56:52]
C:\AdwCleaner\AdwCleaner[R1].txt - [5414 bytes] - [26/10/2013 22:46:12]
C:\AdwCleaner\AdwCleaner[R20].txt - [3591 bytes] - [22/07/2014 08:58:50]
C:\AdwCleaner\AdwCleaner[R21].txt - [3713 bytes] - [26/09/2014 18:28:28]
C:\AdwCleaner\AdwCleaner[R22].txt - [3835 bytes] - [01/10/2014 18:48:25]
C:\AdwCleaner\AdwCleaner[R23].txt - [3956 bytes] - [17/12/2014 16:37:52]
C:\AdwCleaner\AdwCleaner[R24].txt - [4078 bytes] - [17/12/2014 18:28:12]
C:\AdwCleaner\AdwCleaner[R25].txt - [3776 bytes] - [19/02/2015 10:26:45]
C:\AdwCleaner\AdwCleaner[R26].txt - [3897 bytes] - [10/03/2015 01:56:54]
C:\AdwCleaner\AdwCleaner[R27].txt - [4020 bytes] - [13/04/2015 18:22:49]
C:\AdwCleaner\AdwCleaner[R28].txt - [4141 bytes] - [29/04/2015 21:15:32]
C:\AdwCleaner\AdwCleaner[R29].txt - [4264 bytes] - [08/05/2015 11:26:28]
C:\AdwCleaner\AdwCleaner[R2].txt - [5328 bytes] - [31/10/2013 18:54:58]
C:\AdwCleaner\AdwCleaner[R30].txt - [4385 bytes] - [30/05/2015 16:49:57]
C:\AdwCleaner\AdwCleaner[R31].txt - [4508 bytes] - [16/06/2015 00:51:28]
C:\AdwCleaner\AdwCleaner[R32].txt - [4630 bytes] - [04/07/2015 22:13:11]
C:\AdwCleaner\AdwCleaner[R33].txt - [4752 bytes] - [13/07/2015 18:12:46]
C:\AdwCleaner\AdwCleaner[R34].txt - [4866 bytes] - [09/08/2015 19:16:10]
C:\AdwCleaner\AdwCleaner[R35].txt - [4550 bytes] - [09/08/2015 19:32:12]
C:\AdwCleaner\AdwCleaner[R3].txt - [6816 bytes] - [11/11/2013 03:25:58]
C:\AdwCleaner\AdwCleaner[R4].txt - [4026 bytes] - [19/11/2013 16:27:54]
C:\AdwCleaner\AdwCleaner[R5].txt - [4265 bytes] - [01/02/2014 18:59:51]
C:\AdwCleaner\AdwCleaner[R6].txt - [3791 bytes] - [01/02/2014 20:35:31]
C:\AdwCleaner\AdwCleaner[R7].txt - [3771 bytes] - [05/03/2014 22:16:08]
C:\AdwCleaner\AdwCleaner[R8].txt - [3831 bytes] - [07/03/2014 13:26:22]
C:\AdwCleaner\AdwCleaner[R8]new.txt - [3831 bytes] - [07/03/2014 13:33:22]
C:\AdwCleaner\AdwCleaner[R9].txt - [3731 bytes] - [09/03/2014 17:02:26]
C:\AdwCleaner\AdwCleaner[S10].txt - [3665 bytes] - [06/06/2014 01:36:07]
C:\AdwCleaner\AdwCleaner[S11].txt - [3347 bytes] - [09/06/2014 21:38:56]
C:\AdwCleaner\AdwCleaner[S12].txt - [3469 bytes] - [13/06/2014 22:03:51]
C:\AdwCleaner\AdwCleaner[S13].txt - [3591 bytes] - [14/07/2014 11:58:46]
C:\AdwCleaner\AdwCleaner[S14].txt - [3713 bytes] - [22/07/2014 09:01:08]
C:\AdwCleaner\AdwCleaner[S15].txt - [3835 bytes] - [26/09/2014 18:35:33]
C:\AdwCleaner\AdwCleaner[S16].txt - [3957 bytes] - [01/10/2014 18:49:55]
C:\AdwCleaner\AdwCleaner[S17].txt - [4169 bytes] - [17/12/2014 16:39:43]
C:\AdwCleaner\AdwCleaner[S18].txt - [4188 bytes] - [17/12/2014 18:31:54]
C:\AdwCleaner\AdwCleaner[S19].txt - [3868 bytes] - [19/02/2015 10:30:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [15577 bytes] - [11/11/2013 03:32:09]
C:\AdwCleaner\AdwCleaner[S20].txt - [3989 bytes] - [10/03/2015 02:00:03]
C:\AdwCleaner\AdwCleaner[S21].txt - [4112 bytes] - [13/04/2015 18:25:23]
C:\AdwCleaner\AdwCleaner[S22].txt - [4233 bytes] - [29/04/2015 21:18:25]
C:\AdwCleaner\AdwCleaner[S23].txt - [4356 bytes] - [08/05/2015 11:33:39]
C:\AdwCleaner\AdwCleaner[S24].txt - [4477 bytes] - [30/05/2015 16:51:36]
C:\AdwCleaner\AdwCleaner[S25].txt - [4600 bytes] - [16/06/2015 01:25:27]
C:\AdwCleaner\AdwCleaner[S26].txt - [4722 bytes] - [04/07/2015 22:16:11]
C:\AdwCleaner\AdwCleaner[S27].txt - [4844 bytes] - [13/07/2015 18:15:38]
C:\AdwCleaner\AdwCleaner[S28].txt - [4938 bytes] - [09/08/2015 19:20:56]
C:\AdwCleaner\AdwCleaner[S29].txt - [4612 bytes] - [09/08/2015 19:35:07]
C:\AdwCleaner\AdwCleaner[S2].txt - [4518 bytes] - [01/02/2014 20:19:34]
C:\AdwCleaner\AdwCleaner[S37].txt - [1264 bytes] - [26/08/2015 03:49:48]
C:\AdwCleaner\AdwCleaner[S38].txt - [1582 bytes] - [13/09/2015 05:08:01]
C:\AdwCleaner\AdwCleaner[S39].txt - [1253 bytes] - [13/10/2015 21:23:54]
C:\AdwCleaner\AdwCleaner[S3].txt - [3882 bytes] - [09/03/2014 17:09:12]
C:\AdwCleaner\AdwCleaner[S40].txt - [1253 bytes] - [19/10/2015 19:48:48]
C:\AdwCleaner\AdwCleaner[S41].txt - [2506 bytes] - [24/10/2015 00:15:18]
C:\AdwCleaner\AdwCleaner[S42].txt - [762 bytes] - [29/11/2015 06:41:26]
C:\AdwCleaner\AdwCleaner[S43].txt - [762 bytes] - [29/11/2015 06:44:08]
C:\AdwCleaner\AdwCleaner[S44].txt - [1525 bytes] - [06/12/2015 03:39:16]
C:\AdwCleaner\AdwCleaner[S45].txt - [762 bytes] - [06/01/2016 19:06:03]
C:\AdwCleaner\AdwCleaner[S46].txt - [762 bytes] - [10/01/2016 18:01:14]
C:\AdwCleaner\AdwCleaner[S47].txt - [762 bytes] - [15/01/2016 15:44:54]
C:\AdwCleaner\AdwCleaner[S48].txt - [762 bytes] - [20/01/2016 00:58:49]
C:\AdwCleaner\AdwCleaner[S49].txt - [762 bytes] - [23/01/2016 00:02:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [2497 bytes] - [12/03/2014 19:40:20]
C:\AdwCleaner\AdwCleaner[S50].txt - [762 bytes] - [24/01/2016 19:47:33]
C:\AdwCleaner\AdwCleaner[S51].txt - [2539 bytes] - [31/01/2016 01:12:05]
C:\AdwCleaner\AdwCleaner[S52].txt - [1286 bytes] - [01/02/2016 00:41:28]
C:\AdwCleaner\AdwCleaner[S53].txt - [877 bytes] - [05/02/2016 22:15:31]
C:\AdwCleaner\AdwCleaner[S54].txt - [877 bytes] - [19/02/2016 05:51:24]
C:\AdwCleaner\AdwCleaner[S55].txt - [877 bytes] - [10/03/2016 22:51:55]
C:\AdwCleaner\AdwCleaner[S56].txt - [877 bytes] - [11/03/2016 23:37:56]
C:\AdwCleaner\AdwCleaner[S57].txt - [736 bytes] - [01/04/2016 16:11:03]
C:\AdwCleaner\AdwCleaner[S5].txt - [2618 bytes] - [01/04/2014 04:54:47]
C:\AdwCleaner\AdwCleaner[S6].txt - [2739 bytes] - [04/04/2014 14:24:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [2860 bytes] - [06/04/2014 23:06:46]
C:\AdwCleaner\AdwCleaner[S8].txt - [2981 bytes] - [24/04/2014 14:39:24]
C:\AdwCleaner\AdwCleaner[S9].txt - [3102 bytes] - [28/05/2014 18:05:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8585 bytes] ##########
 
 
 
 
 

 

Yesterday, I have decided to ran roguekiller and it found the following:

 

 

RogueKiller V12.1.3.0 [Apr 18 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : nic j melycan [Administrator]
Started from : D:\Preference U\edex\HKUSTx EBA102x English for Doing Business in Asia - Writing\week 2\RogueKiller.exe
Mode : Scan -- Date : 04/26/2016 05:27:52
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 14 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Panda Security Toolbar Antiphishing : "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [7] -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.5.0.19  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1094267035-4049411560-3114852990-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1094267035-4049411560-3114852990-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1094267035-4049411560-3114852990-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff82b57f46 (call dword [0x84345d14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff84641468 (call dword [0x8421c0b4])
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 (TurboPC) +++++
--- User ---
[MBR] 5f195a54e29b421feccad488dd2e7d00
[BSP] cf274af0d769afcbe62d2de1b20a20bb : Kiwi MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 144890 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 328398848 | Size: 144893 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

 

I deleted those browser entries that roguekiller found. I clearly remember that I have already uninstalled internet explorer a long time ago since I do not use it for browsing. So it got me looking for traces of internet explorer in my computer through the search bar. I found out that there is still a folder in my c:\program files\internet explorer. I tried to delete it a few times, but I just can't due to a special permission required even if I am a system admin and I normally delete remnants of uninstalled software and manage to delete it--this is the only existing folder that I can't delete as far as remnant folders of uninstalled programs is concerned.

 

 

I also decided to uninstall quicktime realplayer and java because I seldom use them and that apple is no longer supporting quicktime; I use revo uninstaller to do it. and used the advance method wherein even the traces of the program can be deleted. While removing java, I notice that there are 6000+ leftover registry items found. It was something like this:( please refer to the comsurgate.png) with a series of CAFEEFAC-00013-0001-0076-ABCDEFFFEDCBB, under it were default java plugin and inproserver32 and under it was default c:\program files-java\ jre1.8.0_31bin\jp2iexp.dll and threadingmodel-aprartment. It was full of those(like 5000+ of it!) I ran a search about it and found out that there was a malware or rootkit connected to it called comsurgate.I checked task manager and found that his comsurgate runs in my processes and terminate it. I deleted those remaining entries ( those 6000+) of it. 

 

As of today, it still runs slow an windows updates still can't download anything. I ran rkill, jrt, adwarecleaner and roguekiller but it found nothing new. Please help me resolve this. Thank you.

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 28 April 2016 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 28 April 2016 - 12:39 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-04-2016
Ran by nic j melycan (administrator) on NICJMELICAN (28-04-2016 23:43:01)
Running from C:\Users\nic j melycan\Desktop\farbar
Loaded Profiles: nic j melycan (Available Profiles: nic j melycan)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\Backup_Utility\BUService.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [UpdatePDRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [807392 2016-03-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [220336 2010-07-01] (CyberLink Corp.)
HKLM\...\Run: [BuffaloTools] => C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-30] (BUFFALO INC.)
HKLM\...\Run: [Backup Utility TaskTray Tool] => C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe [1824120 2010-04-28] (BUFFALO INC.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93360 2010-09-30] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Run: [Akamai NetSession Interface] => C:\Users\nic j melycan\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Run: [Rainlendar2] => D:\Program Files\Rainlendar2\Rainlendar2.exe [2611808 2014-03-17] ()
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-04-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Policies\Explorer: [DisallowRun] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-02-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8
Tcpip\..\Interfaces\{7CA10FAC-9632-4241-98A6-F8486139BE40}: [DhcpNameServer] 208.67.222.222 208.67.220.220 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000 -> {80748C30-5591-4DF8-8FB7-52128C388426} URL = hxxp://ph.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1094267035-4049411560-3114852990-1000: @citrixonline.com/appdetectorplugin -> C:\Users\nic j melycan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-17] (Citrix Online)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://www.dominykas.com/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\50.0.2661.87\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dominykas Blyžė) - C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoibpobokebhgfnknfndkgemglggomo [2015-11-14]
CHR Extension: (Adblock Plus) - C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-11-08] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [955736 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466504 2016-03-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1424880 2016-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 BFBackupUtilityService; C:\Program Files\BUFFALO\Backup_Utility\BUService.exe [320888 2010-04-28] (BUFFALO INC.)
R2 BFBackupUtilityVSSService; C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe [247160 2010-04-28] (BUFFALO INC.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-11-25] (Macrovision Europe Ltd.) [File not signed]
R2 ftpsvc; C:\windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-08-18] () [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
S4 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-08] ()
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [578840 2015-02-27] (Wacom Technology, Corp.)
S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 TweakingRunAsSystem0003; "C:\Users\nic j melycan\Desktop\Tweaking.com - Windows Repair\files\tweaking_ras.exe" 0003[]
 
C:\windows\System32\cmd.exe
 
[]/c start /HIGH C:\windows\System32\cmd.exe /c 
 
C:\windows\Temp\temp49905.bat
 
 & exit
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 apf005; C:\windows\system32\apf005.sys [14160 2014-04-22] ()
R3 athr; C:\windows\System32\DRIVERS\athr.sys [3208496 2015-05-19] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [109016 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136272 2016-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [60544 2016-03-17] (Avira Operations GmbH & Co. KG)
S3 bautopw; C:\windows\System32\drivers\bautopw.sys [7680 2010-01-21] (BUFFALO INC.) [File not signed]
R0 bftpdskc; C:\windows\System32\drivers\bftpdskc.sys [40192 2010-04-14] (BUFFALO INC.) [File not signed]
S3 bftpusbx; C:\windows\System32\drivers\bftpusbx.sys [10880 2010-04-21] (BUFFALO INC.) [File not signed]
R3 btwampfl; C:\windows\system32\drivers\btwampfl.sys [508184 2014-02-18] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
S3 hidkmdf; C:\windows\System32\DRIVERS\hidkmdf.sys [12056 2015-04-29] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [35992 2015-08-07] ()
S3 libusb0; C:\windows\System32\DRIVERS\libusb0.sys [29184 2006-05-31] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S3 NPF; C:\windows\System32\drivers\npf.sys [35088 2010-06-26] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [41984 2010-09-28] (Apple, Inc.) [File not signed]
S3 WacHidRouter; C:\windows\System32\DRIVERS\wachidrouter.sys [88856 2015-04-29] (Wacom Technology)
S3 wacomrouterfilter; C:\windows\System32\DRIVERS\wacomrouterfilter.sys [13080 2015-04-29] (Wacom Technology)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S0 mddjr; System32\drivers\iiej.sys [X]
S3 mfeavfk01; no ImagePath
S3 RkPavproc1; \??\C:\windows\system32\drivers\RkPavproc1.sys [X]
S3 RkPavproc2; \??\C:\windows\system32\drivers\RkPavproc2.sys [X]
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-28 23:42 - 2016-04-28 23:43 - 00000000 ____D C:\Users\nic j melycan\Desktop\farbar
2016-04-28 23:42 - 2016-04-28 23:43 - 00000000 ____D C:\FRST
2016-04-28 23:23 - 2016-04-28 23:23 - 00000908 _____ C:\Users\nic j melycan\Desktop\SCAD.txt
2016-04-28 05:02 - 2016-04-28 05:02 - 00017158 _____ C:\Users\nic j melycan\Desktop\bc.txt
2016-04-28 00:27 - 2016-04-28 01:36 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-28 00:26 - 2016-04-28 01:35 - 00000000 ____D C:\Users\nic j melycan\Desktop\mbar
2016-04-27 07:15 - 2016-04-27 07:15 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-04-27 07:15 - 2016-04-27 07:15 - 00000000 ____D C:\Program Files\Security Task Manager
2016-04-27 03:14 - 2016-04-28 23:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-27 03:14 - 2016-04-27 03:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-04-27 03:14 - 2016-04-27 03:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-04-27 02:20 - 2016-04-27 03:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-27 02:20 - 2016-04-27 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-26 22:39 - 2016-04-28 03:26 - 00000000 ____D C:\Users\nic j melycan\AppData\Roaming\vlc
2016-04-26 04:04 - 2016-04-28 01:36 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-04-26 04:02 - 2016-04-27 00:18 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-26 04:01 - 2016-04-26 04:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-26 04:00 - 2016-04-26 04:00 - 00000000 ____D C:\Program Files\VideoLAN
2016-04-25 06:58 - 2016-04-25 06:59 - 00725440 _____ (Opera Software) C:\Users\nic j melycan\Downloads\OperaSetup.exe
2016-04-20 03:01 - 2016-04-20 04:32 - 00000000 ____D C:\Users\nic j melycan\Downloads\Quantico.S01E18.HDTV.XviD-FUM[ettv]
2016-04-18 04:11 - 2016-04-19 00:23 - 00013963 _____ C:\Users\nic j melycan\Desktop\poechiz.txt
2016-04-16 02:59 - 2016-04-16 02:59 - 00015332 _____ C:\Users\nic j melycan\Desktop\TBS.txt
2016-04-15 21:28 - 2016-04-23 00:02 - 00000000 ____D C:\Users\nic j melycan\Downloads\Quantico.S01E16.HDTV.x264-LOL[ettv]
2016-04-13 04:37 - 2016-04-13 04:38 - 00000448 _____ C:\Users\nic j melycan\Desktop\PFLI.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-28 23:38 - 2009-07-14 12:34 - 00014736 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-28 23:38 - 2009-07-14 12:34 - 00014736 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-28 23:28 - 2016-03-21 02:25 - 00001244 _____ C:\Users\nic j melycan\Desktop\JRT.txt
2016-04-28 23:21 - 2016-03-12 02:31 - 00002334 _____ C:\Users\nic j melycan\Desktop\Rkill.txt
2016-04-28 23:12 - 2013-02-08 21:01 - 00000826 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1ce05fc75935c54.job
2016-04-28 23:11 - 2011-08-20 10:55 - 00065536 _____ C:\windows\system32\Ikeext.etl
2016-04-28 23:11 - 2009-07-14 12:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-28 06:11 - 2010-07-17 20:19 - 00000830 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-28 03:23 - 2010-08-05 00:49 - 00007601 _____ C:\Users\nic j melycan\AppData\Local\Resmon.ResmonCfg
2016-04-28 03:05 - 2010-05-19 07:42 - 00000000 ____D C:\Users\nic j melycan\Documents\Youcam
2016-04-28 02:52 - 2010-05-20 05:33 - 00000000 ____D C:\Users\nic j melycan\AppData\Local\Adobe
2016-04-28 00:27 - 2015-06-17 21:22 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-28 00:27 - 2015-06-17 20:40 - 00094936 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-28 00:08 - 2013-10-26 09:01 - 00000000 ____D C:\AdwCleaner
2016-04-27 02:57 - 2013-09-18 10:19 - 00000000 ____D C:\Users\nic j melycan\Desktop\Notepad
2016-04-27 02:17 - 2010-10-11 14:56 - 00000000 ____D C:\Users\nic j melycan\AppData\Roaming\uTorrent
2016-04-27 01:24 - 2015-02-26 18:02 - 00000000 ____D C:\Users\nic j melycan\AppData\Local\NVIDIA
2016-04-27 01:21 - 2015-02-26 18:02 - 00000000 ____D C:\Users\nic j melycan\AppData\Local\NVIDIA Corporation
2016-04-27 01:14 - 2015-02-26 17:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-25 06:55 - 2014-03-03 23:49 - 00000000 ____D C:\Program Files\Opera
2016-04-25 06:36 - 2011-10-17 19:21 - 00002020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-25 04:28 - 2016-03-21 02:26 - 00000000 ____D C:\Program Files\AdwCleaner
2016-04-25 04:23 - 2015-12-12 07:10 - 00000000 ____D C:\ProgramData\Emsisoft
2016-04-24 05:25 - 2015-07-20 20:37 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-22 07:05 - 2014-02-18 21:10 - 00000000 ____D C:\Users\nic j melycan\AppData\Local\CrashDumps
2016-04-20 02:29 - 2015-06-18 20:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-19 01:35 - 2015-06-18 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-14 01:43 - 2009-07-14 10:37 - 00000000 ____D C:\windows\inf
2016-04-14 01:42 - 2015-04-12 20:09 - 00000000 ___SD C:\windows\system32\GWX
2016-04-13 19:05 - 2010-10-31 18:47 - 00000000 ____D C:\ProgramData\Panda Security Toolbar Antiphishing
2016-04-10 03:38 - 2009-07-14 10:37 - 00000000 ____D C:\windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2011-02-02 16:11 - 2010-10-17 00:50 - 3056008 _____ (Ask) C:\Program Files\Common Files\AskToolbarInstaller.exe
2014-03-20 06:23 - 2014-04-27 00:30 - 0000132 _____ () C:\Users\nic j melycan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2010-10-16 01:14 - 2010-10-16 01:14 - 0000048 _____ () C:\Users\nic j melycan\AppData\Roaming\guid.ini
2011-03-26 23:04 - 2015-02-18 17:28 - 0000032 _____ () C:\Users\nic j melycan\AppData\Roaming\ntl.ini
2010-10-23 21:41 - 2012-09-22 01:35 - 0003073 _____ () C:\Users\nic j melycan\AppData\Roaming\Rim.Desktop.Exception.log
2010-10-12 23:00 - 2013-11-15 02:59 - 0002810 _____ () C:\Users\nic j melycan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-11-01 16:34 - 2012-09-22 01:35 - 0000693 _____ () C:\Users\nic j melycan\AppData\Roaming\Rim.DesktopHelper.Exception.log
2010-07-18 08:40 - 2011-12-13 23:45 - 0000842 _____ () C:\Users\nic j melycan\AppData\Roaming\wklnhst.dat
2013-01-15 21:58 - 2016-04-19 00:17 - 7500462 _____ () C:\Users\nic j melycan\AppData\Local\av.log
2010-10-05 01:03 - 2012-01-28 20:55 - 0024576 _____ () C:\Users\nic j melycan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-05 00:49 - 2016-04-28 03:23 - 0007601 _____ () C:\Users\nic j melycan\AppData\Local\Resmon.ResmonCfg
2014-02-27 20:19 - 2014-11-20 13:53 - 0000088 __RSH () C:\ProgramData\BFE734D7BB.sys
2011-02-22 22:17 - 2011-02-22 22:17 - 0000056 _____ () C:\ProgramData\ezsidmv.dat
2010-01-19 19:31 - 2009-08-17 04:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2014-02-27 20:19 - 2014-11-20 13:53 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
 
Some files in TEMP:
====================
C:\Users\nic j melycan\AppData\Local\Temp\avgnt.exe
C:\Users\nic j melycan\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-20 08:44
 
==================== End of FRST.txt ============================Attached File  Addition.txt   67.7KB   3 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 28 April 2016 - 01:06 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S0 mddjr; System32\drivers\iiej.sys [X]
S3 mfeavfk01; no ImagePath
S3 RkPavproc1; \??\C:\windows\system32\drivers\RkPavproc1.sys [X]
S3 RkPavproc2; \??\C:\windows\system32\drivers\RkPavproc2.sys [X]
U2 srservice; no ImagePath
S3 TweakingRunAsSystem0003; "C:\Users\nic j melycan\Desktop\Tweaking.com - Windows Repair\files\tweaking_ras.exe" 0003[] C:\windows\System32\cmd.exe []/c start /HIGH C:\windows\System32\cmd.exe /c C:\windows\Temp\temp49905.bat  & exit
C:\Users\nic j melycan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the log and include the contents of the Addition.txt file that was created by the Farbar tool.
I need to review it as well.

Please let me know what problem persists with this computer.

#5 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 28 April 2016 - 01:40 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-04-2016
Ran by nic j melycan (2016-04-28 23:45:30)
Running from C:\Users\nic j melycan\Desktop\farbar
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2010-05-18 21:11:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1094267035-4049411560-3114852990-500 - Administrator - Disabled)
Guest (S-1-5-21-1094267035-4049411560-3114852990-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1094267035-4049411560-3114852990-1008 - Limited - Enabled)
nic j melycan (S-1-5-21-1094267035-4049411560-3114852990-1000 - Administrator - Enabled) => C:\Users\nic j melycan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (HKLM\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CS3 (HKLM\...\Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 3.2.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.1.0805 - Atheros)
Audacity 1.3.12 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
BatteryLifeExtender (HKLM\...\{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}) (Version: 1.0.1 - Samsung)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO Backup Utility (HKLM\...\UN091222) (Version:  - )
BUFFALO BuffaloTools Launcher (HKLM\...\UN091201) (Version:  - )
BUFFALO eco Manager for HD (HKLM\...\UN080616) (Version:  - )
BUFFALO TurboCopy (HKLM\...\UN091114) (Version:  - )
BUFFALO TurboPC for FLASH/HDD (HKLM\...\UN091111) (Version:  - )
calibre (HKLM\...\{84A259BB-88C4-435F-B755-8C6EE64B7E93}) (Version: 2.40.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CCProxy 6.64 Build on 20090713 (HKLM\...\CCProxy_is1) (Version:  - Youngzsoft, Inc.)
ChargeableUSB (HKLM\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Graphics Suite X4 - Capture (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (Version: 14.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (Version: 1.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3625 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
dBpowerAMP AAC to Mp4 Codec (HKLM\...\dBpowerAMP AAC to Mp4 Codec) (Version:  - )
dBPowerAMP AIFF codec r4 (HKLM\...\dBPowerAMP AIFF codec r4) (Version:  - )
dBpoweramp FLAC Codec (HKLM\...\dBpoweramp FLAC Codec) (Version: Release 14 (FLAC 1.2.1) - Illustrate)
dBpowerAMP Mp4 Codec (HKLM\...\dBpowerAMP Mp4 Codec) (Version:  - )
dBpowerAMP Music Converter (HKLM\...\dBpowerAMP Music Converter) (Version:  - )
dBpowerAMP WMA V9.1 Codec (HKLM\...\dBpowerAMP WMA V9.1 Codec) (Version:  - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM\...\{A5675A9E-F073-414A-9A04-F9BCD50459D7}) (Version: 4.2.6 - Samsung)
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung)
f.lux (HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Flux) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google SketchUp 8 (HKLM\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Olympus ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.3.2207 - OLYMPUS IMAGING CORP.)
Olympus ib (Version: 1.3.2207 - OLYMPUS IMAGING CORP.) Hidden
OLYMPUS Viewer 2 (HKLM\...\{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}) (Version: 1.1.1 - OLYMPUS IMAGING CORP.)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 30.0.1835.88 (HKLM\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
Panda Security Toolbar URL Filtering (HKLM\...\panda2_0dn) (Version: 2.0.0.2 - Visicom Media Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM\...\{F2BC3383-F000-410C-A038-3846ADBE8D90}) (Version: 1.01.0088 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Support Center (HKLM\...\{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}) (Version: 1.0.21 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Security Task Manager 2.1f (HKLM\...\Security Task Manager) (Version: 2.1f - Neuber Software)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.11-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4100 - Broadcom Corporation)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xiph QuickTime Components (HKLM\...\XiphQT) (Version:  - )
YACReader 6.5.3 (HKLM\...\YACReader_is1) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06699236-E29C-419F-BCDA-C75DEC81AEBD} - System32\Tasks\{6A42F13E-72FE-4FEA-B768-10F8EA91E7CF} => C:\Users\nic j melycan\Desktop\Adobe Photoshop CS5 x32 Pre-Release Portable\Photoshop.exe
Task: {1001A5CC-7EC6-4173-ACFC-34532902B1F1} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-11-04] (Samsung Electronics Co., Ltd.)
Task: {16CDC9B1-F5CC-4E82-8171-C06BE17FD7E9} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe
Task: {18B5F5CB-4847-4B59-ABC4-6AC72957259A} - System32\Tasks\{C0397AC6-C72C-49AC-B614-4546573F644C} => F:\Installer\setup.exe
Task: {21374BBB-EE67-4E8A-8DC6-2356EA8F389C} - System32\Tasks\{F63EDC5D-CE17-4ECB-BEDD-F54ECE1BE219} => D:\Downloads\dBpowerAMP-codec-wmav91.exe
Task: {222029CB-E0CD-4160-B959-CB62A68566DA} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-10-26] (SAMSUNG Electronics)
Task: {35D39305-49A1-4601-BF29-88346DF5548B} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-11-19] (Samsung Electronics. Co. Ltd.)
Task: {3DE818F4-10F4-4F5A-80B9-27A0B565F746} - System32\Tasks\{A1048FD2-B0D4-41D1-8BF1-AF4EE7A728DE} => pcalua.exe -a E:\DX80.exe -d E:\
Task: {40BE897C-35C0-4A96-BB02-BB624DC34999} - System32\Tasks\{B8BEFD12-9987-4CD7-85D7-051069853378} => C:\Program Files\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {4118666E-F764-4AD5-B5D8-2ECBF8780EAB} - System32\Tasks\{BFE2FC28-3006-4BD9-97DC-0D730090C313} => pcalua.exe -a D:\Downloads\BonjourSetup.exe -d D:\Downloads
Task: {48393C09-BEE6-42C5-A81D-3967335DE245} - System32\Tasks\GoogleUpdateTaskMachineCore1ce05fc75935c54 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4DE9EF98-C8A6-428A-9625-F3A34AA852A9} - System32\Tasks\Opera scheduled Autoupdate 1393861757 => C:\Program Files\Opera\launcher.exe [2015-06-19] (Opera Software)
Task: {559AF721-AD9C-40FA-9218-F7F24F4F30A0} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-10-16] (SAMSUNG Electronics co., LTD.)
Task: {60418E8A-2530-46BB-A4D4-705357C3A300} - System32\Tasks\{984A289D-FE80-44AC-842A-222318377597} => C:\Users\nic j melycan\Downloads\ccproxysetup.exe
Task: {64965B39-6407-4EA9-BC4C-935EA79F800C} - System32\Tasks\{9E204960-A780-4F76-AD82-37EE47EDD5AD} => D:\Downloads\dBpowerAMP-codec-aactomp4.exe
Task: {66C002B9-CCB1-4976-9A12-86B2FFCB61FF} - System32\Tasks\{3A36786D-A99D-4377-A169-34310522F96B} => D:\Downloads\dMC-r10.exe
Task: {8AFC14C5-096F-4970-B76B-E75903248AF1} - System32\Tasks\AdobeAAMUpdater-1.0-NICJMELICAN-nic j melycan => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {8C5056DC-6E62-4EB6-83BF-CB066AB16043} - System32\Tasks\{143CC53F-FC40-41F9-869B-B7967EBB891E} => C:\Program Files\Skype\Phone\Skype.exe
Task: {8C987573-2A0A-462B-A562-32D1D9DCDEB6} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {8D3D160B-21B0-496A-BDE9-626277C78A0A} - System32\Tasks\{8F47EBE8-1EFD-4292-B47E-72822C2AB4E6} => pcalua.exe -a "C:\Users\nic j melycan\Downloads\free-ipod-video-converter.exe" -d "C:\Users\nic j melycan\Downloads"
Task: {96D8F56E-9F42-4728-8501-B6B896F07D63} - System32\Tasks\{6C032461-FD78-45EE-8B1D-850531905B94} => pcalua.exe -a "C:\New folder\Setup.exe" -d "C:\New folder"
Task: {9D16F73B-BDB0-461D-98CF-C3ED75215D96} - System32\Tasks\{4EE7B1E5-D8E5-47FC-93E8-11D13733FF3F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.12.85.101/en/abandoninstall?page=tsProgressBar
Task: {A0A992AB-E77B-49E1-A826-3038B37604FC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A136A2E5-8111-4C5B-8EEE-59F7AB5123FB} - System32\Tasks\{20270AC2-588A-4165-8A75-DC7B467AAC9A} => pcalua.exe -a E:\DX80NT.exe -d E:\
Task: {A17060FD-FEF5-415C-9798-E8E22DE7C4CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A6807BA1-C3E3-49EE-882B-415E9DBDDF96} - System32\Tasks\{E94D8E02-5531-49D0-91F3-ADFC7D5D6EAC} => D:\Downloads\dBpowerAMP-codec-mp4.exe
Task: {B8764ECF-61D9-44B0-BFB1-71BFE9EF5795} - System32\Tasks\{4D175226-C35B-4075-AC9C-FED16FC84BD8} => D:\Downloads\dBpowerAMP-codec-aiff.exe
Task: {BEC297E4-55C5-4916-8BCB-AC4BC88FFEB4} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {CA515F6A-E079-4C5B-B700-FB1D1F22A5BB} - System32\Tasks\{6D8416A5-7248-4C80-B05E-9C6B109B6B22} => C:\Program Files\iTunes\iTunes.exe [2014-01-20] (Apple Inc.)
Task: {CCFD7724-BE7A-441E-8CD7-DF77DA4E24C8} - System32\Tasks\{4112FE2C-9434-4E51-B478-7114AF5B2B9D} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {CFE9102A-9307-43D7-9DF6-A349CACFFD69} - System32\Tasks\{C7F933DC-3913-4B6D-B815-AC28E2EC2E5E} => c:\program files\safari\safari.exe
Task: {D31F016A-B86F-40F8-A918-F040525C1AB9} - System32\Tasks\{81A056D9-3A5A-4956-84DC-3A739607DABF} => pcalua.exe -a "C:\Users\nic j melycan\Desktop\The 14th\Chicken_Invaders3_regular-setup.exe" -d "C:\Users\nic j melycan\Desktop\The 14th"
Task: {D400B0B3-4012-4C90-9B22-983993730BB6} - System32\Tasks\{0E9D1723-CA55-46CE-B8B6-DDE1D5B08566} => F:\Installer\setup.exe
Task: {D4878E2C-E40C-4189-8CAE-ABDCA1C3D810} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {EB1AA704-5CC4-4CFB-9686-EAFF59851548} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {F1091E31-730D-4AF4-BEBD-D5F70588E3C7} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {F1790FC5-A443-412C-AB13-6B7D5B195A74} - System32\Tasks\{96166CDD-C03E-49AF-B059-450BC9BD3C82} => Chrome.exe hxxp://ui.skype.com/ui/0/7.12.85.101/en/abandoninstall?page=tsProgressBar
Task: {F374F973-C0B6-47E4-A63E-5CC8151B9D6B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\system32\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe [2016-03-28] (Adobe Systems Incorporated)
Task: {F4214B05-A503-4615-A64E-4760A5CFF3C9} - System32\Tasks\{CCCB8B31-B225-42D0-9954-744ADBCF41F2} => C:\Users\nic j melycan\Downloads\iTunesSetup.exe
Task: {F783D5B0-3927-42D4-9510-61BEF7335C03} - System32\Tasks\{64F597FD-A442-4816-9F96-F839EC88C8C8} => C:\Users\nic j melycan\Downloads\iTunesSetup.exe
Task: {F9331633-9968-411D-A765-0323AD94E507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {FDEAEB9F-A08A-47E4-8596-21B2AD54D1C4} - System32\Tasks\{F6BAABA9-D547-48BA-B354-6BC61CDF5DAC} => pcalua.exe -a "C:\Users\nic j melycan\Desktop\avira_free_antivirus_en.exe" -d "C:\Users\nic j melycan\Desktop"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\system32\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1ce05fc75935c54.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-19 19:08 - 2009-07-08 02:23 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-10-16 01:05 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-26 18:00 - 2014-07-03 03:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\...\123simsen.com -> www.123simsen.com
 
There are 7865 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1094267035-4049411560-3114852990-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nic j melycan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: APLangApp => "C:\Program Files\AnyPC Client\APLangApp.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{37CB1885-D6C1-44E1-A2FF-C914302DCF72}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{E2F6BFD7-396F-48B0-B8BA-8FC489C3EED1}] => (Allow) C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{A24205D5-0653-43FF-859C-93B05CB42BEC}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F54AB25C-89AF-4499-96CC-E99A12390E7F}] => (Allow) svchost.exe
FirewallRules: [{81F57AD9-B96D-4A37-969B-001CC09B4908}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{98E66A52-3DEA-4AF7-A218-0FBF4E6B351A}] => (Allow) LPort=49217
FirewallRules: [{498DA264-9231-47D4-A660-6D9E0C1539C1}] => (Allow) LPort=5000
FirewallRules: [{15ECB4C5-3932-48E7-B43E-604B18CC05AA}] => (Allow) LPort=49199
FirewallRules: [{6DDD4E7A-DA4C-4DC5-8DC4-7AEDA5EACEE5}] => (Allow) LPort=5000
FirewallRules: [{433F23BD-3E70-49CD-A589-9E27897C1A83}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB41E16C-039D-4151-AA56-ACCE202AAE95}] => (Allow) LPort=2869
FirewallRules: [{33E7AE63-42C8-4DB5-BE4D-853EBACC1202}] => (Allow) LPort=1900
FirewallRules: [{8AA190B3-9720-4511-B5FD-69711B997365}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{E5D4764D-4369-4B87-9260-8895A8A824BA}] => (Allow) LPort=3703
FirewallRules: [{B5F1D461-CEC4-47F8-966B-89673B99F9C8}] => (Allow) LPort=3704
FirewallRules: [{E09CFBCE-186E-46CA-B613-5403CCD902A2}] => (Allow) LPort=50900
FirewallRules: [{4B58C9C9-FC5B-4FA7-BB6B-9D9E3B38749C}] => (Allow) LPort=50901
FirewallRules: [{03343E83-089D-4368-AA15-84E64D35DFA9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{588150B8-D232-4321-B38D-E8AA4C944ACF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C7473DA-DD2C-4B8A-B0D2-E36B38FF8CC8}] => (Allow) LPort=49167
FirewallRules: [{70756A2D-773E-479B-BFF6-57E4FB7F53A0}] => (Allow) C:\Users\nic j melycan\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{FFF49AC0-94F0-4A77-BD9A-8276DCF4B948}] => (Allow) C:\Users\nic j melycan\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{A0389792-192C-4BB0-98AE-008243689789}] => (Allow) C:\Users\nic j melycan\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{DB9E76AC-8B7F-426E-8DFE-A69E06853127}] => (Allow) C:\Users\nic j melycan\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{3ABFF6B3-4CE5-40D9-BC5B-561B6D88CD63}] => (Allow) C:\Users\nic j melycan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C43C0BAB-E1BB-4BE4-9F34-288B773828D5}] => (Allow) C:\Users\nic j melycan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAE70B42-522D-4CA1-AFA0-32E2F390C849}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{473AC7E5-7A22-46B9-9153-11B24955E0FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C80F35CC-CD47-497F-BF21-ABFED40BEDE3}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{36749A14-4D0C-49F3-AEB3-FD35B3F3F0E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{02EAB5EB-9204-4409-ADE7-3048544CAF68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0462E249-C800-4D46-B085-E62F3E794022}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1267B9BE-FA84-466D-B773-97FBC05E4499}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8EBA7A1F-7E32-4500-944E-5D390669DBD2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7D7442AB-241B-428E-9BF2-A9BF5A4B9044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3C58FE9B-AFD1-425E-9685-7409E9B8C217}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{41DDF1E7-9F44-45CE-93CA-F3A3F33240AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{46876F6B-B231-4F9B-B08B-F74FB563846B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{882BE92F-AEDB-49D5-80FE-B0FD99EA6564}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{7AE27985-4058-41A3-A769-62C429EDF64B}] => (Allow) C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{24978AF3-5BF4-4678-9ABE-4D05C6EFF02C}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3CC2153D-EE2A-4145-B59C-E57803511738}] => (Allow) LPort=1900
FirewallRules: [{488AB2E9-1321-4A8E-AFAB-88C3AFBEA48C}] => (Allow) LPort=2869
FirewallRules: [{2B560545-19A6-421C-89F6-10C6D2C9E41B}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{ADF3EC65-35FD-4BBB-A667-4FE2D5C635B9}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9B0513C9-40E8-4CF9-A830-E667EE69E63C}] => (Allow) svchost.exe
FirewallRules: [{B9FE07CD-7D33-4114-BFB9-C0E796252F2A}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
 
==================== Restore Points =========================
 
27-04-2016 03:40:51 Revo Uninstaller's restore point - QuickTime
27-04-2016 07:26:32 Revo Uninstaller's restore point - Java 8 Update 31
27-04-2016 23:59:24 JRT Pre-Junkware Removal
28-04-2016 00:19:09 JRT Pre-Junkware Removal
28-04-2016 23:23:43 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2016 04:45:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbae-svc.exe, version: 1.6.1.1019, time stamp: 0x55241c9f
Faulting module name: mbae-svc.exe, version: 1.6.1.1019, time stamp: 0x55241c9f
Exception code: 0xc0000005
Fault offset: 0x00034c4d
Faulting process id: 0x634
Faulting application start time: 0xmbae-svc.exe0
Faulting application path: mbae-svc.exe1
Faulting module path: mbae-svc.exe2
Report Id: mbae-svc.exe3
 
Error: (04/27/2016 07:18:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TaskMan.exe version 2.1.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1900
 
Start Time: 01d1a0119c51c241
 
Termination Time: 30
 
Application Path: C:\Program Files\Security Task Manager\TaskMan.exe
 
Report Id: 1b06f7c2-0c05-11e6-9d70-0026b6d6e087
 
Error: (04/25/2016 04:06:38 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (04/25/2016 04:06:38 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EE7
 
Error: (04/25/2016 06:45:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary epp.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/25/2016 06:04:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary epp.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/25/2016 05:25:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary epp.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/25/2016 04:24:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary epp.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/25/2016 03:03:56 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
Error: (04/25/2016 03:03:50 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
 
 
System errors:
=============
Error: (04/28/2016 11:24:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/28/2016 11:24:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/28/2016 11:13:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
mddjr
 
Error: (04/28/2016 06:30:08 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (04/28/2016 04:45:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/28/2016 03:22:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (04/28/2016 03:22:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/28/2016 03:22:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/28/2016 03:22:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Backup Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/28/2016 03:22:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 45%
Total physical RAM: 3060.55 MB
Available physical RAM: 1676.44 MB
Total Virtual: 6119.42 MB
Available Virtual: 4412.98 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:141.49 GB) (Free:8.52 GB) NTFS
Drive d: () (Fixed) (Total:141.5 GB) (Free:8.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 3FEF9C7D)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 29 April 2016 - 07:04 AM

Run the RogueKiller tool and fix this item.
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Panda Security Toolbar Antiphishing : "C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [7] -> Found


Delete the folder in bold. It's a remnant folder from Quicktime.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

Internet Explorer is an integral part of the Operating system.
You cannot delete it all. It's protected by the operating system.

I suggest you reinstall the version you previously deleted and then try to get the Windows Updates.

Google this string reinstall windows internet explorer and install the latest version no. 11.

Please let me know the outcome.

#7 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 29 April 2016 - 03:05 PM

While waiting for my computer o restart yesterday after running the fixlog, it suddenly shut down.

 

Will do. By the way, my browser is still slow. At the moment, I am trying to download windows updates..and oh, I tried updating for my adobe applications, but like windows updates and nvdia, I can't seem to download anything. The folder you mentioned has a lock in the thumbnail icon. How do I delete this? I tried deleting it through roguekiller before. Oh.. I just checked.. the said folder seems to be gone, but I haven't deleted it. Where could it be? My cpu usage is still high, about 60%.. I'll run only vlc and see if my system will remain slow and hangs.


Edited by sheen25, 29 April 2016 - 05:53 PM.


#8 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 29 April 2016 - 03:12 PM

I'd like to clarify something.. when I ran FRST, I ran rkill and jrt and adwarecleaner before running the first FRST scan.


Edited by sheen25, 29 April 2016 - 03:14 PM.


#9 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 29 April 2016 - 05:59 PM

So.. I've tried to run only vlc and still..100% cpu usage, I can't download windows updates or nvidia. I ran roguekiller, the newer version and it found these:

 

 

RogueKiller V12.1.4.0 [Apr 25 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : nic j melycan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/30/2016 06:11:55
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff833a7f46 (call dword [0x8436fd14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff8421a468 (call dword [0x842460b4])
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 (TurboPC) +++++
--- User ---
[MBR] 5f195a54e29b421feccad488dd2e7d00
[BSP] cf274af0d769afcbe62d2de1b20a20bb : Kiwi MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 144890 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 328398848 | Size: 144893 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
It didn't detect the panda toolbar,so, I'll go and manually delete it.
Basically, nothing has changed. all of the symptoms persists.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 30 April 2016 - 06:33 AM

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff833a7f46 (call dword [0x8436fd14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff8421a468 (call dword [0x842460b4])


This may be part of the problem.


We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

<<<>>>

p.s.
If you have a CD emulator disable it before running the tools.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

#11 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 April 2016 - 01:07 PM

disabled emulators the defogger disabled text says:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:47 on 01/05/2016 (nic j melycan)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
 
 
-=E.O.F=-
 
it didn't restarted my computer.Ran TDSSkiller and it found nothing. Avast popped a message saying:
"This computer supports Virtualization technology
would you like to use it for rootkit detection?"
 
What should I do? click yes?


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 30 April 2016 - 02:54 PM

Why not.

Let see what it will report.

#13 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 April 2016 - 08:19 PM

Attached File  MBR.zip   527bytes   0 downloadsaswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-05-01 01:52:23
-----------------------------
01:52:23.854    OS Version: Windows 6.1.7601 Service Pack 1
01:52:23.854    Number of processors: 4 586 0x2502
01:52:23.854    ComputerName: NICJMELICAN  UserName: 
01:53:09.034    Initialize success
01:53:09.164    VM: initialized successfully
01:53:09.164    VM: Intel CPU supported 
02:34:35.666    VM: supported disk I/O iaStor.sys
02:44:22.184    AVAST engine defs: 16043001
02:44:35.624    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:44:35.634    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
02:44:35.814    VM: Disk 0 MBR read successfully
02:44:35.824    Disk 0 MBR scan
02:44:35.854    Disk 0 unknown MBR code
02:44:35.884    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
02:44:35.914    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
02:44:35.924    Disk 0 default boot code
02:44:35.954    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       144890 MB offset 31664128
02:44:36.004    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       144893 MB offset 328398848
02:44:36.034    Disk 0 scanning sectors +625139712
02:44:36.214    Disk 0 scanning C:\windows\system32\drivers
02:45:01.267    Service scanning
02:46:06.175    Modules scanning
02:46:06.385    Disk 0 trace - called modules:
02:46:06.425    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
02:46:06.435    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x892cd7c8]
02:46:06.455    3 CLASSPNP.SYS[8cdaa59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87748028]
02:46:07.775    AVAST engine scan C:\windows
02:46:15.761    AVAST engine scan C:\windows\system32
02:47:07.376    File: C:\windows\system32\csrsrv.dll  **INFECTED** Win32:Aluroot-B [Rtk]
02:58:53.206    AVAST engine scan C:\windows\system32\drivers
02:59:56.601    AVAST engine scan C:\Users\nic j melycan
04:01:01.060    AVAST engine scan C:\ProgramData
04:08:56.094    Disk 0 statistics 4210651/0/282 @ 0.73 MB/s
04:08:56.124    Scan finished successfully
09:14:33.677    Disk 0 MBR has been saved successfully to "C:\Users\nic j melycan\Desktop\MBR.dat"
09:14:33.687    The log file has been saved successfully to "C:\Users\nic j melycan\Desktop\aswMBR.txt"
 
 
 
 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 01 May 2016 - 06:38 AM

Run the aswMBR and select the "Fix MBR" button.
Restart the computer normally.

If the problem persists then run this AntiRootkit tool.

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • Internet access
    Windows Update
    Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know.
===

If the problem persists let see if you have a good copy of the csrsrv.dll.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :file
    csrsrv.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

Post the logs and let me know if the problem persists.

#15 sheen25

sheen25
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 01 May 2016 - 05:03 PM

Done reinstalling IExplorer.

Ran the aswMBR and selected the "Fix MBR" button.

Still, problems persists.

Ran MBAR, nothing was found. 

Ran SystemLook log file says:

SystemLook 30.07.11 by jpshortstuff

Log created at 05:42 on 02/05/2016 by nic j melycan
Administrator - Elevation successful
 
========== file ==========
 
csrsrv.dll - Unable to find/read file.
 
-= EOF =-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users