Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MPC has a hold of My Computer Help Please


  • This topic is locked This topic is locked
6 replies to this topic

#1 Michael Ortega

Michael Ortega

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 31 August 2016 - 12:08 PM

I have windows 7 64 bit system core i7 system please help me get rid of this thing

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Michael (administrator) on MICHAEL-PC (31-08-2016 09:03:27)
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael & UpdatusUser & Scrub & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [3509000 2015-04-01] (Datpol)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] => C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
BootExecute: autocheck autochk /r \??\E:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Tcpip\Parameters: [DhcpNameServer] 209.165.131.12 209.165.131.13
Tcpip\..\Interfaces\{61E47C75-AC17-423F-A637-DBA446C93C16}: [DhcpNameServer] 209.165.131.12 209.165.131.13
Tcpip\..\Interfaces\{F92E4F00-1027-4F9C-A9BA-8C0249861435}: [DhcpNameServer] 10.60.4.28 10.10.161.72 10.10.161.73 209.165.131.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> DefaultScope {0526109F-9D89-42C1-BBDE-94BE0850259F} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> {0526109F-9D89-42C1-BBDE-94BE0850259F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2015-12-10] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907
FF Homepage: hxxps://mail.ru/cnt/11956636?fr=ffhp1.0.3&gp=800000
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Michael\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-24] (Octoshape ApS)
FF Extension: (Shortly URL Shortner) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\extensions\shortly@aloshbennett.in.xpi [2016-06-27]
FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\Extensions\homepage@mail.ru [2016-08-30]
FF Extension: (Поиск@Mail.Ru) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\Extensions\search@mail.ru [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-05-25]
 
Chrome: 
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://mail.ru/cnt/10445?gp=811013"
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.11
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-06-24]
CHR Extension: (EarthViewer) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgifojgfignanpkhcigcbfjlfndkmkb [2016-06-30]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-24]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.ZRFUKBGQPRMBRKHCRSIOZD64ZY - C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-01-20] (Kaspersky Lab ZAO)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe [44032 2015-04-01] (Datpol) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-01-20] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-25] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-25] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-20] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [422152 2015-04-01] (SpyShelter) [File not signed]
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Premium\SpyshelterKb.sys [169224 2015-03-26] (SpyShelter) [File not signed]
U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-05-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 09:03 - 2016-08-31 09:03 - 00024222 _____ C:\Users\Michael\Downloads\FRST.txt
2016-08-31 09:02 - 2016-08-31 09:03 - 00000000 ____D C:\FRST
2016-08-31 09:02 - 2016-08-31 09:02 - 02397696 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2016-08-31 08:45 - 2016-08-31 08:46 - 01747968 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2016-08-31 07:45 - 2016-08-31 07:45 - 00097680 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-31 07:36 - 2016-08-31 07:42 - 04920040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-31 07:16 - 2016-08-31 07:35 - 00000978 _____ C:\Windows\ntbtlog.txt
2016-08-31 07:15 - 2016-08-31 07:15 - 00000879 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-30 22:24 - 2016-08-30 22:27 - 02915320 _____ (Google) C:\Users\Michael\Downloads\chrome_cleanup_tool (1).exe
2016-08-30 22:14 - 2016-08-30 22:20 - 22851472 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-08-30 20:58 - 2016-08-30 21:00 - 05198336 _____ (AVAST Software) C:\Users\Michael\Downloads\aswMBR.exe
2016-08-30 20:57 - 2016-08-30 20:58 - 00216170 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_20.57.31_log.txt
2016-08-30 20:55 - 2016-08-30 20:56 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Michael\Downloads\tdsskiller (1).exe
2016-08-30 20:44 - 2016-08-30 20:44 - 00022623 _____ C:\ComboFix.txt
2016-08-30 20:29 - 2016-08-30 20:31 - 05660313 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2016-08-30 18:03 - 2016-08-30 18:03 - 00000000 ____D C:\Program Files\Sound+
2016-08-30 17:55 - 2016-08-30 17:57 - 00000000 ____D C:\Users\Michael\AppData\Local\Mail.Ru
2016-08-29 16:39 - 2016-08-29 16:39 - 00000000 ____D C:\Users\Michael\AppData\Local\Deployment
2016-08-29 16:39 - 2016-08-29 16:39 - 00000000 ____D C:\Users\Michael\AppData\Local\Apps\2.0
2016-08-25 17:29 - 2016-08-25 18:04 - 00000000 ____D C:\Users\Michael\Documents\My Kindle Content
2016-08-25 17:29 - 2016-08-25 17:29 - 00002227 _____ C:\Users\Michael\Desktop\Kindle.lnk
2016-08-25 17:29 - 2016-08-25 17:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-08-25 17:29 - 2016-08-25 17:29 - 00000000 ____D C:\Users\Michael\AppData\Local\Amazon
2016-08-25 17:24 - 2016-08-25 17:25 - 66682856 _____ (Amazon.com) C:\Users\Michael\Downloads\KindleForPC-installer-1.17.44170.exe
2016-08-25 16:40 - 2016-08-25 16:40 - 15871862 _____ C:\Users\Michael\Downloads\just-to-be-ith-you.swf
2016-08-25 16:26 - 2016-08-25 16:26 - 09361226 _____ C:\Users\Michael\Desktop\just to be ith you.flv
2016-08-24 10:44 - 2016-08-24 10:46 - 71835963 _____ C:\Users\Michael\Downloads\newscall (3).zip
2016-08-24 10:43 - 2016-08-24 10:43 - 12984571 _____ C:\Users\Michael\Downloads\newscall (2).zip
2016-08-24 10:40 - 2016-08-24 10:40 - 22933984 _____ C:\Users\Michael\Downloads\newscall (1).zip
2016-08-23 07:24 - 2016-08-23 07:24 - 00000000 ____D C:\Users\Michael\Desktop\PSA
2016-08-19 08:38 - 2016-08-30 18:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Maxthon App Store
2016-08-19 08:38 - 2016-08-19 08:38 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-08-19 08:36 - 2016-08-19 08:36 - 01558792 _____ (Maxthon International ltd.) C:\Users\Michael\Downloads\mxsetup.exe
2016-08-18 21:09 - 2016-08-18 21:09 - 77866238 _____ C:\Users\Michael\Downloads\Free_Watercolor_Photoshop_Brushes_6.zip
2016-08-17 05:52 - 2016-07-08 07:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 05:52 - 2016-07-08 07:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-14 18:45 - 2016-08-14 18:45 - 00002029 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2016-08-14 18:45 - 2016-08-14 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2016-08-14 18:44 - 2016-08-14 18:44 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2016-08-14 18:44 - 2016-08-14 18:44 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2016-08-14 18:44 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-08-14 18:44 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-08-10 14:26 - 2016-08-10 14:27 - 105130617 _____ C:\Users\Michael\Downloads\How To Install Replace Do a Front Brake Job 2002-07 Jeep Liberty.mp4
2016-08-10 14:19 - 2016-08-10 14:19 - 27441735 _____ C:\Users\Michael\Downloads\Jeep Liberty Front brakes tutorial.mp4
2016-08-10 14:14 - 2016-08-10 14:14 - 26773539 _____ C:\Users\Michael\Downloads\How to install brake pads on 2012 Jeep Liberty..mp4
2016-08-10 07:33 - 2016-07-08 07:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 07:33 - 2016-07-08 07:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 07:33 - 2016-07-08 07:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 07:33 - 2016-07-08 07:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 07:33 - 2016-07-08 07:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 07:33 - 2016-07-08 07:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 07:33 - 2016-07-08 07:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 07:33 - 2016-07-08 06:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 07:33 - 2016-07-08 06:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 07:33 - 2016-07-08 06:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 07:33 - 2016-07-08 06:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 07:33 - 2016-07-08 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 07:33 - 2016-07-08 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 08:26 - 2014-11-24 16:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-31 08:26 - 2014-11-24 13:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-31 08:22 - 2016-07-26 08:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA.job
2016-08-31 08:13 - 2016-04-12 06:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 07:49 - 2009-07-13 20:45 - 00028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 07:49 - 2009-07-13 20:45 - 00028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 07:42 - 2009-07-13 21:13 - 00832650 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-31 07:42 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-08-31 07:36 - 2014-12-11 19:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-31 07:36 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 07:18 - 2016-05-21 15:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 22:30 - 2016-06-24 08:54 - 00001343 _____ C:\Users\Michael\Desktop\Google Chrome.lnk
2016-08-30 22:27 - 2016-05-22 14:12 - 00000000 ____D C:\Users\Michael\Desktop\Security
2016-08-30 22:10 - 2014-11-20 14:46 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E53B5D26-3FD0-4310-8339-A37A7F4B0971}
2016-08-30 21:57 - 2015-10-27 08:52 - 00000000 ____D C:\Users\Michael\Desktop\KENI
2016-08-30 21:35 - 2014-11-24 16:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-30 20:44 - 2015-04-26 15:30 - 00000000 ____D C:\Qoobox
2016-08-30 20:42 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-08-30 19:55 - 2015-12-27 22:21 - 00000000 ____D C:\Users\Michael\Downloads\Security
2016-08-30 18:13 - 2016-05-22 14:13 - 00000000 ____D C:\Users\Michael\Desktop\Software
2016-08-30 17:57 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-30 17:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-08-30 12:22 - 2016-07-26 08:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core.job
2016-08-30 05:42 - 2015-03-25 10:48 - 00000000 ____D C:\Users\Scrub
2016-08-30 05:42 - 2015-01-07 19:16 - 00000000 ____D C:\Users\DefaultAppPool
2016-08-30 05:42 - 2014-12-11 19:06 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-08-30 05:33 - 2014-12-11 19:06 - 00000000 ____D C:\Users\UpdatusUser
2016-08-27 20:49 - 2016-06-17 21:15 - 00000000 ____D C:\Users\Michael\Desktop\Songs
2016-08-25 16:18 - 2015-03-09 17:52 - 00000000 ____D C:\Users\Michael\Documents\Adobe
2016-08-24 22:56 - 2015-01-27 22:44 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-08-24 18:31 - 2016-04-28 17:01 - 00014336 _____ C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-24 18:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-23 05:28 - 2015-01-27 21:21 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SpyShelter
2016-08-22 07:48 - 2016-07-17 20:40 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-17 16:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 18:52 - 2016-02-22 00:24 - 10787557 _____ C:\Users\Michael\Downloads\Michael Ortega The Christmas Song Cover.mp4
2016-08-10 11:02 - 2014-12-17 12:58 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 11:02 - 2014-11-24 14:32 - 00000000 ____D C:\Windows\system32\MRT
2016-08-08 13:24 - 2016-06-24 08:54 - 00002388 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-04 13:58 - 2015-07-23 13:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 22:05 - 2015-03-25 11:30 - 00000000 ____D C:\Users\Scrub\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2014-12-13 21:04 - 2015-04-11 18:02 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-11-05 22:01 - 2015-11-05 22:01 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2015-05-18 18:00 - 2016-02-12 07:51 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-04-28 17:01 - 2016-08-24 18:31 - 0014336 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-09 10:43 - 2015-10-09 10:43 - 0007633 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-04-22 10:56 - 2015-04-22 10:56 - 0000000 _____ () C:\Users\Michael\AppData\Local\{030BEF1C-EB57-4A72-B894-A2479E90FFEA}
2014-12-12 18:47 - 2014-12-12 18:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2016-08-16 00:42
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Michael (31-08-2016 09:05:14)
Running from C:\Users\Michael\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-12-12 03:53:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1827762118-2228905662-1016877455-500 - Administrator - Disabled)
Guest (S-1-5-21-1827762118-2228905662-1016877455-501 - Limited - Disabled)
Michael (S-1-5-21-1827762118-2228905662-1016877455-1000 - Administrator - Enabled) => C:\Users\Michael
Scrub (S-1-5-21-1827762118-2228905662-1016877455-1004 - Limited - Enabled) => C:\Users\Scrub
UpdatusUser (S-1-5-21-1827762118-2228905662-1016877455-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
$APPNAME> 2.31 (HKLM-x32\...\Bytescout XLS Viewer_is1) (Version: 2.31 - Bytescout Software)
Actron Scanning Suite (HKLM-x32\...\{7572B8A1-72A2-448E-8F69-1A3506800D67}) (Version: 4.000.0025 - Actron)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Production Premium (HKLM-x32\...\{F3E41C2A-3A29-476D-9685-3F8055AF696A}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.01 - NCH Software)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DJ3520FWUpdateAlert (x32 Version: 2.00.0000 - HP) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Google Chrome (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Infinite HD™ App (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.2.12 - LG Electronics)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 48.0.1 (x86 en-US) (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
NVIDIA 3D Vision Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Seterra 4.04 (HKLM-x32\...\{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1) (Version: 4.04 - Marianne Wartoft AB)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyShelter Premium 9.8 (HKLM\...\SpyShelter_is1) (Version: 9.8 - Datpol)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Tracktion (HKLM-x32\...\Tracktion4) (Version:  - )
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Unity Web Player (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\7A3873EEB4807FBDE9271D1C3DA50F100D5B8A7D) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\C6554C9DFBD939292E343034D2836B952A9D4B66) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports  (01/07/2010 2.0.0) (HKLM\...\BA81E6D589C849EA72D1C2CF16057B36C83BAEA8) (Version: 01/07/2010 2.0.0 - SPX Service Solutions, Inc)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.32 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1A2577B7-4A92-4911-96BE-3D7CBDBF528D} - System32\Tasks\Opera scheduled Autoupdate 1417738648 => C:\Program Files (x86)\Opera\launcher.exe
Task: {26A0E188-DD94-4197-A57C-BE5AC1E6746D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3B631A38-1BE4-4E23-848D-2C86C0F50D35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {4923A4D6-3C13-426F-9BC1-D8CE3F02EC3D} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-07-10] (ASUSTeK Computer Inc.)
Task: {5428510E-4376-485E-BA18-9D265237B42D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {5942DBA4-B34A-473B-BB98-F878C13A5808} - System32\Tasks\{A62B2A98-1605-4FBF-A15C-D30A07D338CF} => pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp2_MEI_Intel_Win7_64_Z8031427.zip\setup.exe <==== ATTENTION
Task: {59DA36D4-7DB6-4FA4-B696-B87CCD4D61E5} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {60B1700B-A652-40F0-B399-193653A35ACE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {88E2AF89-F57A-419B-9503-5F0977704E0D} - System32\Tasks\{1339ADD2-521B-44C9-B73D-DC1119D7F109} => pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp1_Wireless_Console_3_Win7_64_Z3032.zip\Setup.exe <==== ATTENTION
Task: {950E77F2-BEC1-4898-8A5A-2C8B58B1D3ED} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1827762118-2228905662-1016877455-1000
Task: {9CFF15DC-1D4F-49C4-811E-030B992BA3BD} - System32\Tasks\{71D4116D-E43F-4549-8ACF-D3D72D5468CC} => pcalua.exe -a "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe" -d "C:\Program Files (x86)\Belkin\Router Setup and Monitor"
Task: {A4D11582-BB2B-4282-949F-35AE6440AEE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {B49BC6B8-750B-4988-AC61-1A4579FACF34} - System32\Tasks\{D3A8C991-0F15-43D7-82A6-81E92C4BC188} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\AutoPlayer.exe [2012-12-19] ()
Task: {C1A3C126-D2B3-4A52-A6D3-6603E82EC95B} - System32\Tasks\AdobeAAMUpdater-1.0-Michael-PC-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {D8CC32D7-BA48-47F9-9089-F2B6D932CC08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E61A9E3F-28F8-4A43-AAE3-2D34CB273EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {EF479796-E452-4166-8501-1FBD7F2B3ED8} - System32\Tasks\{460F8355-A3E0-4050-84CA-93495CC95168} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe
Task: {F5742DB0-BB2B-4EAB-8FAA-714274951AD8} - System32\Tasks\{D60A81DC-276A-424E-8CB1-4C913A3C2C85} => pcalua.exe -a "C:\Users\Michael\Downloads\ezgrabbersoftware\EZ Grabber\MPEG4Codec\WMFEncoder.exe" -d "C:\Users\Michael\Downloads\ezgrabbersoftware\EZ Grabber\MPEG4Codec"
Task: {FE47A961-0519-43C2-B63E-D76D4B7C6472} - System32\Tasks\{2E2EE6A7-2456-4AEB-9313-DBAFB723ED9F} => pcalua.exe -a E:\Drivers\Wireless_Console_3_Win7_64_Z3032\vcredist_x86.exe -d E:\Drivers\Wireless_Console_3_Win7_64_Z3032
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Michael\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
 
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\EarthViewer.lnk -> C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emgifojgfignanpkhcigcbfjlfndkmkb
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 12:13 - 2012-02-21 13:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-11-21 12:03 - 2012-07-11 16:51 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-21 12:03 - 2012-07-11 16:51 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2016-08-08 13:24 - 2016-08-02 16:24 - 01771336 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 13:24 - 2016-08-02 16:23 - 00094024 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\52.0.2743.116\libegl.dll
2014-11-21 12:13 - 2012-02-21 13:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Michael\AppData\Local\ok2TjM28A:uSPKzKub7Tp1U7bzDWxllfrzj1i [2190]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:63MAdpyY1TlBggcQh5M3 [2090]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:XjdPWZUNKaGV3SPUMB4PcMh [1878]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\mpc.am -> hxxp://search.mpc.am
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2016-08-30 20:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.165.131.12 - 209.165.131.13
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D => "C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: HP Deskjet 3520 series (NET) => "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26D12DRK05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\Michael\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{7E6898E5-5496-4804-A40E-1A00071E1801}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E550772D-10A9-417F-A021-606C41DC3DA4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{341719B7-8364-4B3A-86BF-F438F03E3DD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5879BEE3-AA6A-417F-8509-95717A3B8BD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A49CB21F-1D97-48F4-B4A7-79BADAC3DFFB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1BC8C8E2-BF65-409A-AEAD-66B728082903}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D21F061C-22EB-4019-AD98-4789FB9061D5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0550FF54-ABB9-47C4-9ADF-97428FC3A1E0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{71492289-B1F0-4628-B46E-68BD00860373}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{272F3B85-75DD-47B7-BBA9-11BFED79DC69}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{F21853DB-D900-440C-B9A3-EC6A4CABFAB7}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7FC37539-7DA0-4198-BB23-0030BC7379AC}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7A48C20F-9106-4E14-811D-8BF7C39FD613}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD580075-61B5-4653-A70B-1CD8C014F76E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{81EA210D-FA70-4448-B47C-DA8B17EEF0C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6BDAABB-7E66-4833-850F-66F378D53B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DE48B6B-0DFA-4BF8-9E7C-A6C19AF881DB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{DACE6D1C-9F21-4D6B-A21D-BE3C754C9133}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
FirewallRules: [{101791C6-162C-4C37-A526-2819EBD14F9E}] => (Allow) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{6977555A-8BFC-4B0F-964A-F4C6813BCFB5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{920CD8F7-9F30-47E1-B88C-536E510A6536}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CDC90B04-9245-4B76-B4DF-F95883CD5EFA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{ECEB1913-C04F-4ECB-9C89-FE36B2CF178F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{C22EFED0-5D6A-4564-8467-5EFF03981877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A55A67D3-F0AB-44BB-8ECE-3A44FB18F5CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18FD9D20-821F-492E-A228-E14F44A2F8C0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{26267C13-F6C9-4AD4-8FF4-13C52B13E45C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{C1554CAA-D410-4C91-9521-C710C4636B28}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D931543B-240E-4896-B5CE-1F40F0FD4141}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D4715DC5-065B-42D9-8847-6993FB7B2E30}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{B85D5FA5-C902-4528-9246-9D3B9B431118}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{A09C11F5-F8AD-40B4-9D71-472DD5D0920E}] => (Allow) C:\Users\Michael\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{7964C764-603F-4DA8-B342-FB748C188A19}] => (Allow) C:\Users\Michael\AppData\Local\Temp\MPCOnline\MPCDownload.exe
 
==================== Restore Points =========================
 
27-08-2016 03:00:18 Windows Update
27-08-2016 09:50:49 Windows Update
28-08-2016 03:00:16 Windows Update
28-08-2016 08:48:14 Windows Update
28-08-2016 14:27:47 Windows Update
28-08-2016 16:50:26 Windows Update
28-08-2016 23:40:25 Windows Update
29-08-2016 12:37:00 Windows Update
29-08-2016 21:23:50 Windows Update
30-08-2016 10:43:58 Windows Update
31-08-2016 03:00:15 Windows Update
31-08-2016 04:44:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/31/2016 07:37:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:28 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (08/31/2016 07:37:28 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:27 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
 
System errors:
=============
Error: (08/31/2016 08:58:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:58:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:48:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:48:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:38:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:38:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:28:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:28:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:18:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:18:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-30 20:42:28.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 20:42:28.706
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 20:42:28.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 20:42:28.612
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.637
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-26 15:36:59.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-26 15:36:59.813
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 8151.92 MB
Available physical RAM: 4632.2 MB
Total Virtual: 16302.02 MB
Available Virtual: 12162.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.29 GB) (Free:760.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:16 PM

Posted 01 September 2016 - 06:08 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 01 September 2016 - 09:28 AM

Now my browsers won't connect to the internet receive the error message "There is no Internet Connection"  your computer is offline...but according to my Internet connections box I am connected. I am sending this from a different computer
 
 
# AdwCleaner v5.028 - Logfile created 14/01/2016 at 09:35:26
# Updated 04/01/2016 by Xplode
# Database : 2016-01-12.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Desktop\MONEY\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
 
***** [ Web browsers ] *****
 
[C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9hfu8f8x.default\prefs.js] [Preference] Found : user_pref("browser.safebrowsing.appRepURL", "hxxps://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
[C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\9hfu8f8x.default\prefs.js] [Preference] Found : user_pref("browser.safebrowsing.enabled", false);
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Michael\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Michael\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Scrub\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search-results.com
[C:\Users\Scrub\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Scrub\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1844 bytes] ##########


#4 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 01 September 2016 - 09:36 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Michael (administrator) on MICHAEL-PC (01-09-2016 06:30:48)
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael & UpdatusUser & Scrub & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Datpol) C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [373248 2012-03-28] (Alcor Micro Corp.)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [SpyShelter] => C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe [3509000 2015-04-01] (Datpol)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] => C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
BootExecute: autocheck autochk /r \??\E:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08  No File 
Winsock: Catalog9 01  No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Tcpip\Parameters: [DhcpNameServer] 10.60.4.28 10.10.161.72 10.10.161.73 209.165.131.12
Tcpip\..\Interfaces\{61E47C75-AC17-423F-A637-DBA446C93C16}: [DhcpNameServer] 209.165.131.12 209.165.131.13
Tcpip\..\Interfaces\{F92E4F00-1027-4F9C-A9BA-8C0249861435}: [DhcpNameServer] 10.60.4.28 10.10.161.72 10.10.161.73 209.165.131.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> DefaultScope {0526109F-9D89-42C1-BBDE-94BE0850259F} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> {0526109F-9D89-42C1-BBDE-94BE0850259F} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-01-20] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2015-12-10] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-10] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Michael\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827762118-2228905662-1016877455-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-06-24] (Octoshape ApS)
FF Extension: (Shortly URL Shortner) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\jge0jr5t.default-1466782873907\extensions\shortly@aloshbennett.in.xpi [2016-06-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-05-25]
 
Chrome: 
=======
CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
CHR StartupUrls: Default -> "hxxp://www.google.com","hxxp://mail.ru/cnt/10445?gp=811013"
CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.11
CHR DefaultSearchKeyword: Default -> mail.ru
CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Kaspersky Protection) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-06-24]
CHR Extension: (EarthViewer) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgifojgfignanpkhcigcbfjlfndkmkb [2016-06-30]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-24]
CHR Extension: (goo.gl URL Shortener) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2016-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.ZRFUKBGQPRMBRKHCRSIOZD64ZY - C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-01-20] (Kaspersky Lab ZAO)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 SpyShelterSrv; C:\Program Files (x86)\SpyShelter Premium\SpyShelterSrv.exe [44032 2015-04-01] (Datpol) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-01-20] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-25] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-05-25] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-20] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [422152 2015-04-01] (SpyShelter) [File not signed]
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Premium\SpyshelterKb.sys [169224 2015-03-26] (SpyShelter) [File not signed]
U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-05-02] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-01 06:12 - 2016-09-01 06:12 - 00188953 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-09-01 06:12 - 2016-09-01 06:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-09-01 06:12 - 2016-09-01 06:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-09-01 06:12 - 2016-08-31 13:36 - 29208632 _____ (Tweaking.com) C:\Users\Michael\Desktop\tweaking.com_windows_repair_aio_setup.exe
2016-09-01 05:35 - 2016-09-01 05:35 - 00097680 _____ C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-01 05:31 - 2016-09-01 05:32 - 04920040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-01 04:42 - 2016-09-01 04:44 - 03826240 _____ C:\Users\Michael\Downloads\AdwCleaner.exe
2016-08-31 13:27 - 2016-08-31 13:36 - 29208632 _____ (Tweaking.com) C:\Users\Michael\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-08-31 10:02 - 2016-08-31 10:03 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2016-08-31 09:05 - 2016-08-31 09:06 - 00043303 _____ C:\Users\Michael\Downloads\Addition.txt
2016-08-31 09:03 - 2016-09-01 06:30 - 00022832 _____ C:\Users\Michael\Downloads\FRST.txt
2016-08-31 09:02 - 2016-09-01 06:30 - 00000000 ____D C:\FRST
2016-08-31 09:02 - 2016-08-31 09:02 - 02397696 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2016-08-31 08:45 - 2016-08-31 08:46 - 01747968 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2016-08-31 07:15 - 2016-08-31 12:28 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-30 22:24 - 2016-08-30 22:27 - 02915320 _____ (Google) C:\Users\Michael\Downloads\chrome_cleanup_tool (1).exe
2016-08-30 22:14 - 2016-08-30 22:20 - 22851472 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-08-30 20:58 - 2016-08-30 21:00 - 05198336 _____ (AVAST Software) C:\Users\Michael\Downloads\aswMBR.exe
2016-08-30 20:57 - 2016-08-30 20:58 - 00216170 _____ C:\TDSSKiller.3.1.0.11_30.08.2016_20.57.31_log.txt
2016-08-30 20:55 - 2016-08-30 20:56 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Michael\Downloads\tdsskiller (1).exe
2016-08-30 20:44 - 2016-08-30 20:44 - 00022623 _____ C:\ComboFix.txt
2016-08-30 20:29 - 2016-08-30 20:31 - 05660313 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2016-08-30 18:03 - 2016-08-30 18:03 - 00000000 ____D C:\Program Files\Sound+
2016-08-29 16:39 - 2016-08-29 16:39 - 00000000 ____D C:\Users\Michael\AppData\Local\Deployment
2016-08-29 16:39 - 2016-08-29 16:39 - 00000000 ____D C:\Users\Michael\AppData\Local\Apps\2.0
2016-08-25 17:29 - 2016-08-25 18:04 - 00000000 ____D C:\Users\Michael\Documents\My Kindle Content
2016-08-25 17:29 - 2016-08-25 17:29 - 00002227 _____ C:\Users\Michael\Desktop\Kindle.lnk
2016-08-25 17:29 - 2016-08-25 17:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-08-25 17:29 - 2016-08-25 17:29 - 00000000 ____D C:\Users\Michael\AppData\Local\Amazon
2016-08-25 17:24 - 2016-08-25 17:25 - 66682856 _____ (Amazon.com) C:\Users\Michael\Downloads\KindleForPC-installer-1.17.44170.exe
2016-08-25 16:40 - 2016-08-25 16:40 - 15871862 _____ C:\Users\Michael\Downloads\just-to-be-ith-you.swf
2016-08-25 16:26 - 2016-08-25 16:26 - 09361226 _____ C:\Users\Michael\Desktop\just to be ith you.flv
2016-08-24 10:44 - 2016-08-24 10:46 - 71835963 _____ C:\Users\Michael\Downloads\newscall (3).zip
2016-08-24 10:43 - 2016-08-24 10:43 - 12984571 _____ C:\Users\Michael\Downloads\newscall (2).zip
2016-08-24 10:40 - 2016-08-24 10:40 - 22933984 _____ C:\Users\Michael\Downloads\newscall (1).zip
2016-08-23 07:24 - 2016-08-23 07:24 - 00000000 ____D C:\Users\Michael\Desktop\PSA
2016-08-19 08:38 - 2016-08-30 18:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Maxthon App Store
2016-08-19 08:38 - 2016-08-19 08:38 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-08-19 08:36 - 2016-08-19 08:36 - 01558792 _____ (Maxthon International ltd.) C:\Users\Michael\Downloads\mxsetup.exe
2016-08-18 21:09 - 2016-08-18 21:09 - 77866238 _____ C:\Users\Michael\Downloads\Free_Watercolor_Photoshop_Brushes_6.zip
2016-08-17 05:52 - 2016-07-08 07:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 05:52 - 2016-07-08 07:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-14 18:45 - 2016-08-14 18:45 - 00002029 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2016-08-14 18:45 - 2016-08-14 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2016-08-14 18:44 - 2016-08-14 18:44 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2016-08-14 18:44 - 2016-08-14 18:44 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2016-08-14 18:44 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-08-14 18:44 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-08-10 14:26 - 2016-08-10 14:27 - 105130617 _____ C:\Users\Michael\Downloads\How To Install Replace Do a Front Brake Job 2002-07 Jeep Liberty.mp4
2016-08-10 14:19 - 2016-08-10 14:19 - 27441735 _____ C:\Users\Michael\Downloads\Jeep Liberty Front brakes tutorial.mp4
2016-08-10 14:14 - 2016-08-10 14:14 - 26773539 _____ C:\Users\Michael\Downloads\How to install brake pads on 2012 Jeep Liberty..mp4
2016-08-10 07:33 - 2016-07-08 07:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 07:33 - 2016-07-08 07:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 07:33 - 2016-07-08 07:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 07:33 - 2016-07-08 07:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 07:33 - 2016-07-08 07:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 07:33 - 2016-07-08 07:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 07:33 - 2016-07-08 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 07:33 - 2016-07-08 07:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 07:33 - 2016-07-08 07:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 07:33 - 2016-07-08 06:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 07:33 - 2016-07-08 06:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 07:33 - 2016-07-08 06:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 07:33 - 2016-07-08 06:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 07:33 - 2016-07-08 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 07:33 - 2016-07-08 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-01 06:30 - 2016-05-22 14:12 - 00000000 ____D C:\Users\Michael\Desktop\Security
2016-09-01 06:29 - 2015-01-27 22:44 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2016-09-01 06:26 - 2014-11-24 13:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-01 06:22 - 2016-07-26 08:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA.job
2016-09-01 06:21 - 2009-07-13 21:13 - 00832650 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-01 06:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-09-01 06:14 - 2009-07-13 20:45 - 00028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-01 06:14 - 2009-07-13 20:45 - 00028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-01 06:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-01 06:08 - 2014-11-24 16:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-01 06:04 - 2014-12-11 19:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-01 06:04 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-01 05:53 - 2016-01-14 10:35 - 00000000 ____D C:\AdwCleaner
2016-09-01 05:42 - 2014-11-20 14:46 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E53B5D26-3FD0-4310-8339-A37A7F4B0971}
2016-08-31 17:19 - 2016-04-28 17:01 - 00014848 _____ C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-31 17:14 - 2016-05-21 15:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-31 12:22 - 2016-07-26 08:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core.job
2016-08-31 08:13 - 2016-04-12 06:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-30 22:30 - 2016-06-24 08:54 - 00001343 _____ C:\Users\Michael\Desktop\Google Chrome.lnk
2016-08-30 21:57 - 2015-10-27 08:52 - 00000000 ____D C:\Users\Michael\Desktop\KENI
2016-08-30 21:35 - 2014-11-24 16:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-30 20:44 - 2015-04-26 15:30 - 00000000 ____D C:\Qoobox
2016-08-30 20:42 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-08-30 19:55 - 2015-12-27 22:21 - 00000000 ____D C:\Users\Michael\Downloads\Security
2016-08-30 18:13 - 2016-05-22 14:13 - 00000000 ____D C:\Users\Michael\Desktop\Software
2016-08-30 17:57 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-30 17:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-08-30 05:42 - 2015-03-25 10:48 - 00000000 ____D C:\Users\Scrub
2016-08-30 05:42 - 2015-01-07 19:16 - 00000000 ____D C:\Users\DefaultAppPool
2016-08-30 05:42 - 2014-12-11 19:06 - 00000000 ____D C:\Users\Classic .NET AppPool
2016-08-30 05:33 - 2014-12-11 19:06 - 00000000 ____D C:\Users\UpdatusUser
2016-08-27 20:49 - 2016-06-17 21:15 - 00000000 ____D C:\Users\Michael\Desktop\Songs
2016-08-25 16:18 - 2015-03-09 17:52 - 00000000 ____D C:\Users\Michael\Documents\Adobe
2016-08-23 05:28 - 2015-01-27 21:21 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SpyShelter
2016-08-22 07:48 - 2016-07-17 20:40 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-17 16:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 18:52 - 2016-02-22 00:24 - 10787557 _____ C:\Users\Michael\Downloads\Michael Ortega The Christmas Song Cover.mp4
2016-08-10 11:02 - 2014-12-17 12:58 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 11:02 - 2014-11-24 14:32 - 00000000 ____D C:\Windows\system32\MRT
2016-08-08 13:24 - 2016-06-24 08:54 - 00002388 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-04 13:58 - 2015-07-23 13:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-02 22:05 - 2015-03-25 11:30 - 00000000 ____D C:\Users\Scrub\AppData\Local\CrashDumps
 
==================== Files in the root of some directories =======
 
2014-12-13 21:04 - 2015-04-11 18:02 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-11-05 22:01 - 2015-11-05 22:01 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2015-05-18 18:00 - 2016-02-12 07:51 - 0000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-04-28 17:01 - 2016-08-31 17:19 - 0014848 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-09 10:43 - 2015-10-09 10:43 - 0007633 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-04-22 10:56 - 2015-04-22 10:56 - 0000000 _____ () C:\Users\Michael\AppData\Local\{030BEF1C-EB57-4A72-B894-A2479E90FFEA}
2014-12-12 18:47 - 2014-12-12 18:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. 
 
 
LastRegBack: 2016-08-16 00:42
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Michael (31-08-2016 09:05:14)
Running from C:\Users\Michael\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-12-12 03:53:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1827762118-2228905662-1016877455-500 - Administrator - Disabled)
Guest (S-1-5-21-1827762118-2228905662-1016877455-501 - Limited - Disabled)
Michael (S-1-5-21-1827762118-2228905662-1016877455-1000 - Administrator - Enabled) => C:\Users\Michael
Scrub (S-1-5-21-1827762118-2228905662-1016877455-1004 - Limited - Enabled) => C:\Users\Scrub
UpdatusUser (S-1-5-21-1827762118-2228905662-1016877455-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
$APPNAME> 2.31 (HKLM-x32\...\Bytescout XLS Viewer_is1) (Version: 2.31 - Bytescout Software)
Actron Scanning Suite (HKLM-x32\...\{7572B8A1-72A2-448E-8F69-1A3506800D67}) (Version: 4.000.0025 - Actron)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Production Premium (HKLM-x32\...\{F3E41C2A-3A29-476D-9685-3F8055AF696A}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.1.142.60386 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.1.142.60386 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.13 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BEHRINGER USB AUDIO DRIVER (HKLM\...\USB_AUDIO_DEusb-audio.deBehringer2902) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.01 - NCH Software)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DJ3520FWUpdateAlert (x32 Version: 2.00.0000 - HP) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
Google Chrome (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Infinite HD™ App (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
LG Bridge (HKLM-x32\...\LG Bridge) (Version: 1.2.12 - LG Electronics)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 48.0.1 (x86 en-US) (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla)
NVIDIA 3D Vision Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.00 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.00 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Seterra 4.04 (HKLM-x32\...\{7C7C274C-DBC8-47FE-923F-9AAD59A4F9F4}}_is1) (Version: 4.04 - Marianne Wartoft AB)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpyShelter Premium 9.8 (HKLM\...\SpyShelter_is1) (Version: 9.8 - Datpol)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
Tracktion (HKLM-x32\...\Tracktion4) (Version:  - )
Tracktion 5 (HKLM\...\Tracktion 5) (Version: 5.0.10.0 - Tracktion Software Corp.)
Unity Web Player (HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\7A3873EEB4807FBDE9271D1C3DA50F100D5B8A7D) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\C6554C9DFBD939292E343034D2836B952A9D4B66) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports  (01/07/2010 2.0.0) (HKLM\...\BA81E6D589C849EA72D1C2CF16057B36C83BAEA8) (Version: 01/07/2010 2.0.0 - SPX Service Solutions, Inc)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.32 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Michael\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1A2577B7-4A92-4911-96BE-3D7CBDBF528D} - System32\Tasks\Opera scheduled Autoupdate 1417738648 => C:\Program Files (x86)\Opera\launcher.exe
Task: {26A0E188-DD94-4197-A57C-BE5AC1E6746D} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3B631A38-1BE4-4E23-848D-2C86C0F50D35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {4923A4D6-3C13-426F-9BC1-D8CE3F02EC3D} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-07-10] (ASUSTeK Computer Inc.)
Task: {5428510E-4376-485E-BA18-9D265237B42D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {5942DBA4-B34A-473B-BB98-F878C13A5808} - System32\Tasks\{A62B2A98-1605-4FBF-A15C-D30A07D338CF} => pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp2_MEI_Intel_Win7_64_Z8031427.zip\setup.exe <==== ATTENTION
Task: {59DA36D4-7DB6-4FA4-B696-B87CCD4D61E5} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {60B1700B-A652-40F0-B399-193653A35ACE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {88E2AF89-F57A-419B-9503-5F0977704E0D} - System32\Tasks\{1339ADD2-521B-44C9-B73D-DC1119D7F109} => pcalua.exe -a C:\Users\Michael\AppData\Local\Temp\Temp1_Wireless_Console_3_Win7_64_Z3032.zip\Setup.exe <==== ATTENTION
Task: {950E77F2-BEC1-4898-8A5A-2C8B58B1D3ED} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1827762118-2228905662-1016877455-1000
Task: {9CFF15DC-1D4F-49C4-811E-030B992BA3BD} - System32\Tasks\{71D4116D-E43F-4549-8ACF-D3D72D5468CC} => pcalua.exe -a "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe" -d "C:\Program Files (x86)\Belkin\Router Setup and Monitor"
Task: {A4D11582-BB2B-4282-949F-35AE6440AEE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {B49BC6B8-750B-4988-AC61-1A4579FACF34} - System32\Tasks\{D3A8C991-0F15-43D7-82A6-81E92C4BC188} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\AutoPlayer.exe [2012-12-19] ()
Task: {C1A3C126-D2B3-4A52-A6D3-6603E82EC95B} - System32\Tasks\AdobeAAMUpdater-1.0-Michael-PC-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {D8CC32D7-BA48-47F9-9089-F2B6D932CC08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {E61A9E3F-28F8-4A43-AAE3-2D34CB273EB3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {EF479796-E452-4166-8501-1FBD7F2B3ED8} - System32\Tasks\{460F8355-A3E0-4050-84CA-93495CC95168} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe
Task: {F5742DB0-BB2B-4EAB-8FAA-714274951AD8} - System32\Tasks\{D60A81DC-276A-424E-8CB1-4C913A3C2C85} => pcalua.exe -a "C:\Users\Michael\Downloads\ezgrabbersoftware\EZ Grabber\MPEG4Codec\WMFEncoder.exe" -d "C:\Users\Michael\Downloads\ezgrabbersoftware\EZ Grabber\MPEG4Codec"
Task: {FE47A961-0519-43C2-B63E-D76D4B7C6472} - System32\Tasks\{2E2EE6A7-2456-4AEB-9313-DBAFB723ED9F} => pcalua.exe -a E:\Drivers\Wireless_Console_3_Win7_64_Z3032\vcredist_x86.exe -d E:\Drivers\Wireless_Console_3_Win7_64_Z3032
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1827762118-2228905662-1016877455-1000UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Michael\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
 
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\EarthViewer.lnk -> C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=emgifojgfignanpkhcigcbfjlfndkmkb
ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 12:13 - 2012-02-21 13:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-11-21 12:03 - 2012-07-11 16:51 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-11-21 12:03 - 2012-07-11 16:51 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2016-08-08 13:24 - 2016-08-02 16:24 - 01771336 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 13:24 - 2016-08-02 16:23 - 00094024 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\Application\52.0.2743.116\libegl.dll
2014-11-21 12:13 - 2012-02-21 13:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Michael\AppData\Local\ok2TjM28A:uSPKzKub7Tp1U7bzDWxllfrzj1i [2190]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:63MAdpyY1TlBggcQh5M3 [2090]
AlternateDataStreams: C:\Users\Michael\AppData\Local\Temporary Internet Files:XjdPWZUNKaGV3SPUMB4PcMh [1878]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\...\mpc.am -> hxxp://search.mpc.am
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2016-08-30 20:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.165.131.12 - 209.165.131.13
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D => "C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: HP Deskjet 3520 series (NET) => "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN26D12DRK05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PCShowServer => "C:\Users\Michael\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [{7E6898E5-5496-4804-A40E-1A00071E1801}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E550772D-10A9-417F-A021-606C41DC3DA4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{341719B7-8364-4B3A-86BF-F438F03E3DD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5879BEE3-AA6A-417F-8509-95717A3B8BD9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A49CB21F-1D97-48F4-B4A7-79BADAC3DFFB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1BC8C8E2-BF65-409A-AEAD-66B728082903}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D21F061C-22EB-4019-AD98-4789FB9061D5}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0550FF54-ABB9-47C4-9ADF-97428FC3A1E0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{71492289-B1F0-4628-B46E-68BD00860373}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{272F3B85-75DD-47B7-BBA9-11BFED79DC69}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{F21853DB-D900-440C-B9A3-EC6A4CABFAB7}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7FC37539-7DA0-4198-BB23-0030BC7379AC}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{7A48C20F-9106-4E14-811D-8BF7C39FD613}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DD580075-61B5-4653-A70B-1CD8C014F76E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{81EA210D-FA70-4448-B47C-DA8B17EEF0C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6BDAABB-7E66-4833-850F-66F378D53B5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2DE48B6B-0DFA-4BF8-9E7C-A6C19AF881DB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
FirewallRules: [{DACE6D1C-9F21-4D6B-A21D-BE3C754C9133}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
FirewallRules: [{101791C6-162C-4C37-A526-2819EBD14F9E}] => (Allow) C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{6977555A-8BFC-4B0F-964A-F4C6813BCFB5}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{920CD8F7-9F30-47E1-B88C-536E510A6536}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CDC90B04-9245-4B76-B4DF-F95883CD5EFA}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{ECEB1913-C04F-4ECB-9C89-FE36B2CF178F}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{C22EFED0-5D6A-4564-8467-5EFF03981877}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{A55A67D3-F0AB-44BB-8ECE-3A44FB18F5CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{18FD9D20-821F-492E-A228-E14F44A2F8C0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{26267C13-F6C9-4AD4-8FF4-13C52B13E45C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{C1554CAA-D410-4C91-9521-C710C4636B28}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{D931543B-240E-4896-B5CE-1F40F0FD4141}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{D4715DC5-065B-42D9-8847-6993FB7B2E30}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{B85D5FA5-C902-4528-9246-9D3B9B431118}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{A09C11F5-F8AD-40B4-9D71-472DD5D0920E}] => (Allow) C:\Users\Michael\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{7964C764-603F-4DA8-B342-FB748C188A19}] => (Allow) C:\Users\Michael\AppData\Local\Temp\MPCOnline\MPCDownload.exe
 
==================== Restore Points =========================
 
27-08-2016 03:00:18 Windows Update
27-08-2016 09:50:49 Windows Update
28-08-2016 03:00:16 Windows Update
28-08-2016 08:48:14 Windows Update
28-08-2016 14:27:47 Windows Update
28-08-2016 16:50:26 Windows Update
28-08-2016 23:40:25 Windows Update
29-08-2016 12:37:00 Windows Update
29-08-2016 21:23:50 Windows Update
30-08-2016 10:43:58 Windows Update
31-08-2016 03:00:15 Windows Update
31-08-2016 04:44:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:29 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (08/31/2016 07:37:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:28 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)
 
Error: (08/31/2016 07:37:28 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (08/31/2016 07:37:27 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))
 
 
System errors:
=============
Error: (08/31/2016 08:58:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:58:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:48:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:48:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:38:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:38:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:28:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:28:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:18:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
Error: (08/31/2016 08:18:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-30 20:42:28.753
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 20:42:28.706
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 20:42:28.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-30 20:42:28.612
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.668
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.637
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-08-06 23:55:11.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-26 15:36:59.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-26 15:36:59.813
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 8151.92 MB
Available physical RAM: 4632.2 MB
Total Virtual: 16302.02 MB
Available Virtual: 12162.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.29 GB) (Free:760.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 Michael Ortega

Michael Ortega
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 01 September 2016 - 09:44 AM

I can't  run MBAM I keep getting a runtime error (at 129:109)



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:16 PM

Posted 02 September 2016 - 03:56 AM

Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so.


Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    BootExecute: 
    Winsock: Catalog5 08  No File 
    Winsock: Catalog9 01  No File 
    Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
    Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-1827762118-2228905662-1016877455-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    Toolbar: HKU\S-1-5-21-1827762118-2228905662-1016877455-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    cmd: netsh winsock reset 
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Fix with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

Edited by deeprybka, 02 September 2016 - 04:00 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:16 PM

Posted 07 September 2016 - 11:42 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users