Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

In Chrome - Popups / Links Redirected / File Trys Downloading


  • This topic is locked This topic is locked
9 replies to this topic

#1 virushell

virushell

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 July 2016 - 04:18 PM

I usually have no trouble getting rid of any virus', trojans, spyware and malware. That all changed when I came across this. I have been plagued with quite a pest the past weeks. Basically what is happening is popups are appearing from random urls, links are getting redirected and a file wca.gz trys downloading from a remote location. This all happens in Chrome. Let me explain.

Upon clicking anywhere in the browser window I will get random popups from sites ranging from pc support, virus removal, dating sites to bing search pages displaying the contents of a google search I make if I was searching google at the time (I will paste some examples below). This usually happens on any mouse click to any page in Chrome and will keep repeating itself about 3-5 times before going away for a while (leaving me unable to click on anything within the tab while it happens). It seems to happen at random intervals. Sometimes more than others. The malware is intelligent. Also I get popups from a link that trys downloading a file named wca.gz which upon googling displays no results so im assuming it was a random generated file name to start and has stuck with my browser. The file when ran in a sandbox doesnt open and I havent looked any further into it yet. Im sure these jerks are making a killing off advertising these links.

Some popups links - hxxttp://ketger.com/scz?p=YTE5MzkwMDE2OTWWJKvjjJky3OBbWjIUQnHz98HTo4xXm5Lb2RgCa1gCkOcecUH7%2FRzt0S%2FOOIctEqM780sNN55pIIzLPG4Vmut1YkWQ4ZFBP3Q31Rf%2FCR19MZbPLgMx8%2FugXNNehY4Piaz8d0HG2rDWxbXkLkVScTqdDH%2BjyLB6cCycUOydA3iOr1BYdznRdbbN%2FtV843P9%2B5Dwn%2FaZ1KSe1W28fP25A3JWqyfY5EBBA2xK3C8xZwlYiJkIm%2Fcty3pel8Dkcghizb19GJOcpyoBhqZmou1VQ3oqNTT3mFTo%2FiyvJO4cBqrPydJcQtopqNlAXTn6YCaRq7XgJa6Kp2DGg%2BE3WwhHvAgZB3OEUOaQIHWN9nEKzhAwR6HAHslEZe0v2jaTIB3v5cCVatRvL%2Bg62hgVZRoeIfRNJoMIx18eETssO2RKxWAybVZdTdUp045UgzEZ4m78XXyalHDREARwNT%2BpR2l2w%2BLlJKIBrgLZwbNB8wIL7%2BEayAlY5n%2Bb797GxgcU3V6l5mMeo6upgiVtNVhMb2y8XI095J1qAHlqfbkn2drZh3pzjelM%2FiCI%2BWvq&ia=0&t=1&dpv=98&ndom=5&st=OTQyMTY5NDA0M70BK6Et2U7dfdnR4bUmXbqERPDEDhtsy9vP2vgFxvSxKXo52B6qq3KGPqP%2F0ImgcPk3PkVkBX%2BK1hVY2PXmn2JZbFq%2Bv99MWtEOE8Fum%2Fz9jTwjdWpKpGV7ne4QNnVlV%2FNmXxctYPzVhu3f3onTGt4u8XQxcDUmavwiV95p3dK0TgubM1uztMwaJmisWsqJaWcdPP0G2pGoeK%2BGDN6DTtMJM%2BiQsVPCPuVYuiRULxAqhdNIF3%2Ffd9vuANxQWqmjEGORvPdYNzVvUPD7Ib42rvYiypyvHwAaDzIDa%2F9s6qUFu3%2FPmiitdKrPrqKAR0am7ia6eDTFfr2Fh2soDLDsSzJPSaTCPP7BX%2FhtZHMGqe1m&l=1

which redirects to -  hxxttp://07ooidfg.xyz/us/lp16/us_gen_orange4.php?engsec=5&target=100729&srcetkn=DnDwS4&tmestp=1468177655&flref=http%3A%2F%2Fwww.inbox.com%2F&dmnref=http%3A%2F%2Finbox.com%2F&target=http%3A%2F%2Finbox.com%2F

The above link uses the current page im on as a referrer also. It even says inbox at the top of the page.

Another - https://promos.mcafee.com/offer.aspx?id=969198&clickid=WTb2Lx3Uy30G0T60bQyFST62Ukk0rzyOuSQOQw0&lqmcat=Affiliate:IR:null:264440:11874:11874:null&sharedid=105159

Another -

I noticed also that the domain partners.cmptch.com and others will sit in my status bar trying to load.

Upon googling I found a bunch of links but all seem to be tied one way or another to the scheme (at least what it appears to me) because they are all trying to sell some bogus virus removal software or app uninstaller. Anyway here is a quote from one of them that describes what i see as well.

"Does this sound familiar? You see partners.cmptch.com in your browser’s statusbar while browsing sites that most of the time don’t load any content from third party domains. Perhaps the partners.cmptch.com domain show up when performing a search at the Google search engine?"

I will try to find additional links to post as they appear again.

Now onto the wca.gz file it pops up out of no where and at the moment I cant seem to get it to reproduce just yet so I can grab the url. I will attach it below as well so someone can take a look at it.

Here is the results from FRST -

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Dish (administrator) on interrupter (10-07-2016 14:47:16)
Running from E:\Apps\System\Virus
Loaded Profiles: Dish (Available Profiles: Dish)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
() C:\Program Files\Everything\Everything.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\casc.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Sysinternals - www.sysinternals.com) E:\Apps\System\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Dish\AppData\Local\Temp\procexp64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
() E:\Apps\System\Network\Proxy\psiphon3\psiphon3.exe
() C:\Users\Dish\AppData\Local\Temp\psiphon-tunnel-core.exe
() C:\lproplat\lmpro.exe
() C:\Program Files (x86)\Send-Safe List Manager\sslm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Everything\Everything.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\AMRT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cctray] => C:\Program Files\Total Defense\Internet Security Suite\casc.exe [3479896 2015-12-29] (Total Defense, Inc.)
HKLM\...\Run: [TotalDefenseOnRun] => C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\caaphupd.exe [282456 2015-12-29] (Total Defense, Inc.)
HKLM\...\Run: [TotalDefenseEventManager] => C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe [2671960 2015-12-29] (Total Defense, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4266628 2015-07-20] ()
HKLM-x32\...\Run: [jswtrayutil] => C:\Program Files (x86)\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [RandMAC] => E:\Apps\System\Network\MadMACs\MadMACs.exe [216616 2006-12-11] ()
Winlogon\Notify\PFW:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\Run: [icq.desktop] => C:\Users\Dish\AppData\Roaming\ICQ\bin\icq.exe [31181448 2016-06-29] ()
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\Run: [PSwitch] => C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe [5737528 2016-05-13] (Proxy Switcher)
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\Run: [BackUpManager] => E:\Apps\System\Sencode BackUp Manager\BackUpManager.exe [705024 2004-02-01] ()
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\MountPoints2: {1e47d7c9-9fa3-11e5-829c-001c232bba50} - "I:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\MountPoints2: {23c21b76-08c9-11e6-82c4-001c232bba50} - "I:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\MountPoints2: {23c21bc6-08c9-11e6-82c4-001c232bba50} - "I:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\MountPoints2: {3392fa2a-2444-11e5-8274-001c232bba50} - "I:\HPLauncher.exe"
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\MountPoints2: {4c562276-b308-11e5-82a4-001c232bba50} - "I:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\MountPoints2: {eb2408de-158f-11e5-8274-001c232bba50} - "H:\MotorolaDeviceManagerSetup.exe" -a
Startup: C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-05-18]
ShortcutTarget: Slack.lnk -> C:\Users\Dish\AppData\Local\slack\Update.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-937248571-1348006400-702165345-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-937248571-1348006400-702165345-1001] => http=127.0.0.1:51653;https=127.0.0.1:51653;socks=127.0.0.1:51652
Winsock: Catalog9 01 C:\Windows\system32\VetRedir.dll No File
Winsock: Catalog9 02 C:\Windows\system32\VetRedir.dll No File
Winsock: Catalog9 13 C:\Windows\system32\VetRedir.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\VetRedir64.dll [104280 2015-12-29] (Computer Associates International, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\VetRedir64.dll [104280 2015-12-29] (Computer Associates International, Inc.)
Winsock: Catalog9-x64 13 C:\Windows\system32\VetRedir64.dll [104280 2015-12-29] (Computer Associates International, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 97.64.183.164 97.64.168.13
Tcpip\..\Interfaces\{98DAF34D-0A85-45A5-8502-67574578DDB2}: [DhcpNameServer] 97.64.183.164 97.64.168.13
Tcpip\..\Interfaces\{9B3D49FE-F77A-4C89-88E5-3D89F3B03799}: [DhcpNameServer] 10.45.145.1
Tcpip\..\Interfaces\{D2F94BA0-13AA-4B95-ABD2-39399343E4DE}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-937248571-1348006400-702165345-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://encrypted.google.com/
BHO: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll [2015-12-29] (Total Defense, Inc.)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll [2015-12-29] (Total Defense, Inc.)
Toolbar: HKLM - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll [2015-12-29] (Total Defense, Inc.)
Toolbar: HKLM-x32 - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll [2015-12-29] (Total Defense, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Dish\AppData\Roaming\Mozilla\Firefox\Profiles\4it393cc.default
FF NewTab: hxxps://encrypted.google.com
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://encrypted.google.com
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: Tab Mix Plus - C:\Users\Dish\AppData\Roaming\Mozilla\Firefox\Profiles\4it393cc.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-30]
FF Extension: Smart HTTPS - C:\Users\Dish\AppData\Roaming\Mozilla\Firefox\Profiles\4it393cc.default\Extensions\jid0-oFwt2ZcakHhkFl7Kp4lJn@jetpack.xpi [2016-06-30]
FF Extension: BitComet Video Downloader - C:\Users\Dish\AppData\Roaming\Mozilla\Firefox\Profiles\4it393cc.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2016-04-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF Extension: Total Defense Anti-Phishing Toolbar - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2016-02-12] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-27]
CHR Extension: (Google Docs) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (BitComet Download Extension for Chrome) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhigneefebkcagnpnpbibganpmfgebnk [2016-04-25]
CHR Extension: (Tabs Outliner) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-04-14]
CHR Extension: (Google Sheets) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-27]
CHR Extension: (The QR Code Generator) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-08]
CHR Extension: (Imgur Uploader) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2016-05-31]
CHR Extension: (Total Defense Anti-Phishing Toolbar) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih [2016-02-12]
CHR Extension: (Ghostery) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (The QR Code Extension) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijdcdmnjjgnnhgljmhkjlablaejfeeb [2016-04-28]
CHR Extension: (Gmail) - C:\Users\Dish\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\GoogleChrome\td_aphish_toolbar.crx [2016-02-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMRT; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\AMRT.EXE [280408 2015-12-29] (Total Defense, Inc.)
S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 CaCCProvSP; C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe [365400 2015-12-29] (Total Defense, Inc.)
S3 CAISafe; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe [330584 2015-12-29] (Computer Associates International, Inc.)
R2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [417624 2015-12-29] (Total Defense, Inc.)
S4 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2015-04-09] (Connectify) [File not signed]
R2 Everything; C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] () [File not signed]
S4 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S4 WinSvchostManagerSrv; C:\Windows\SysWOW64\cfgmig32.exe [264024 2015-12-29] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63al.sys [5170176 2013-07-01] (Broadcom Corporation)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [42152 2016-04-24] (Connectify)
R1 cpcacdrv; C:\Windows\System32\drivers\cpcacdrv.sys [58080 2015-09-25] (Chris P.C. srl)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RTL8187B; C:\Windows\system32\DRIVERS\rtl8187B.sys [459336 2013-06-18] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192616 2016-05-13] (Sandboxie Holdings, LLC) [File not signed]
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R1 tdidtheft; C:\Windows\System32\drivers\tdidtheft.sys [55568 2015-04-13] ( )
R1 TsLwWfF; C:\Windows\system32\DRIVERS\TsLwWfF.sys [29384 2013-07-26] (TamoSoft)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2015-12-10] (USBPcap)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 14:46 - 2016-07-10 14:47 - 00000000 ____D C:\FRST
2016-07-10 09:50 - 2016-06-30 14:24 - 00453288 ____R C:\Windows\system32\Drivers\etc\hosts.20160710-095038.backup
2016-07-09 14:45 - 2016-07-09 14:45 - 00023902 _____ C:\Users\Dish\Desktop\blah2.html
2016-07-09 14:44 - 2016-07-09 14:44 - 00011950 _____ C:\Users\Dish\Desktop\blah.html
2016-07-03 14:12 - 2016-07-03 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2016-07-03 14:12 - 2016-07-03 14:12 - 00000000 ____D C:\Program Files\SqliteBrowser3
2016-07-03 08:54 - 1999-05-31 18:00 - 00101888 ____N (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2016-07-03 08:36 - 2016-07-03 08:36 - 00089793 _____ C:\Windows\SysWOW64\svscvs.exe
2016-07-03 08:36 - 2016-07-03 08:36 - 00051733 _____ C:\Windows\SysWOW64\plugin1.dat
2016-07-02 21:14 - 2016-07-02 21:30 - 00000000 ____D C:\Users\Dish\.idlerc
2016-07-02 21:01 - 2016-07-02 21:01 - 00000238 _____ C:\Users\Dish\Desktop\todo2.txt
2016-07-02 20:08 - 2016-07-02 21:47 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.5
2016-07-02 19:52 - 2016-07-02 21:08 - 00000000 ____D C:\Users\Dish\AppData\Local\Package Cache
2016-07-02 14:19 - 2016-07-09 11:52 - 00000000 ____D C:\lproplat
2016-07-02 14:19 - 2016-07-02 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ListMate Pro PLATINUM
2016-07-02 14:19 - 2016-07-02 14:19 - 00000617 _____ C:\Users\Dish\Desktop\ListMate Pro Platinum v1.00.lnk
2016-06-30 16:08 - 2016-07-09 00:08 - 00304945 ____N C:\Windows\Minidump\070916-46000-01.dmp
2016-06-30 16:08 - 2016-07-08 00:14 - 00296241 ____N C:\Windows\Minidump\070816-49750-01.dmp
2016-06-30 16:08 - 2016-07-02 14:02 - 00297777 ____N C:\Windows\Minidump\070216-47015-01.dmp
2016-06-30 14:24 - 2016-05-23 03:13 - 00001620 ____R C:\Windows\system32\Drivers\etc\hosts.20160630-142459.backup
2016-06-28 11:17 - 2016-06-30 16:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-25 22:02 - 2016-06-25 22:02 - 00390296 _____ (Python Software Foundation) C:\Windows\pyw.exe
2016-06-25 22:02 - 2016-06-25 22:02 - 00389272 _____ (Python Software Foundation) C:\Windows\py.exe
2016-06-17 04:59 - 2016-07-09 12:58 - 00000600 _____ C:\Users\Dish\AppData\Roaming\winscp.rnd
2016-06-17 02:50 - 2016-06-17 02:50 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-16 19:20 - 2016-06-16 19:46 - 00002746 _____ C:\Users\Dish\Desktop\modafinil.txt
2016-06-16 10:41 - 2016-07-03 09:53 - 00000000 ____D C:\Users\Dish\AppData\Local\CrashDumps
2016-06-15 20:50 - 2016-06-17 01:29 - 00000000 ____D C:\Users\Dish\AppData\Roaming\FileZilla
2016-06-15 20:49 - 2016-06-15 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-06-15 20:49 - 2016-06-15 20:49 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-06-14 20:56 - 2016-06-03 12:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-14 20:56 - 2016-06-03 08:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 20:56 - 2016-06-02 12:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 20:56 - 2016-05-29 10:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 20:56 - 2016-05-29 10:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-14 20:56 - 2016-05-29 10:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 20:56 - 2016-05-29 10:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 20:56 - 2016-05-29 10:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-14 20:56 - 2016-05-29 10:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 20:56 - 2016-05-18 00:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 20:56 - 2016-05-18 00:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 20:56 - 2016-05-16 16:13 - 00563016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 20:56 - 2016-05-16 16:13 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 20:56 - 2016-05-16 16:13 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 20:56 - 2016-05-16 16:13 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 20:56 - 2016-05-13 18:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-14 20:56 - 2016-05-13 18:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 20:56 - 2016-05-13 18:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 20:56 - 2016-05-13 18:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 20:56 - 2016-05-13 18:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 20:56 - 2016-05-13 17:34 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-14 20:56 - 2016-05-13 17:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 20:56 - 2016-05-13 16:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-14 20:56 - 2016-05-09 16:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-14 20:56 - 2016-05-09 15:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-14 20:56 - 2016-05-09 15:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 20:56 - 2016-05-09 15:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 20:56 - 2016-05-06 10:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 20:56 - 2016-05-06 10:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 20:55 - 2016-04-12 10:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-14 20:55 - 2016-04-12 10:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-14 20:53 - 2016-05-12 13:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 20:53 - 2016-05-12 12:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 20:53 - 2016-05-12 11:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-14 20:53 - 2016-05-12 11:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 20:53 - 2016-05-12 11:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-14 20:53 - 2016-05-12 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 20:53 - 2016-05-12 11:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 20:53 - 2016-05-12 10:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 20:53 - 2016-05-12 10:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-14 20:53 - 2016-05-12 10:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 20:53 - 2016-05-12 10:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-14 20:53 - 2016-05-12 10:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 20:53 - 2016-04-14 10:25 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-14 20:53 - 2016-04-14 10:11 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-14 20:53 - 2016-01-31 14:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-14 20:53 - 2016-01-31 13:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-14 20:53 - 2016-01-31 12:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-14 20:53 - 2016-01-31 12:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-14 20:52 - 2016-05-21 12:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 20:52 - 2016-05-21 11:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 20:52 - 2016-05-20 17:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 20:52 - 2016-05-20 17:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 20:52 - 2016-05-20 17:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 20:52 - 2016-05-20 16:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 20:52 - 2016-05-20 16:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-14 20:52 - 2016-05-20 16:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-14 20:52 - 2016-05-20 16:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 20:52 - 2016-05-20 16:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-14 20:52 - 2016-05-20 16:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 20:52 - 2016-05-20 16:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-14 20:52 - 2016-05-20 16:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-14 20:52 - 2016-05-20 16:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-14 20:52 - 2016-05-20 16:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-14 20:52 - 2016-05-20 16:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-14 20:52 - 2016-05-20 16:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-14 20:52 - 2016-05-20 16:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-14 20:52 - 2016-05-20 16:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 20:52 - 2016-05-20 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-14 20:52 - 2016-05-20 16:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 20:52 - 2016-05-20 16:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-14 20:52 - 2016-05-20 16:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 20:52 - 2016-05-20 16:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-14 20:52 - 2016-05-20 16:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 20:52 - 2016-05-20 16:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 20:52 - 2016-05-20 16:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 20:52 - 2016-05-20 15:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 20:52 - 2016-05-20 15:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 20:52 - 2016-05-20 15:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 20:52 - 2016-05-20 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-14 20:52 - 2016-05-20 15:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 20:52 - 2016-05-20 15:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-14 20:51 - 2016-05-18 18:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 20:51 - 2016-05-18 15:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 20:51 - 2016-05-14 15:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 20:51 - 2016-05-14 15:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 20:51 - 2016-05-13 18:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 20:51 - 2016-05-13 16:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 20:51 - 2016-05-13 16:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 20:51 - 2016-05-13 16:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 20:51 - 2016-05-13 16:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-13 23:38 - 2016-06-14 13:13 - 00001565 _____ C:\Users\Dish\Desktop\todo.txt
2016-06-12 11:28 - 2016-06-12 11:28 - 00002041 _____ C:\Users\Dish\Desktop\WYSIWYG Web Builder 11.lnk
2016-06-12 11:28 - 2016-06-12 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WYSIWYG Web Builder 11
2016-06-12 11:28 - 2016-06-12 11:25 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe
2016-06-12 11:26 - 2016-06-12 11:36 - 00000000 ____D C:\Users\Dish\Documents\WYSIWYG Web Builder
2016-06-12 11:26 - 2016-06-12 11:28 - 00000000 ____D C:\Program Files (x86)\WYSIWYG Web Builder 11
2016-06-12 11:25 - 2016-06-12 11:28 - 00137828 _____ C:\Windows\WYSIWYG Web Builder 11 Setup Log.txt
2016-06-11 16:19 - 2016-06-11 16:19 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screen GIF.lnk
2016-06-11 16:19 - 2016-06-11 16:19 - 00001219 _____ C:\Users\Public\Desktop\Screen GIF.lnk
2016-06-11 15:43 - 2016-06-11 16:19 - 00000000 ____D C:\Program Files (x86)\David Esperalta
2016-06-11 15:43 - 2016-06-11 15:44 - 00000000 ____D C:\Users\Dish\AppData\Roaming\AppBuilder
2016-06-11 15:43 - 2016-06-11 15:43 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Builder.lnk
2016-06-11 15:43 - 2016-06-11 15:43 - 00001231 _____ C:\Users\Public\Desktop\App Builder.lnk
2016-06-11 15:43 - 2016-06-11 15:43 - 00000000 ____D C:\Users\Dish\Documents\AppBuilder
2016-06-10 20:21 - 2016-06-10 20:21 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Dropbox
2016-06-10 20:17 - 2016-06-11 09:11 - 00000000 ____D C:\Users\Dish\AppData\Local\Dropbox
2016-06-10 06:04 - 2016-07-02 19:18 - 00000000 ____D C:\Users\Dish\AppData\Local\Deployment
2016-06-10 06:04 - 2016-06-10 06:04 - 00000000 ____D C:\Users\Dish\AppData\Local\Apps\2.0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-10 14:45 - 2015-02-27 16:57 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-10 14:31 - 2015-05-21 17:41 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Skype
2016-07-10 13:50 - 2015-10-07 10:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-10 11:08 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-10 10:56 - 2015-01-22 22:42 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-937248571-1348006400-702165345-1001
2016-07-10 00:15 - 2016-05-27 01:33 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-07-09 19:11 - 2016-05-08 07:05 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Opt-In List Manager
2016-07-09 15:45 - 2015-02-27 16:57 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-09 00:23 - 2016-05-13 00:55 - 00001668 _____ C:\Windows\Sandboxie.ini
2016-07-09 00:13 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-07-09 00:08 - 2015-02-24 14:05 - 00000000 ____D C:\Windows\Minidump
2016-07-09 00:08 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-09 00:02 - 2015-07-30 06:40 - 00000000 ____D C:\Users\Dish\AppData\Roaming\.purple
2016-07-08 20:48 - 2013-09-29 23:12 - 00876144 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-08 19:58 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2016-07-08 00:20 - 2015-01-22 22:37 - 00000000 ____D C:\Users\Dish
2016-07-07 23:42 - 2013-08-22 09:44 - 01232600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-06 10:49 - 2015-04-29 19:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-06 10:49 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2016-07-06 10:49 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-07-06 10:49 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-07-04 03:02 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-07-03 16:30 - 2015-12-22 11:41 - 00000000 ____D C:\Program Files\Everything
2016-07-03 09:26 - 2015-03-03 11:01 - 00000000 ____D C:\Users\Dish\AppData\Local\ElevatedDiagnostics
2016-07-03 08:39 - 2016-05-07 18:00 - 00000000 ____D C:\Users\Dish\AppData\Local\ApplicationHistory
2016-07-03 04:14 - 2015-08-21 09:30 - 00000000 ____D C:\Users\Dish\AppData\Local\JDownloader v2.0
2016-07-02 22:08 - 2015-05-21 17:39 - 00000000 ____D C:\Users\Dish\AppData\Roaming\vlc
2016-07-02 21:08 - 2015-07-30 14:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-02 17:30 - 2016-05-13 00:49 - 00000000 ____D C:\Program Files\Sandboxie
2016-07-02 17:02 - 2016-04-25 14:57 - 00000000 ____D C:\Users\Dish\AppData\Roaming\BitComet
2016-07-02 15:44 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-01 16:21 - 2015-11-25 18:56 - 00000600 _____ C:\Users\Dish\AppData\Local\PUTTY.RND
2016-06-30 16:56 - 2015-02-27 17:12 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-30 16:50 - 2016-04-21 21:05 - 00000000 ____D C:\Users\Dish\AppData\Roaming\ICQ
2016-06-30 16:15 - 2015-07-05 12:40 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Psiphon3
2016-06-30 16:08 - 2015-04-25 16:29 - 00303409 ____N C:\Windows\Minidump\063016-66140-01.dmp
2016-06-30 16:03 - 2015-02-27 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-30 13:57 - 2016-05-12 22:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-19 23:51 - 2015-11-02 12:45 - 00000000 ____D C:\Users\Dish\AppData\Roaming\tixati
2016-06-19 17:48 - 2015-11-02 12:45 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-06-19 17:48 - 2015-11-02 12:45 - 00000000 ____D C:\Program Files\tixati
2016-06-19 16:35 - 2016-03-06 06:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bit Che
2016-06-19 16:35 - 2016-03-06 06:58 - 00000000 ____D C:\Program Files (x86)\Bit Che
2016-06-19 14:07 - 2015-01-22 22:37 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Adobe
2016-06-19 12:26 - 2016-04-25 06:04 - 00000000 ____D C:\Users\Dish\AppData\Roaming\VidCoder
2016-06-18 00:39 - 2016-05-22 18:53 - 00000008 _____ C:\ProgramData\VYAAUFMZPWSP.SYS
2016-06-17 18:00 - 2016-01-10 15:06 - 00000000 ____D C:\Users\Dish\AppData\Roaming\Slack
2016-06-17 02:50 - 2015-10-07 10:31 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 22:33 - 2015-04-25 16:29 - 00302897 ____N C:\Windows\Minidump\061616-46203-01.dmp
2016-06-16 13:27 - 2015-01-24 01:46 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 13:15 - 2015-01-24 01:46 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 17:27 - 2015-04-25 16:29 - 00291121 ____N C:\Windows\Minidump\061516-42281-01.dmp
2016-06-14 13:13 - 2016-04-25 02:07 - 00000000 ____D C:\Program Files (x86)\DVDMenu
2016-06-14 12:21 - 2016-05-12 22:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-14 12:13 - 2016-04-16 10:34 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 12:13 - 2016-04-16 10:34 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-04-27 19:56 - 2016-05-13 19:56 - 0099384 _____ () C:\Users\Dish\AppData\Roaming\inst.exe
2016-04-27 19:56 - 2016-05-13 19:56 - 0007859 _____ () C:\Users\Dish\AppData\Roaming\pcouffin.cat
2016-04-27 19:56 - 2016-05-13 19:56 - 0001167 _____ () C:\Users\Dish\AppData\Roaming\pcouffin.inf
2016-04-27 19:56 - 2016-05-13 19:56 - 0000055 _____ () C:\Users\Dish\AppData\Roaming\pcouffin.log
2016-04-27 19:56 - 2016-05-13 19:56 - 0082816 _____ (VSO Software) C:\Users\Dish\AppData\Roaming\pcouffin.sys
2016-06-17 04:59 - 2016-07-09 12:58 - 0000600 _____ () C:\Users\Dish\AppData\Roaming\winscp.rnd
2016-03-19 09:53 - 2016-03-19 09:53 - 0004608 _____ () C:\Users\Dish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-07 18:00 - 2016-05-07 18:00 - 0000092 _____ () C:\Users\Dish\AppData\Local\fusioncache.dat
2015-11-25 18:56 - 2016-07-01 16:21 - 0000600 _____ () C:\Users\Dish\AppData\Local\PUTTY.RND
2015-01-24 23:02 - 2015-01-24 23:02 - 0000017 _____ () C:\Users\Dish\AppData\Local\resmon.resmoncfg
2016-05-22 18:53 - 2016-06-18 00:39 - 0000008 _____ () C:\ProgramData\VYAAUFMZPWSP.SYS

Some files in TEMP:
====================
C:\Users\Dish\AppData\Local\Temp\procexp64.exe
C:\Users\Dish\AppData\Local\Temp\psiphon-tunnel-core.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-08 15:58

==================== End of FRST.txt ============================

I have attached Addition.txt

I went ahead and also scanned with HiJackThis. Here are the results.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:14:47 PM, on 7/10/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 47.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Apps\System\Network\Proxy\psiphon3\psiphon3.exe
C:\Users\Dish\AppData\Local\Temp\psiphon-tunnel-core.exe
C:\lproplat\lmpro.exe
C:\Program Files (x86)\Send-Safe List Manager\sslm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
E:\Apps\System\Virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://encrypted.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51653;https=127.0.0.1:51653;socks=127.0.0.1:51652
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Total Defense Anti-Phishing Toolbar Helper - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll
O3 - Toolbar: Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [RandMAC] E:\Apps\System\Network\MadMACs\MadMACs.exe doittoit
O4 - HKCU\..\Run: [icq.desktop] "C:\Users\Dish\AppData\Roaming\ICQ\bin\icq.exe" /startup
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [PSwitch] C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [BackUpManager] E:\Apps\System\Sencode BackUp Manager\BackUpManager.exe
O4 - Startup: Slack.lnk = C:\Users\Dish\AppData\Local\slack\Update.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Total Defense Realtime Scanner (AMRT) - Total Defense, Inc. - C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\AMRT.EXE
O23 - Service: Total Defense Provisioning Service (CaCCProvSP) - Unknown owner - C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
O23 - Service: Total Defense ISafe Service (CAISafe) - Computer Associates International, Inc. - C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe
O23 - Service: Total Defense Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Everything - Unknown owner - C:\Program Files\Everything\Everything.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9318 bytes

Edited by nasdaq, 11 July 2016 - 07:57 AM.


BC AdBot (Login to Remove)

 


#2 virushell

virushell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 10 July 2016 - 04:23 PM

Addition.txt wont attach using the advanced uploader btw. I had to use the old uploader. It is attached now below.
 
"Addition.txt
This upload failed"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
Ran by Dish (2016-07-10 14:49:03)
Running from E:\Apps\System\Virus
Windows 8.1 Pro (Update) (X64) (2015-01-23 03:37:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-937248571-1348006400-702165345-500 - Administrator - Disabled)
ASPNET (S-1-5-21-937248571-1348006400-702165345-1002 - Limited - Enabled)
Dish (S-1-5-21-937248571-1348006400-702165345-1001 - Administrator - Enabled) => C:\Users\Dish
Guest (S-1-5-21-937248571-1348006400-702165345-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Total Defense Anti-Virus (Enabled - Up to date) {F1C8CB64-272B-4224-FAF3-D0420D32B50B}
AS: Total Defense Anti-Virus (Enabled - Up to date) {4AA92A80-0111-4DAA-C043-EB3076B5FFB6}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Anti-Virus (Version: 3.2.0.441 - Total Defense, Inc.) Hidden
App Builder (HKLM-x32\...\{E5AD314B-E52F-4E1A-AE7E-44BA8321B13B}_is1) (Version: - David Esperalta)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - )
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
AVStoDVD 2.8.3 (HKLM-x32\...\AVStoDVD) (Version: 2.8.3 - MrC)
Bit Che (HKLM-x32\...\{D9DA5C41-964F-455F-B5E7-3664519440E8}_is1) (Version: 3.5 build 50 - Convivea Inc.)
BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork)
Bitvise SSH Client - FlowSshNet (x64) (HKLM\...\{3506D54C-E80F-41CE-B95A-91AE1C4DD486}) (Version: 5.37.0.0 - Bitvise Limited)
Bitvise SSH Client - FlowSshNet (x86) (HKLM-x32\...\{4B58203F-1E1E-494B-8265-B0030F9D641C}) (Version: 5.37.0.0 - Bitvise Limited)
Bitvise SSH Client 6.45 (remove only) (HKLM-x32\...\BvSshClient) (Version: 6.45 - Bitvise Limited)
BluffTitler (HKLM-x32\...\BluffTitler) (Version: - Outerspace Software)
calibre (HKLM-x32\...\{6C358B17-1145-46D8-85E0-57FFFCA93BFC}) (Version: 2.56.0 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
ChrisPC Anonymous Connection 1.30 (HKLM-x32\...\{97EEEDC0-00CE-4801-B35A-66C4F474AF9B}_is1) (Version: - Chris P.C. srl)
ChrisPC Anonymous Proxy Pro 6.45 (HKLM-x32\...\{E3D2C66C-A3B8-4BB6-8460-5393D2BCCF18}_is1) (Version: - Chris P.C. srl)
ChrisPC DNS Switch 3.30 (HKLM-x32\...\{ECE17478-56C5-4280-AB67-AC2C2CAFA30F}_is1) (Version: - Chris P.C. srl)
CommView for WiFi (HKLM-x32\...\{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}) (Version: 7.0 - TamoSoft)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.0.5.34877 - Connectify)
Cryptocat (HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\Cryptocat) (Version: 3.1.24 - Nadim Kobeissi)
D'Accord iChords 2.0 (HKLM-x32\...\D'Accord iChords 2.0_is1) (Version: - D'Accord Music Software)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
DIKO 2.47 (HKLM-x32\...\DIKO Free_is1) (Version: - VMesquita)
DNAMigrator (x32 Version: 14.2.0.420 - Total Defense, Inc.) Hidden
DVD Architect Pro 6.0 (HKLM-x32\...\{E0E531A2-17C1-11E2-984D-1040F3E7010F}) (Version: 6.0.237 - Sony)
DVD Menu Studio 1.1 (HKLM-x32\...\DVD Menu Studio_is1) (Version: - MediaChance)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD-lab PRO 2.5 (HKLM-x32\...\DVD-lab PRO 2.5_is1) (Version: - Mediachance)
DVDStyler v2.9.6 (HKLM-x32\...\DVDStyler_is1) (Version: - )
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
FormatFactory 3.9.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.0.0 - Free Time)
GoldenSection Notes (HKLM-x32\...\GoldenSection Notes) (Version: 4.4 (Build 1900) - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.9.3 (HKLM-x32\...\HandBrake) (Version: 0.9.3 - HandBrake)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
ICQ (version 10.0.12094) (HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\icq.desktop) (Version: 10.0.12094 - ICQ)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
kano 15 for xircon (HKLM-x32\...\kano 15 for xircon) (Version: - )
Kingo ROOT version 1.4.3.2539 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.3.2539 - Kingosoft Technology Ltd.)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.68 (HKLM-x32\...\lavfilters_is1) (Version: 0.68 - Hendrik Leppkes)
ListMate Pro PLATINUM 1.02 (HKLM-x32\...\ListMate Pro PLATINUM) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.84 (HKLM\...\MediaInfo) (Version: 0.7.84 - MediaArea.net)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1031 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6313 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6313 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}) (Version: 2.0.50728 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
NaturalReader 14 (HKLM-x32\...\{9BB1F2B5-0A9D-402B-9613-DC5BCF878C22}) (Version: 1.00.0000 - Naturalsoft)
Nero 2016 (HKLM-x32\...\{381DEEC4-636E-4494-99B5-7891DD3AE1CC}) (Version: 17.0.04000 - Nero AG)
Nero 2016 Content Pack (HKLM-x32\...\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opt-In List Filter (HKLM-x32\...\Opt-In Software List Filter_is1) (Version: - )
Opt-In List Manager 1.2.76 (HKLM-x32\...\Opt-In List Manager_is1) (Version: - )
Password Manager XP (HKLM-x32\...\Password Manager XP) (Version: 3.2.670 - CP Lab)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
Proxy Checker 7.4 (build 18) (HKLM-x32\...\Proxy Checker_is1) (Version: - Hell Labs)
ProxySwitcher Standard (HKLM-x32\...\ProxySwitcher Standard_is1) (Version: 5.8.1 - V-Tech LLC)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\{786ed290-9ee6-4b64-a246-93b0a81aaa79}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (64-bit) (HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\{4f4dbee1-1703-4fff-b908-c90dec17bb9d}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Add to Path (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Add to Path (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
RSDLite (HKLM-x32\...\{494CAE58-BBC3-4782-B59F-02F163E4A32B}) (Version: 6.2.4 - Motorola)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Screen GIF (HKLM-x32\...\{459FD9F3-03A9-4732-8ACB-7AC2C9F33EC8}_is1) (Version: - David Esperalta)
SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden
Send-Safe List Manager 1.5 (HKLM-x32\...\Send-Safe List Manager_is1) (Version: - )
Skynet Repair Kit 1.5 (HKLM-x32\...\Skynet Repair Kit_is1) (Version: - WLAN Skynet)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\slack) (Version: 2.0.6 - Slack Technologies)
Sonic ReelDVD (HKLM-x32\...\{E265B87E-C3E5-4338-9889-1579581BF280}) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
The FilmMachine 1.6.1 (HKLM-x32\...\The FilmMachine_is1) (Version: - The Mask Productions)
Tixati (HKLM-x32\...\tixati) (Version: - )
Total Defense Internet Security Suite (HKLM\...\eTrust Suite Personal) (Version: 9.0.0.422 - Total Defense, Inc.)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version: - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VidCoder 1.5.34 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.5.34 - RandomEngy)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Web Proxy Checker (HKLM-x32\...\Web Proxy Checker_is1) (Version: - )
Web Proxy Checker Pro (HKLM-x32\...\Web Proxy Checker Pro_is1) (Version: - )
Wickr Me (HKLM-x32\...\{7668652D-F198-4E7B-8FF4-5E2DC13D9AD7}) (Version: 2.6.0.4 - Wickr Inc.)
WinAVI All-in-One Converter (HKLM-x32\...\WinAVI All-in-One Converter) (Version: 1.7.0.4734 - ZJMedia Digital Technology Ltd.)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 2.0.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.1 - The Wireshark developer community, hxxps://www.wireshark.org)
WYSIWYG Web Builder 11 (HKLM-x32\...\WYSIWYG_Web_Builder_11) (Version: - )
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XiRCON 1.0B4 (HKLM-x32\...\XiRCON 1.0B4) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-937248571-1348006400-702165345-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DB22778-655A-466A-88CA-E3059901F5CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {1551713A-F6E0-4B2F-91D2-1716C71D5603} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {16FCECBC-5637-47F0-A409-E40ACE509A9D} - System32\Tasks\{4F32829F-A5CD-4766-AB8A-1CCB26D5F67C} => pcalua.exe -a "D:\torrents\ReelDVD 3.1.3 PARADOX\Setup.exe" -d "D:\torrents\ReelDVD 3.1.3 PARADOX"
Task: {236DA8EB-BA03-448C-B759-109F9C6C9A76} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {247DA3B2-E4A5-41A5-BAC1-C400A3189F29} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {4596182C-8185-4B8C-BA6A-3A0D7EB0B8FA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-17] ()
Task: {5830AD91-B844-4C24-9836-8AD99D3974C9} - System32\Tasks\{48488142-DB02-400A-ADDC-EE8780D251BD} => pcalua.exe -a C:\Users\Dish\Downloads\VCDEasy_v3.1.0_Setup.exe -d C:\Users\Dish\Downloads
Task: {5CE15149-F8CD-4DB2-9A9F-77CF5459FF91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {6A0C2A35-7625-44D1-99B4-01B148AC28A6} - System32\Tasks\CommView for WiFi Update => C:\Program Files (x86)\CommViewWiFi\Updater.exe [2013-09-09] (TamoSoft)
Task: {84F51CBB-4002-4C14-A713-9F18138363A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {874DF87A-D810-441A-A13D-B643061B88C1} - System32\Tasks\{DCD78B27-9287-435D-8D7E-F5E78BD28099} => pcalua.exe -a "C:\Program Files\7-Zip\7zFM.exe" -d D:\torrents -c "D:\torrents\DVD-lab PRO v2.51 + Patch.rar"
Task: {9C26BC47-75B8-4F3C-A87F-F5A1BA50FA79} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {BDC1C20A-EBAD-4554-A84E-20E90A03A649} - System32\Tasks\{B77EFF6B-3562-46E8-980A-D0913CA4DDA2} => pcalua.exe -a L:\SORT\Img\_SORT\APhotoshop.Collection\APCollection\APCollection\Portable_PS_8.exe -d L:\SORT\Img\_SORT\APhotoshop.Collection\APCollection\APCollection
Task: {BDC41A05-9004-48F5-B8DF-18FE08B0C7BC} - System32\Tasks\{3876D3FA-BD2B-41E1-A392-50E2416BB49D} => pcalua.exe -a E:\Pictures\APCollection\Portable_PS_8.exe -d E:\Pictures\APCollection
Task: {C2D0CF30-D0D0-402A-9CD1-ECDCEC8340DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {D3261437-1DCF-499D-A172-4A4BC5700D20} - System32\Tasks\{121D5474-A722-4FE7-B788-A058C19F2329} => pcalua.exe -a "K:\SORT\Work\GLOBAL_BULKING\89harddrive\2\BULK\bulker228\bulkerstorm\Bulker v2.28.exe" -d K:\SORT\Work\GLOBAL_BULKING\89harddrive\2\BULK\bulker228\bulkerstorm

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Image-Line website.lnk -> hxxp://www.image-line.com/ (No File)
Shortcut: C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Advanced\Diagnostic.lnk -> hxxp://www.image-line.com/diagnostic (No File)
Shortcut: C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\Download Deckadance.lnk -> hxxp://www.deckadance.com/ (No File)
Shortcut: C:\Users\Dish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 10\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk/ (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-02-12 22:53 - 2015-04-13 05:20 - 01128448 _____ () C:\Program Files\Total Defense\Internet Security Suite\log4cplusU.dll
2015-12-22 11:41 - 2014-08-05 20:04 - 01441792 _____ () C:\Program Files\Everything\Everything.exe
2016-05-27 07:19 - 2016-05-27 07:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-02-12 22:53 - 2015-12-29 05:04 - 01137496 _____ () C:\Program Files\Total Defense\Internet Security Suite\SQLite3.dll
2016-06-17 01:03 - 2016-05-18 07:21 - 05146728 _____ () E:\Apps\System\Network\Proxy\psiphon3\psiphon3.exe
2016-05-07 16:28 - 2016-07-09 01:08 - 11876048 ____N () C:\Users\Dish\AppData\Local\Temp\psiphon-tunnel-core.exe
2016-07-02 14:27 - 2003-02-11 02:04 - 02175488 _____ () C:\lproplat\lmpro.exe
2016-04-29 02:35 - 2005-11-24 00:23 - 00559616 _____ () C:\Program Files (x86)\Send-Safe List Manager\sslm.exe
2016-05-12 22:12 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-12 22:12 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-05-12 22:12 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-14 13:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-07 14:40 - 2016-05-07 14:40 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2016-05-07 14:40 - 2016-05-07 14:40 - 03462702 _____ () C:\Program Files (x86)\Notepad++\plugins\NppBookmarkManager.dll
2016-05-17 17:42 - 2016-05-17 17:42 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2016-07-02 14:19 - 2004-02-11 01:48 - 00004608 _____ () C:\lproplat\sx32w.dll
2016-07-02 14:19 - 2003-11-23 00:00 - 00217088 _____ () C:\lproplat\libmysql.dll
2016-06-30 16:55 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-30 16:55 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7904 more sites.

IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\123simsen.com -> www.123simsen.com

There are 7901 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-05-13 15:49 - 2016-07-10 10:16 - 00001620 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 cap.cyberlink.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 www.vso-software.fr
127.0.0.1 vso-software.fr127.0.0.1 vso-software.fr
127.0.0.1 www.chris-pc.com
127.0.0.1 chris-pc.com
127.0.0.1 proxy.chris-pc.com
127.0.0.1 anonymousproxy.how
127.0.0.1 naturalreaders.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-937248571-1348006400-702165345-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dish\Pictures\w095.jpg
DNS Servers: 97.64.183.164 - 97.64.168.13
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3
MSCONFIG\Services: Connectify => 2
MSCONFIG\Services: Everything => 2
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: WinSvchostManagerSrv => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "jswtrayutil"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\StartupApproved\Run: => "icq.desktop"
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\StartupApproved\Run: => "PSwitch"
HKU\S-1-5-21-937248571-1348006400-702165345-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-07-2016 11:24:01 Scheduled Checkpoint
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2016 11:24:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/10/2016 09:27:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x264c
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:27:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x3aac
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:26:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x2d4c
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:26:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: SQLite3.dll, version: 1.0.0.1, time stamp: 0x4cfd09c3
Exception code: 0xc0000005
Fault offset: 0x000000000000275f
Faulting process ID: 0x3bf0
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:25:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x3908
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:25:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x3bdc
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:24:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x3854
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:24:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000002864d
Faulting process ID: 0x3a20
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5

Error: (07/10/2016 09:23:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AMRT.EXE, version: 3.2.0.441, time stamp: 0x5681e737
Faulting module name: AMSDK.dll_unloaded, version: 3.2.0.441, time stamp: 0x5681e7cd
Exception code: 0xc0000005
Fault offset: 0x000000000004b960
Faulting process ID: 0x3bbc
Faulting application start time: 0xAMRT.EXE0
Faulting application path: AMRT.EXE1
Faulting module path: AMRT.EXE2
Report ID: AMRT.EXE3
Faulting package full name: AMRT.EXE4
Faulting package-relative application ID: AMRT.EXE5


System errors:
=============
Error: (07/10/2016 10:57:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: microsoft.windowscommunicationsapps.

Error: (07/10/2016 10:57:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.BingFoodAndDrink.

Error: (07/10/2016 10:57:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.ZuneVideo.

Error: (07/10/2016 10:57:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.ZuneVideo.

Error: (07/10/2016 10:57:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.XboxLIVEGames.

Error: (07/10/2016 10:57:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070057: Microsoft.ZuneMusic.

Error: (07/10/2016 10:57:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.BingHealthAndFitness.

Error: (07/10/2016 10:57:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.BingSports.

Error: (07/10/2016 10:57:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.BingWeather.

Error: (07/10/2016 10:57:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d0a: Microsoft.ZuneMusic.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 4085.97 MB
Available physical RAM: 1897 MB
Total Virtual: 7413.97 MB
Available Virtual: 4515.06 MB

==================== Drives ================================

Drive c: (OS 8) (Fixed) (Total:137.63 GB) (Free:98.66 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:116.85 GB) (Free:9.56 GB) NTFS
Drive e: (Utilities) (Fixed) (Total:156.25 GB) (Free:47.25 GB) NTFS
Drive g: (Temp) (Fixed) (Total:54.69 GB) (Free:53.79 GB) NTFS
Drive h: (SEAGATE) (Fixed) (Total:931.51 GB) (Free:30.86 GB) NTFS
Drive k: (1GB_USB) (Removable) (Total:0.94 GB) (Free:0.61 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E022AF37)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=350 MB) - (Type=42)
Partition 3: (Not Active) - (Size=273.1 GB) - (Type=42)
Partition 4: (Not Active) - (Size=137.6 GB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 86D67FD1)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 961 MB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 July 2016 - 08:00 PM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 11 July 2016 - 08:12 PM

Greetings virushell and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Addition.txt
  • CKScanner report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 14 July 2016 - 06:07 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 virushell

virushell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 15 July 2016 - 08:38 AM

I still need help. Waiting to hear from the experts.
 
I tried to upload the wca.gz file but it fails on both standard and advanced installer.
 
I have used the site filedropper to post it here for further inspection.
 
Here it is - **link removed**

Edited by Oh My!, 15 July 2016 - 09:40 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 15 July 2016 - 09:41 AM

I have no idea what you are talking about. If you want help in the Malware Forum please uninstall all illegal software from your computer and run the CKScanner program as requested above.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#7 virushell

virushell
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 16 July 2016 - 04:45 PM

"Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic."

 

What programs?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 16 July 2016 - 04:50 PM

Please run CKScanner as instucted in Post #3.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 19 July 2016 - 08:22 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:15 AM

Posted 21 July 2016 - 08:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users